| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.06.2013, 11:02
| #1 |
 |  Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Guten Tag, mein Antivir hat gestern den Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7 gemeldet. Beide wurden in die Quarantäne von Antivir verschoben. Ich benötige Unterstützung bei der Beseitigung der Schädlinge. Gemäß der Anleitung im Thread "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" habe ich Defogger installiert. Ich habe mit OTL einen Scann drüber laufen lassen. Gmer ist beim scannen abgestürzt. OTL.txt Code:
ATTFilter OTL logfile created on: 01.06.2013 11:52:47 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jennifer\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 63,45% Memory free 6,50 Gb Paging File | 5,11 Gb Available in Paging File | 78,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 7,19 Gb Free Space | 14,72% Space Free | Partition Type: NTFS Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32 Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.01 10:26:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.02 10:34:49 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.28 23:04:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 23:04:20 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.28 23:04:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.11.05 22:45:55 | 001,505,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe PRC - [2009.11.05 22:35:26 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2008.07.03 18:10:12 | 001,597,440 | ---- | M] (Hama GmbH & Co KG) -- C:\Programme\Hama\Common\RaUI.exe PRC - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 17:35:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 17:34:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.02.14 09:45:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll MOD - [2013.01.10 20:37:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 20:36:44 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 20:36:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 20:36:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 20:36:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.08.25 22:44:50 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.08.04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2010.06.29 11:31:12 | 000,652,800 | ---- | M] () -- E:\Programme\IZArc\IZArcCM.dll ========== Services (SafeList) ========== SRV - [2013.05.15 16:39:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.28 23:04:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 23:04:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service) SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2007.08.24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2013.03.28 23:04:49 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.28 23:04:49 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.28 23:04:49 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.07.15 14:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.07.07 19:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2009.11.05 22:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E0 96 87 13 A2 CB 01 [binary data] IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 95 3B DB 3F 23 CE 01 [binary data] IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:27:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.31 08:42:17 | 000,000,000 | ---D | M] [2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions [2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\kn3gu7ao.default\extensions [2012.06.23 18:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.07.24 09:44:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.15 19:03:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.16 20:50:03 | 000,446,020 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15316 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [GarminExpressTrayApp] E:\Program Files\Garmin\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6020D34-9C42-44B9-89C9-5210E7F997A0}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.11.23 12:49:28 | 000,000,077 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.11.01 16:25:14 | 000,000,000 | ---D | M] - F:\Autoralley -- [ NTFS ] O33 - MountPoints2\{d71635f9-0be5-11e0-8f34-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d71635f9-0be5-11e0-8f34-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Msetup4.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.19 19:06:17 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\Garmin [2013.05.19 19:01:14 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Neuer Ordner [2013.05.19 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin [2013.05.19 18:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.05.19 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.05.16 11:01:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 11:01:29 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 11:01:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 11:01:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 11:01:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 11:01:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 11:01:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 11:01:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.16 11:01:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 11:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 09:12:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.16 09:12:01 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.16 09:11:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.16 09:11:55 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.16 09:11:55 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe ========== Files - Modified Within 30 Days ========== [2013.06.01 11:53:37 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 11:53:37 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 11:45:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.01 11:45:33 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys [2013.06.01 11:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.01 10:24:43 | 000,000,000 | ---- | M] () -- C:\Users\Raphael\defogger_reenable [2013.05.19 18:55:05 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk [2013.05.19 10:57:39 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.19 10:57:39 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.19 10:57:39 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.19 10:57:39 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.16 17:34:10 | 000,439,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 16:39:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 16:39:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.13 19:32:43 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Gameforge Live.lnk ========== Files Created - No Company Name ========== [2013.06.01 10:24:43 | 000,000,000 | ---- | C] () -- C:\Users\Raphael\defogger_reenable [2013.05.19 18:55:05 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk [2011.03.17 21:46:31 | 000,000,680 | RHS- | C] () -- C:\Users\Raphael\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.05 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\FOG Downloader [2013.05.19 19:03:14 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Garmin [2011.03.23 16:02:32 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org [2012.10.30 12:45:22 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\pdfforge [2010.12.29 18:55:09 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\FOG Downloader [2013.05.19 18:55:11 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Garmin [2011.02.15 19:04:18 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\OpenOffice.org [2012.10.30 12:43:52 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\pdfforge [2011.03.03 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.06.2013 11:52:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jennifer\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 63,45% Memory free
6,50 Gb Paging File | 5,11 Gb Available in Paging File | 78,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,19 Gb Free Space | 14,72% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "H:\Cewe\dm-Fotowelt\dm-Fotowelt.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Foto Paradies] -- "F:\cewe\dm\dm-Fotowelt\Foto Paradies.exe" "%1" ()
Directory [Mein CEWE FOTOBUCH] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2B414A-3D8B-40BA-9359-3C33226577AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D1939E5-B494-4359-AB9B-9E9E93EA5977}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C63C50C-7713-418F-B076-4845B9FBC55A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3041C936-470B-46D9-8A1B-3F5CBBDE787D}" = rport=445 | protocol=6 | dir=out | app=system |
"{432ED99F-DF16-41CE-BBDA-72E22C30DE92}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47B5CE20-8D1B-4AB6-B798-C3B5BB30A681}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5429D7EE-F395-466B-B3A8-BE06E1C406B0}" = lport=138 | protocol=17 | dir=in | app=system |
"{62E05942-54F7-4EBF-B337-7544EF52AC97}" = lport=139 | protocol=6 | dir=in | app=system |
"{638E6196-DF8D-468A-AE6C-493A33F0877E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71AE9208-60B3-4B97-B639-43D681446DE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7ECFAD41-01FC-4703-94A0-0A7EF4D7DF90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9268442A-E994-4DE0-9581-300C3F5D5CFB}" = lport=137 | protocol=17 | dir=in | app=system |
"{93E1C0FF-A251-420C-AB0A-F37F305F1CC5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{95C0894C-3A40-458E-8C46-F2E5587CCD69}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B2C5559-05D6-4983-A10D-78EF2ABF8504}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A35D4A88-7CFE-44A7-9E23-C21EB32AA79D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3E080BC-ED8F-4540-9B0F-825C91D1C66C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3D2B7B9-406F-4F46-9449-9F0A496BC8C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DEEFA361-8A7E-4C57-82DA-67AA60741CFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2F073BE-AFAD-403B-A9DE-E4A5DDC9CFCB}" = rport=138 | protocol=17 | dir=out | app=system |
"{F198FB6B-2701-4C0B-878D-EA875CC32168}" = rport=137 | protocol=17 | dir=out | app=system |
"{FBDE392B-69A4-41A3-824D-D16F5ED9722B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050F3611-BF59-4F16-8567-3464B7E80D78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14288556-9311-45B5-9096-3E916551D52B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1A84EF6B-ADB5-4E79-B507-D2195690AB82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{26AD5F6E-C6F5-4BCD-BA63-1E40CACA8E04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{520E672D-4167-4D75-95FD-AE1041A18C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8270593D-8A4A-49E7-81BE-D4C2D7EF9951}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87C4DE77-60FE-403E-A2A9-2C9EC48B6D14}" = protocol=6 | dir=out | app=system |
"{8AD696AD-E23C-4C35-BD54-81ED0CCC3D80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D48E281-ED96-4006-B9DF-A646470C2FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9906632A-D70C-4D8B-A265-FBEEBA585A5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A1EE4A09-9552-4D75-B301-F7DE27A6F45D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A49342C5-C84A-4310-A88C-9C457FADD0CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B85C07E4-DD81-427A-BAF3-789B17CBCEF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFED79BE-E46E-4DCB-8C05-CDA058A4CB55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2ED17D4-F836-43AE-B6F9-8C0377FE6642}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CDD03498-7A8F-428B-B4D7-589A46DCD8DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CFDA44FA-510F-4ADF-BA43-ABF5FEFBDC18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E80B11D0-1013-4DA2-B91C-3AF81AFB1914}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F69A80A9-3329-4975-A1BF-0FCEB1EB05C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA513E17-7362-44AF-8BB9-FD06675EA418}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF148A5A-D34C-45CA-86C0-682D764DA95C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{8A7455F9-85C1-4A75-B6C2-EAE44775E499}E:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\program files\runes of magic\client.exe |
"TCP Query User{9B131DDB-C3B2-40A4-AEA6-204BD12B76AD}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe |
"TCP Query User{B7BB0A1C-8E91-4CC3-A67F-6B6CC34EA13A}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe |
"UDP Query User{5A10F57B-746F-4096-89BA-AAC9970FD063}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe |
"UDP Query User{C464BDB6-7DE6-485D-80DA-D35E25B518EC}E:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\program files\runes of magic\client.exe |
"UDP Query User{F2864DC7-95BF-4853-AEF0-6CED531A48FF}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{06092909-8851-C581-F990-7195076FDAEF}" = CCC Help Czech
"{0CA04779-346C-30FD-EB9B-8EEA2CE094B3}" = CCC Help Thai
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1B3B5C60-70B8-F022-5497-03FD2772586C}" = CCC Help Greek
"{1C160168-BF5B-72FE-BAFA-6DD5F737404C}" = CCC Help Chinese Standard
"{1ED3EBF6-A130-4B3B-B01A-C29B067798B3}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{278AD90C-D27D-AA89-58DF-AD13852D51CA}" = CCC Help Spanish
"{2CDBFF1A-6433-E94D-CA25-831FDB9775E9}" = CCC Help Italian
"{31DED885-1124-0E58-97FB-73E4EF692E8D}" = CCC Help Hungarian
"{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static
"{38D65ABC-A00B-6E13-2EF3-826CFC8CFC14}" = CCC Help French
"{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEBD42E-4DC7-A874-645B-28B63907E930}" = ATI AVIVO Codecs
"{3F8B39A4-B7CE-B036-941C-A8DB57676B04}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF9BBA-E137-7309-7BF9-567ADAB6B4E6}" = CCC Help Turkish
"{51AD839D-CE11-B9E3-227D-03BC89F227C8}" = CCC Help Danish
"{55043DDE-D718-C7F7-9B4C-2B3D818D8A1F}" = Catalyst Control Center InstallProxy
"{5774B4C1-8579-D5D9-8D38-A0CE32B6736C}" = CCC Help German
"{5D19BB0D-9B04-5B85-9295-4E11BCB1C2C3}" = CCC Help Polish
"{5D8A076D-F75E-A149-10D8-87338721AA3A}" = ATI Catalyst Install Manager
"{60341104-FC8E-EF26-12CB-93B17DF55976}" = CCC Help Japanese
"{62161867-51F1-9FB8-0E6E-FE49D89CBB71}" = CCC Help Dutch
"{6494E146-418F-85E1-142E-D2F122C75274}" = ccc-utility
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{6A7E9B60-4698-F505-CAD3-05F8AB22FB61}" = CCC Help Russian
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common
"{7CE47764-9A8F-380D-FB9E-FCFC37B9F727}" = CCC Help Korean
"{85D27E0C-6185-58BC-94B6-E5EED97962D8}" = AMD Drag and Drop Transcoding
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9ED77550-AF66-2B7E-97E1-34B3BFDEAC6D}" = CCC Help Swedish
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E6252F-8DC2-B508-D412-1C427CDB3448}" = CCC Help Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCB6F9DC-A0FF-621E-DE53-877E63864DD1}" = CCC Help Chinese Traditional
"{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Ceville" = Ceville 1.0
"dm-Fotowelt" = dm-Fotowelt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foto Paradies" = Foto Paradies
"Jack Keane" = Jack Keane
"Jewels of Atlantis/DE-German_is1" = Jewels of Atlantis
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"S4Uninst" = Die Siedler IV
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.05.2013 03:43:24 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 20.05.2013 11:48:55 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 21.05.2013 12:11:08 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 23.05.2013 04:33:50 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 24.05.2013 07:36:24 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 26.05.2013 14:04:42 | Computer Name = Jennifer-PC | Source = Windows Backup | ID = 4104
Description =
Error - 27.05.2013 11:00:45 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 28.05.2013 09:34:58 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 29.05.2013 17:38:27 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
- search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 01.06.2013 05:19:30 | Computer Name = Jennifer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0,
Zeitstempel: 0x515d31f0 Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version:
2.1.19163.0, Zeitstempel: 0x515d31f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012288
ID
des fehlerhaften Prozesses: 0x8c8 Startzeit der fehlerhaften Anwendung: 0x01ce5ea8fadf6e54
Pfad
der fehlerhaften Anwendung: C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe Pfad des
fehlerhaften Moduls: C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe Berichtskennung:
5cc5ea58-ca9c-11e2-af58-6c626d75ece4
[ OSession Events ]
Error - 02.07.2011 16:14:35 | Computer Name = Jennifer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2773
seconds with 1920 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 22.05.2013 03:28:15 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 22.05.2013 12:09:42 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 23.05.2013 09:22:11 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 24.05.2013 05:40:09 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 24.05.2013 10:45:54 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 27.05.2013 10:59:16 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 27.05.2013 11:18:04 | Computer Name = Jennifer-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?05.?2013 um 17:11:57 unerwartet heruntergefahren.
Error - 29.05.2013 17:40:05 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 29.05.2013 17:56:46 | Computer Name = Jennifer-PC | Source = DCOM | ID = 10010
Description =
Error - 30.05.2013 05:40:49 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Gruß Sere |
|
01.06.2013, 11:56
| #2 |
| /// the machine /// TB-Ausbilder    | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Hi,
__________________Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
01.06.2013, 12:21
| #3 |
| | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Hallo Schrauber,
__________________erstmal Danke für deine Unterstützung. TDSSKiller: Code:
ATTFilter 13:12:29.0204 3752 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:12:29.0422 3752 ============================================================
13:12:29.0422 3752 Current date / time: 2013/06/01 13:12:29.0422
13:12:29.0422 3752 SystemInfo:
13:12:29.0422 3752
13:12:29.0422 3752 OS Version: 6.1.7601 ServicePack: 1.0
13:12:29.0422 3752 Product type: Workstation
13:12:29.0422 3752 ComputerName: JENNIFER-PC
13:12:29.0422 3752 UserName: Raphael
13:12:29.0422 3752 Windows directory: C:\Windows
13:12:29.0422 3752 System windows directory: C:\Windows
13:12:29.0422 3752 Processor architecture: Intel x86
13:12:29.0422 3752 Number of processors: 4
13:12:29.0422 3752 Page size: 0x1000
13:12:29.0422 3752 Boot type: Normal boot
13:12:29.0422 3752 ============================================================
13:12:30.0655 3752 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:12:30.0655 3752 Drive \Device\Harddisk1\DR1 - Size: 0x76C000000 (29.69 Gb), SectorSize: 0x200, Cylinders: 0xF23, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:12:30.0655 3752 ============================================================
13:12:30.0655 3752 \Device\Harddisk0\DR0:
13:12:30.0655 3752 MBR partitions:
13:12:30.0655 3752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
13:12:30.0655 3752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A8000, BlocksNum 0x186A0000
13:12:30.0655 3752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E848000, BlocksNum 0x1BB3D000
13:12:30.0655 3752 \Device\Harddisk1\DR1:
13:12:30.0655 3752 MBR partitions:
13:12:30.0655 3752 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x60, BlocksNum 0x3B5FFA0
13:12:30.0655 3752 ============================================================
13:12:30.0686 3752 C: <-> \Device\Harddisk0\DR0\Partition1
13:12:30.0701 3752 E: <-> \Device\Harddisk0\DR0\Partition2
13:12:30.0717 3752 F: <-> \Device\Harddisk0\DR0\Partition3
13:12:30.0717 3752 ============================================================
13:12:30.0717 3752 Initialize success
13:12:30.0717 3752 ============================================================
13:13:28.0889 3452 ============================================================
13:13:28.0889 3452 Scan started
13:13:28.0889 3452 Mode: Manual;
13:13:28.0889 3452 ============================================================
13:13:29.0529 3452 ================ Scan system memory ========================
13:13:29.0529 3452 System memory - ok
13:13:29.0529 3452 ================ Scan services =============================
13:13:29.0654 3452 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:13:29.0669 3452 1394ohci - ok
13:13:29.0701 3452 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:13:29.0701 3452 ACPI - ok
13:13:29.0732 3452 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:13:29.0732 3452 AcpiPmi - ok
13:13:29.0794 3452 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:13:29.0794 3452 AdobeARMservice - ok
13:13:29.0857 3452 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:13:29.0888 3452 AdobeFlashPlayerUpdateSvc - ok
13:13:29.0919 3452 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:13:29.0935 3452 adp94xx - ok
13:13:29.0950 3452 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:13:29.0966 3452 adpahci - ok
13:13:29.0981 3452 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:13:29.0981 3452 adpu320 - ok
13:13:30.0013 3452 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:13:30.0013 3452 AeLookupSvc - ok
13:13:30.0059 3452 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:13:30.0091 3452 AFD - ok
13:13:30.0122 3452 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:13:30.0137 3452 agp440 - ok
13:13:30.0153 3452 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:13:30.0153 3452 aic78xx - ok
13:13:30.0169 3452 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:13:30.0184 3452 ALG - ok
13:13:30.0184 3452 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:13:30.0200 3452 aliide - ok
13:13:30.0231 3452 [ 369FC70BDBAA2D13E0E66647E14CECEF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:13:30.0231 3452 AMD External Events Utility - ok
13:13:30.0247 3452 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:13:30.0247 3452 amdagp - ok
13:13:30.0262 3452 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:13:30.0262 3452 amdide - ok
13:13:30.0278 3452 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:13:30.0293 3452 AmdK8 - ok
13:13:30.0434 3452 [ DA3CF5B94AD09290896E2B73DF6D4173 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:13:30.0715 3452 amdkmdag - ok
13:13:30.0730 3452 [ 46A3F55772FD2D1526994693AE352579 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:13:30.0746 3452 amdkmdap - ok
13:13:30.0777 3452 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:13:30.0777 3452 AmdPPM - ok
13:13:30.0793 3452 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:13:30.0808 3452 amdsata - ok
13:13:30.0824 3452 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:13:30.0839 3452 amdsbs - ok
13:13:30.0871 3452 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:13:30.0871 3452 amdxata - ok
13:13:30.0933 3452 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:13:30.0933 3452 AntiVirSchedulerService - ok
13:13:30.0980 3452 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:13:30.0980 3452 AntiVirService - ok
13:13:31.0011 3452 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:13:31.0011 3452 AppID - ok
13:13:31.0058 3452 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:13:31.0058 3452 AppIDSvc - ok
13:13:31.0089 3452 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
13:13:31.0105 3452 Appinfo - ok
13:13:31.0120 3452 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:13:31.0136 3452 arc - ok
13:13:31.0151 3452 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:13:31.0151 3452 arcsas - ok
13:13:31.0167 3452 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:13:31.0167 3452 AsyncMac - ok
13:13:31.0183 3452 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:13:31.0183 3452 atapi - ok
13:13:31.0214 3452 [ 7B4342936A3885CFE18E5D1DF6D55BC5 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
13:13:31.0229 3452 AtiHDAudioService - ok
13:13:31.0261 3452 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:13:31.0276 3452 AudioEndpointBuilder - ok
13:13:31.0292 3452 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:13:31.0292 3452 Audiosrv - ok
13:13:31.0354 3452 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:13:31.0370 3452 avgntflt - ok
13:13:31.0401 3452 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:13:31.0417 3452 avipbb - ok
13:13:31.0463 3452 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:13:31.0479 3452 avkmgr - ok
13:13:31.0510 3452 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:13:31.0510 3452 AxInstSV - ok
13:13:31.0526 3452 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:13:31.0541 3452 b06bdrv - ok
13:13:31.0557 3452 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:13:31.0573 3452 b57nd60x - ok
13:13:31.0588 3452 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:13:31.0604 3452 BDESVC - ok
13:13:31.0619 3452 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:13:31.0619 3452 Beep - ok
13:13:31.0666 3452 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:13:31.0713 3452 BFE - ok
13:13:31.0744 3452 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
13:13:31.0744 3452 BITS - ok
13:13:31.0760 3452 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:13:31.0760 3452 blbdrive - ok
13:13:31.0807 3452 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:13:31.0807 3452 bowser - ok
13:13:31.0822 3452 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:13:31.0822 3452 BrFiltLo - ok
13:13:31.0838 3452 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:13:31.0838 3452 BrFiltUp - ok
13:13:31.0853 3452 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
13:13:31.0869 3452 Browser - ok
13:13:31.0885 3452 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:13:31.0900 3452 Brserid - ok
13:13:31.0900 3452 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:13:31.0916 3452 BrSerWdm - ok
13:13:31.0916 3452 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:13:31.0916 3452 BrUsbMdm - ok
13:13:31.0931 3452 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:13:31.0931 3452 BrUsbSer - ok
13:13:31.0931 3452 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:13:31.0931 3452 BTHMODEM - ok
13:13:31.0947 3452 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:13:31.0947 3452 bthserv - ok
13:13:31.0963 3452 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:13:31.0978 3452 cdfs - ok
13:13:32.0025 3452 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:13:32.0041 3452 cdrom - ok
13:13:32.0072 3452 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:13:32.0087 3452 CertPropSvc - ok
13:13:32.0087 3452 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:13:32.0103 3452 circlass - ok
13:13:32.0119 3452 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:13:32.0134 3452 CLFS - ok
13:13:32.0181 3452 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:32.0197 3452 clr_optimization_v2.0.50727_32 - ok
13:13:32.0259 3452 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:13:32.0290 3452 clr_optimization_v4.0.30319_32 - ok
13:13:32.0306 3452 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:13:32.0306 3452 CmBatt - ok
13:13:32.0337 3452 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:13:32.0353 3452 cmdide - ok
13:13:32.0368 3452 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
13:13:32.0384 3452 CNG - ok
13:13:32.0384 3452 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:13:32.0399 3452 Compbatt - ok
13:13:32.0415 3452 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:13:32.0431 3452 CompositeBus - ok
13:13:32.0446 3452 COMSysApp - ok
13:13:32.0462 3452 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:13:32.0477 3452 crcdisk - ok
13:13:32.0509 3452 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:13:32.0509 3452 CryptSvc - ok
13:13:32.0555 3452 [ 91C1736E77CFF029302728B431D0EEDB ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:13:32.0555 3452 dc3d - ok
13:13:32.0602 3452 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:13:32.0602 3452 DcomLaunch - ok
13:13:32.0618 3452 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:13:32.0633 3452 defragsvc - ok
13:13:32.0665 3452 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:13:32.0665 3452 DfsC - ok
13:13:32.0696 3452 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:13:32.0711 3452 Dhcp - ok
13:13:32.0727 3452 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:13:32.0727 3452 discache - ok
13:13:32.0758 3452 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:13:32.0758 3452 Disk - ok
13:13:32.0789 3452 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:13:32.0789 3452 Dnscache - ok
13:13:32.0821 3452 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:13:32.0836 3452 dot3svc - ok
13:13:32.0867 3452 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:13:32.0867 3452 DPS - ok
13:13:32.0883 3452 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:13:32.0883 3452 drmkaud - ok
13:13:32.0930 3452 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:13:32.0961 3452 DXGKrnl - ok
13:13:32.0992 3452 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:13:33.0008 3452 EapHost - ok
13:13:33.0101 3452 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:13:33.0164 3452 ebdrv - ok
13:13:33.0179 3452 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:13:33.0179 3452 EFS - ok
13:13:33.0211 3452 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:13:33.0257 3452 ehRecvr - ok
13:13:33.0273 3452 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:13:33.0289 3452 ehSched - ok
13:13:33.0304 3452 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:13:33.0320 3452 elxstor - ok
13:13:33.0335 3452 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:13:33.0335 3452 ErrDev - ok
13:13:33.0367 3452 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:13:33.0382 3452 EventSystem - ok
13:13:33.0398 3452 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:13:33.0413 3452 exfat - ok
13:13:33.0413 3452 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:13:33.0429 3452 fastfat - ok
13:13:33.0460 3452 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:13:33.0476 3452 Fax - ok
13:13:33.0476 3452 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:13:33.0491 3452 fdc - ok
13:13:33.0507 3452 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:13:33.0507 3452 fdPHost - ok
13:13:33.0507 3452 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:13:33.0523 3452 FDResPub - ok
13:13:33.0538 3452 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:13:33.0538 3452 FileInfo - ok
13:13:33.0554 3452 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:13:33.0554 3452 Filetrace - ok
13:13:33.0569 3452 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:13:33.0569 3452 flpydisk - ok
13:13:33.0585 3452 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:13:33.0601 3452 FltMgr - ok
13:13:33.0632 3452 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
13:13:33.0679 3452 FontCache - ok
13:13:33.0725 3452 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:33.0741 3452 FontCache3.0.0.0 - ok
13:13:33.0757 3452 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:13:33.0757 3452 FsDepends - ok
13:13:33.0788 3452 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:13:33.0788 3452 Fs_Rec - ok
13:13:33.0819 3452 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:13:33.0835 3452 fvevol - ok
13:13:33.0850 3452 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:13:33.0866 3452 gagp30kx - ok
13:13:33.0944 3452 [ 2973B4EB7BE10A0D491B2037DCAAE88F ] Garmin Core Update Service E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
13:13:33.0944 3452 Garmin Core Update Service - ok
13:13:33.0975 3452 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:13:34.0037 3452 gpsvc - ok
13:13:34.0053 3452 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:13:34.0053 3452 hcw85cir - ok
13:13:34.0100 3452 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:13:34.0115 3452 HdAudAddService - ok
13:13:34.0131 3452 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:13:34.0131 3452 HDAudBus - ok
13:13:34.0147 3452 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:13:34.0147 3452 HidBatt - ok
13:13:34.0162 3452 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:13:34.0178 3452 HidBth - ok
13:13:34.0193 3452 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:13:34.0209 3452 HidIr - ok
13:13:34.0225 3452 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
13:13:34.0225 3452 hidserv - ok
13:13:34.0256 3452 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:13:34.0256 3452 HidUsb - ok
13:13:34.0287 3452 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:13:34.0303 3452 hkmsvc - ok
13:13:34.0318 3452 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:13:34.0334 3452 HomeGroupListener - ok
13:13:34.0365 3452 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:13:34.0381 3452 HomeGroupProvider - ok
13:13:34.0396 3452 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:13:34.0412 3452 HpSAMD - ok
13:13:34.0443 3452 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:13:34.0459 3452 HTTP - ok
13:13:34.0490 3452 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:13:34.0490 3452 hwpolicy - ok
13:13:34.0521 3452 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:13:34.0537 3452 i8042prt - ok
13:13:34.0552 3452 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:13:34.0568 3452 iaStorV - ok
13:13:34.0615 3452 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:13:34.0677 3452 idsvc - ok
13:13:34.0693 3452 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:13:34.0693 3452 iirsp - ok
13:13:34.0739 3452 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:13:34.0771 3452 IKEEXT - ok
13:13:34.0802 3452 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:13:34.0802 3452 intelide - ok
13:13:34.0817 3452 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:13:34.0833 3452 intelppm - ok
13:13:34.0849 3452 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:13:34.0864 3452 IPBusEnum - ok
13:13:34.0880 3452 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:13:34.0880 3452 IpFilterDriver - ok
13:13:34.0895 3452 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:13:34.0911 3452 iphlpsvc - ok
13:13:34.0927 3452 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:13:34.0927 3452 IPMIDRV - ok
13:13:34.0942 3452 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:13:34.0958 3452 IPNAT - ok
13:13:34.0973 3452 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:13:34.0973 3452 IRENUM - ok
13:13:35.0005 3452 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:13:35.0005 3452 isapnp - ok
13:13:35.0020 3452 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:13:35.0036 3452 iScsiPrt - ok
13:13:35.0051 3452 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:13:35.0067 3452 kbdclass - ok
13:13:35.0098 3452 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:13:35.0114 3452 kbdhid - ok
13:13:35.0129 3452 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:13:35.0129 3452 KeyIso - ok
13:13:35.0161 3452 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:13:35.0161 3452 KSecDD - ok
13:13:35.0192 3452 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:13:35.0207 3452 KSecPkg - ok
13:13:35.0207 3452 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:13:35.0223 3452 KtmRm - ok
13:13:35.0270 3452 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
13:13:35.0285 3452 LanmanServer - ok
13:13:35.0301 3452 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:13:35.0317 3452 LanmanWorkstation - ok
13:13:35.0332 3452 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:13:35.0348 3452 lltdio - ok
13:13:35.0363 3452 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:13:35.0363 3452 lltdsvc - ok
13:13:35.0379 3452 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:13:35.0395 3452 lmhosts - ok
13:13:35.0410 3452 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:13:35.0410 3452 LSI_FC - ok
13:13:35.0426 3452 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:13:35.0426 3452 LSI_SAS - ok
13:13:35.0457 3452 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:13:35.0457 3452 LSI_SAS2 - ok
13:13:35.0473 3452 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:13:35.0473 3452 LSI_SCSI - ok
13:13:35.0488 3452 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:13:35.0488 3452 luafv - ok
13:13:35.0519 3452 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:13:35.0519 3452 Mcx2Svc - ok
13:13:35.0535 3452 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:13:35.0535 3452 megasas - ok
13:13:35.0551 3452 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:13:35.0551 3452 MegaSR - ok
13:13:35.0629 3452 [ 033B947AF4A997820E86FCB070B1F450 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:13:35.0644 3452 Microsoft Office Groove Audit Service - ok
13:13:35.0660 3452 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:13:35.0660 3452 MMCSS - ok
13:13:35.0675 3452 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:13:35.0675 3452 Modem - ok
13:13:35.0691 3452 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:13:35.0691 3452 monitor - ok
13:13:35.0707 3452 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:13:35.0722 3452 mouclass - ok
13:13:35.0722 3452 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:13:35.0738 3452 mouhid - ok
13:13:35.0753 3452 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:13:35.0769 3452 mountmgr - ok
13:13:35.0816 3452 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:13:35.0831 3452 MozillaMaintenance - ok
13:13:35.0863 3452 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:13:35.0863 3452 mpio - ok
13:13:35.0894 3452 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:13:35.0894 3452 mpsdrv - ok
13:13:35.0925 3452 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:13:35.0956 3452 MpsSvc - ok
13:13:35.0972 3452 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:13:35.0987 3452 MRxDAV - ok
13:13:36.0003 3452 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:13:36.0019 3452 mrxsmb - ok
13:13:36.0050 3452 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:13:36.0065 3452 mrxsmb10 - ok
13:13:36.0065 3452 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:13:36.0081 3452 mrxsmb20 - ok
13:13:36.0097 3452 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:13:36.0112 3452 msahci - ok
13:13:36.0143 3452 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:13:36.0143 3452 msdsm - ok
13:13:36.0175 3452 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:13:36.0190 3452 MSDTC - ok
13:13:36.0206 3452 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:13:36.0206 3452 Msfs - ok
13:13:36.0221 3452 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:13:36.0237 3452 mshidkmdf - ok
13:13:36.0253 3452 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:13:36.0253 3452 msisadrv - ok
13:13:36.0284 3452 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:13:36.0284 3452 MSiSCSI - ok
13:13:36.0299 3452 msiserver - ok
13:13:36.0315 3452 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:13:36.0315 3452 MSKSSRV - ok
13:13:36.0331 3452 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:13:36.0346 3452 MSPCLOCK - ok
13:13:36.0346 3452 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:13:36.0346 3452 MSPQM - ok
13:13:36.0362 3452 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:13:36.0362 3452 MsRPC - ok
13:13:36.0377 3452 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:13:36.0377 3452 mssmbios - ok
13:13:36.0393 3452 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:13:36.0393 3452 MSTEE - ok
13:13:36.0393 3452 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:13:36.0409 3452 MTConfig - ok
13:13:36.0409 3452 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:13:36.0424 3452 Mup - ok
13:13:36.0440 3452 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:13:36.0455 3452 napagent - ok
13:13:36.0471 3452 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:13:36.0487 3452 NativeWifiP - ok
13:13:36.0533 3452 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:13:36.0549 3452 NDIS - ok
13:13:36.0565 3452 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:13:36.0580 3452 NdisCap - ok
13:13:36.0580 3452 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:13:36.0596 3452 NdisTapi - ok
13:13:36.0611 3452 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:13:36.0611 3452 Ndisuio - ok
13:13:36.0643 3452 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:13:36.0658 3452 NdisWan - ok
13:13:36.0689 3452 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:13:36.0705 3452 NDProxy - ok
13:13:36.0705 3452 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:13:36.0721 3452 NetBIOS - ok
13:13:36.0736 3452 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:13:36.0752 3452 NetBT - ok
13:13:36.0767 3452 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:13:36.0767 3452 Netlogon - ok
13:13:36.0799 3452 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:13:36.0814 3452 Netman - ok
13:13:36.0830 3452 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:13:36.0892 3452 netprofm - ok
13:13:36.0923 3452 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
13:13:36.0970 3452 netr28u - ok
13:13:37.0001 3452 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:13:37.0017 3452 NetTcpPortSharing - ok
13:13:37.0033 3452 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:13:37.0033 3452 nfrd960 - ok
13:13:37.0048 3452 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
13:13:37.0064 3452 NlaSvc - ok
13:13:37.0079 3452 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:13:37.0079 3452 Npfs - ok
13:13:37.0079 3452 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:13:37.0095 3452 nsi - ok
13:13:37.0095 3452 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:13:37.0111 3452 nsiproxy - ok
13:13:37.0142 3452 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:13:37.0204 3452 Ntfs - ok
13:13:37.0204 3452 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:13:37.0204 3452 Null - ok
13:13:37.0251 3452 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:13:37.0267 3452 nvraid - ok
13:13:37.0298 3452 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:13:37.0313 3452 nvstor - ok
13:13:37.0345 3452 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:13:37.0360 3452 nv_agp - ok
13:13:37.0423 3452 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:13:37.0454 3452 odserv - ok
13:13:37.0485 3452 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:13:37.0485 3452 ohci1394 - ok
13:13:37.0532 3452 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:13:37.0532 3452 ose - ok
13:13:37.0563 3452 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:13:37.0563 3452 p2pimsvc - ok
13:13:37.0579 3452 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:13:37.0594 3452 p2psvc - ok
13:13:37.0610 3452 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:13:37.0625 3452 Parport - ok
13:13:37.0641 3452 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:13:37.0657 3452 partmgr - ok
13:13:37.0657 3452 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:13:37.0672 3452 Parvdm - ok
13:13:37.0672 3452 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:13:37.0688 3452 PcaSvc - ok
13:13:37.0719 3452 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:13:37.0719 3452 pci - ok
13:13:37.0735 3452 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:13:37.0735 3452 pciide - ok
13:13:37.0750 3452 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:13:37.0766 3452 pcmcia - ok
13:13:37.0766 3452 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:13:37.0781 3452 pcw - ok
13:13:37.0797 3452 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:13:37.0828 3452 PEAUTH - ok
13:13:37.0891 3452 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:13:37.0937 3452 pla - ok
13:13:37.0969 3452 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:13:38.0000 3452 PlugPlay - ok
13:13:38.0000 3452 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:13:38.0015 3452 PNRPAutoReg - ok
13:13:38.0015 3452 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:13:38.0015 3452 PNRPsvc - ok
13:13:38.0047 3452 [ 04DF0452FBEDEDF9297FD2E5440CB3C9 ] Point32 C:\Windows\system32\DRIVERS\point32k.sys
13:13:38.0047 3452 Point32 - ok
13:13:38.0062 3452 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:13:38.0062 3452 PolicyAgent - ok
13:13:38.0093 3452 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:13:38.0093 3452 Power - ok
13:13:38.0109 3452 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:13:38.0109 3452 PptpMiniport - ok
13:13:38.0125 3452 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:13:38.0125 3452 Processor - ok
13:13:38.0156 3452 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
13:13:38.0171 3452 ProfSvc - ok
13:13:38.0171 3452 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:13:38.0187 3452 ProtectedStorage - ok
13:13:38.0203 3452 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:13:38.0203 3452 Psched - ok
13:13:38.0249 3452 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:13:38.0327 3452 ql2300 - ok
13:13:38.0343 3452 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:13:38.0359 3452 ql40xx - ok
13:13:38.0374 3452 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:13:38.0390 3452 QWAVE - ok
13:13:38.0405 3452 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:13:38.0405 3452 QWAVEdrv - ok
13:13:38.0452 3452 [ 432F5B15E21A54B48072593F03570326 ] RalinkRegistryWriter C:\Program Files\Hama\Common\RalinkRegistryWriter.exe
13:13:38.0452 3452 RalinkRegistryWriter - ok
13:13:38.0468 3452 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:13:38.0468 3452 RasAcd - ok
13:13:38.0499 3452 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:13:38.0499 3452 RasAgileVpn - ok
13:13:38.0515 3452 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:13:38.0530 3452 RasAuto - ok
13:13:38.0530 3452 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:13:38.0546 3452 Rasl2tp - ok
13:13:38.0561 3452 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
13:13:38.0577 3452 RasMan - ok
13:13:38.0593 3452 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:13:38.0593 3452 RasPppoe - ok
13:13:38.0608 3452 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:13:38.0608 3452 RasSstp - ok
13:13:38.0624 3452 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:13:38.0639 3452 rdbss - ok
13:13:38.0639 3452 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:13:38.0655 3452 rdpbus - ok
13:13:38.0671 3452 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:13:38.0671 3452 RDPCDD - ok
13:13:38.0702 3452 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:13:38.0702 3452 RDPENCDD - ok
13:13:38.0702 3452 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:13:38.0717 3452 RDPREFMP - ok
13:13:38.0733 3452 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:13:38.0733 3452 RDPWD - ok
13:13:38.0764 3452 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:13:38.0780 3452 rdyboost - ok
13:13:38.0795 3452 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:13:38.0795 3452 RemoteAccess - ok
13:13:38.0811 3452 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:13:38.0811 3452 RemoteRegistry - ok
13:13:38.0827 3452 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:13:38.0827 3452 RpcEptMapper - ok
13:13:38.0842 3452 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:13:38.0842 3452 RpcLocator - ok
13:13:38.0889 3452 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:13:38.0889 3452 RpcSs - ok
13:13:38.0905 3452 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:13:38.0920 3452 rspndr - ok
13:13:38.0951 3452 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
13:13:38.0967 3452 RTL8167 - ok
13:13:38.0967 3452 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:13:38.0967 3452 SamSs - ok
13:13:38.0998 3452 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:13:39.0014 3452 sbp2port - ok
13:13:39.0029 3452 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:13:39.0045 3452 SCardSvr - ok
13:13:39.0061 3452 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:13:39.0061 3452 scfilter - ok
13:13:39.0092 3452 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:13:39.0154 3452 Schedule - ok
13:13:39.0170 3452 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:13:39.0170 3452 SCPolicySvc - ok
13:13:39.0185 3452 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:13:39.0201 3452 SDRSVC - ok
13:13:39.0217 3452 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:13:39.0217 3452 secdrv - ok
13:13:39.0232 3452 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:13:39.0232 3452 seclogon - ok
13:13:39.0248 3452 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
13:13:39.0248 3452 SENS - ok
13:13:39.0263 3452 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:13:39.0263 3452 SensrSvc - ok
13:13:39.0279 3452 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:13:39.0279 3452 Serenum - ok
13:13:39.0295 3452 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:13:39.0295 3452 Serial - ok
13:13:39.0310 3452 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:13:39.0326 3452 sermouse - ok
13:13:39.0341 3452 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
13:13:39.0357 3452 SessionEnv - ok
13:13:39.0373 3452 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:13:39.0373 3452 sffdisk - ok
13:13:39.0388 3452 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:13:39.0388 3452 sffp_mmc - ok
13:13:39.0404 3452 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:13:39.0404 3452 sffp_sd - ok
13:13:39.0419 3452 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:13:39.0419 3452 sfloppy - ok
13:13:39.0435 3452 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:13:39.0451 3452 SharedAccess - ok
13:13:39.0466 3452 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:13:39.0466 3452 ShellHWDetection - ok
13:13:39.0482 3452 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:13:39.0482 3452 sisagp - ok
13:13:39.0513 3452 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:13:39.0513 3452 SiSRaid2 - ok
13:13:39.0529 3452 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:13:39.0529 3452 SiSRaid4 - ok
13:13:39.0544 3452 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:13:39.0560 3452 Smb - ok
13:13:39.0560 3452 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:13:39.0560 3452 SNMPTRAP - ok
13:13:39.0575 3452 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:13:39.0591 3452 spldr - ok
13:13:39.0607 3452 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
13:13:39.0638 3452 Spooler - ok
13:13:39.0716 3452 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:13:39.0763 3452 sppsvc - ok
13:13:39.0794 3452 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:13:39.0794 3452 sppuinotify - ok
13:13:39.0809 3452 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:13:39.0825 3452 srv - ok
13:13:39.0841 3452 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:13:39.0856 3452 srv2 - ok
13:13:39.0872 3452 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:13:39.0872 3452 srvnet - ok
13:13:39.0903 3452 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:13:39.0903 3452 SSDPSRV - ok
13:13:39.0965 3452 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:13:39.0981 3452 ssmdrv - ok
13:13:39.0997 3452 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:13:40.0012 3452 SstpSvc - ok
13:13:40.0012 3452 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:13:40.0028 3452 stexstor - ok
13:13:40.0059 3452 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:13:40.0090 3452 StiSvc - ok
13:13:40.0106 3452 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:13:40.0106 3452 swenum - ok
13:13:40.0121 3452 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:13:40.0137 3452 swprv - ok
13:13:40.0168 3452 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
13:13:40.0184 3452 SysMain - ok
13:13:40.0199 3452 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:13:40.0215 3452 TabletInputService - ok
13:13:40.0246 3452 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:13:40.0246 3452 TapiSrv - ok
13:13:40.0262 3452 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:13:40.0262 3452 TBS - ok
13:13:40.0324 3452 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:13:40.0371 3452 Tcpip - ok
13:13:40.0402 3452 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:13:40.0418 3452 TCPIP6 - ok
13:13:40.0449 3452 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:13:40.0449 3452 tcpipreg - ok
13:13:40.0465 3452 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:13:40.0465 3452 TDPIPE - ok
13:13:40.0496 3452 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:13:40.0496 3452 TDTCP - ok
13:13:40.0527 3452 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:13:40.0527 3452 tdx - ok
13:13:40.0543 3452 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:13:40.0543 3452 TermDD - ok
13:13:40.0574 3452 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:13:40.0589 3452 TermService - ok
13:13:40.0589 3452 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:13:40.0589 3452 Themes - ok
13:13:40.0605 3452 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:13:40.0605 3452 THREADORDER - ok
13:13:40.0621 3452 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:13:40.0621 3452 TrkWks - ok
13:13:40.0652 3452 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:13:40.0667 3452 TrustedInstaller - ok
13:13:40.0699 3452 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:13:40.0714 3452 tssecsrv - ok
13:13:40.0745 3452 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:13:40.0745 3452 TsUsbFlt - ok
13:13:40.0777 3452 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:13:40.0777 3452 tunnel - ok
13:13:40.0792 3452 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:13:40.0808 3452 uagp35 - ok
13:13:40.0823 3452 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:13:40.0823 3452 udfs - ok
13:13:40.0839 3452 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:13:40.0839 3452 UI0Detect - ok
13:13:40.0870 3452 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:13:40.0886 3452 uliagpkx - ok
13:13:40.0901 3452 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
13:13:40.0917 3452 umbus - ok
13:13:40.0933 3452 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:13:40.0933 3452 UmPass - ok
13:13:40.0948 3452 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:13:40.0964 3452 upnphost - ok
13:13:40.0979 3452 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:13:40.0995 3452 usbccgp - ok
13:13:41.0026 3452 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:13:41.0026 3452 usbcir - ok
13:13:41.0042 3452 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:13:41.0042 3452 usbehci - ok
13:13:41.0073 3452 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:13:41.0073 3452 usbhub - ok
13:13:41.0104 3452 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:13:41.0104 3452 usbohci - ok
13:13:41.0120 3452 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:13:41.0120 3452 usbprint - ok
13:13:41.0135 3452 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:13:41.0151 3452 USBSTOR - ok
13:13:41.0151 3452 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:13:41.0167 3452 usbuhci - ok
13:13:41.0167 3452 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:13:41.0182 3452 UxSms - ok
13:13:41.0182 3452 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:13:41.0182 3452 VaultSvc - ok
13:13:41.0198 3452 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:13:41.0198 3452 vdrvroot - ok
13:13:41.0229 3452 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:13:41.0276 3452 vds - ok
13:13:41.0291 3452 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:13:41.0291 3452 vga - ok
13:13:41.0307 3452 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:13:41.0307 3452 VgaSave - ok
13:13:41.0323 3452 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:13:41.0338 3452 vhdmp - ok
13:13:41.0338 3452 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:13:41.0354 3452 viaagp - ok
13:13:41.0369 3452 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:13:41.0369 3452 ViaC7 - ok
13:13:41.0385 3452 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:13:41.0385 3452 viaide - ok
13:13:41.0401 3452 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:13:41.0401 3452 volmgr - ok
13:13:41.0432 3452 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:13:41.0447 3452 volmgrx - ok
13:13:41.0447 3452 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:13:41.0463 3452 volsnap - ok
13:13:41.0479 3452 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:13:41.0494 3452 vsmraid - ok
13:13:41.0525 3452 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:13:41.0588 3452 VSS - ok
13:13:41.0603 3452 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:13:41.0603 3452 vwifibus - ok
13:13:41.0619 3452 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:13:41.0635 3452 vwififlt - ok
13:13:41.0650 3452 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:13:41.0666 3452 W32Time - ok
13:13:41.0681 3452 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:13:41.0697 3452 WacomPen - ok
13:13:41.0713 3452 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:13:41.0713 3452 WANARP - ok
13:13:41.0713 3452 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:13:41.0713 3452 Wanarpv6 - ok
13:13:41.0744 3452 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:13:41.0775 3452 wbengine - ok
13:13:41.0791 3452 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:13:41.0806 3452 WbioSrvc - ok
13:13:41.0822 3452 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:13:41.0837 3452 wcncsvc - ok
13:13:41.0837 3452 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:13:41.0853 3452 WcsPlugInService - ok
13:13:41.0853 3452 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:13:41.0853 3452 Wd - ok
13:13:41.0884 3452 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:13:41.0900 3452 Wdf01000 - ok
13:13:41.0915 3452 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:13:41.0915 3452 WdiServiceHost - ok
13:13:41.0915 3452 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:13:41.0915 3452 WdiSystemHost - ok
13:13:41.0947 3452 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
13:13:41.0962 3452 WebClient - ok
13:13:41.0962 3452 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:13:41.0978 3452 Wecsvc - ok
13:13:41.0978 3452 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:13:41.0993 3452 wercplsupport - ok
13:13:42.0009 3452 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:13:42.0025 3452 WerSvc - ok
13:13:42.0040 3452 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:13:42.0040 3452 WfpLwf - ok
13:13:42.0056 3452 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:13:42.0056 3452 WIMMount - ok
13:13:42.0103 3452 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:13:42.0134 3452 WinDefend - ok
13:13:42.0149 3452 WinHttpAutoProxySvc - ok
13:13:42.0181 3452 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:13:42.0196 3452 Winmgmt - ok
13:13:42.0243 3452 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:13:42.0274 3452 WinRM - ok
13:13:42.0305 3452 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:13:42.0321 3452 WinUsb - ok
13:13:42.0352 3452 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:13:42.0399 3452 Wlansvc - ok
13:13:42.0415 3452 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:13:42.0415 3452 WmiAcpi - ok
13:13:42.0430 3452 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:13:42.0446 3452 wmiApSrv - ok
13:13:42.0493 3452 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:13:42.0524 3452 WMPNetworkSvc - ok
13:13:42.0524 3452 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:13:42.0539 3452 WPCSvc - ok
13:13:42.0571 3452 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:13:42.0586 3452 WPDBusEnum - ok
13:13:42.0602 3452 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:13:42.0617 3452 ws2ifsl - ok
13:13:42.0617 3452 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
13:13:42.0633 3452 wscsvc - ok
13:13:42.0633 3452 WSearch - ok
13:13:42.0695 3452 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:13:42.0727 3452 wuauserv - ok
13:13:42.0758 3452 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:13:42.0758 3452 WudfPf - ok
13:13:42.0789 3452 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:13:42.0789 3452 WUDFRd - ok
13:13:42.0820 3452 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:13:42.0836 3452 wudfsvc - ok
13:13:42.0867 3452 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:13:42.0883 3452 WwanSvc - ok
13:13:42.0883 3452 ================ Scan global ===============================
13:13:42.0914 3452 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:13:42.0945 3452 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:13:42.0961 3452 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:13:42.0992 3452 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:13:43.0023 3452 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:13:43.0023 3452 [Global] - ok
13:13:43.0039 3452 ================ Scan MBR ==================================
13:13:43.0039 3452 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:13:43.0241 3452 \Device\Harddisk0\DR0 - ok
13:13:43.0257 3452 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:13:45.0301 3452 \Device\Harddisk1\DR1 - ok
13:13:45.0301 3452 ================ Scan VBR ==================================
13:13:45.0301 3452 [ D91B5F4CBF7AE61BFABCF1DC8E57454E ] \Device\Harddisk0\DR0\Partition1
13:13:45.0301 3452 \Device\Harddisk0\DR0\Partition1 - ok
13:13:45.0301 3452 [ 2C18237BAF3378DFC023B1013885D7D4 ] \Device\Harddisk0\DR0\Partition2
13:13:45.0316 3452 \Device\Harddisk0\DR0\Partition2 - ok
13:13:45.0316 3452 [ BAACEAF2B12AF8CAE4A546063FEEDBFB ] \Device\Harddisk0\DR0\Partition3
13:13:45.0316 3452 \Device\Harddisk0\DR0\Partition3 - ok
13:13:45.0332 3452 [ 46968E16BCE624166A0B62CD8A34F14C ] \Device\Harddisk1\DR1\Partition1
13:13:45.0332 3452 \Device\Harddisk1\DR1\Partition1 - ok
13:13:45.0332 3452 ============================================================
13:13:45.0332 3452 Scan finished
13:13:45.0332 3452 ============================================================
13:13:45.0363 2236 Detected object count: 0
13:13:45.0363 2236 Actual detected object count: 0
13:14:11.0883 0864 Deinitialize success
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-06-2013 01
Ran by Jennifer (ATTENTION: The logged in user is not administrator) on 01-06-2013 13:18:54
Running from C:\Users\Jennifer\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
Attention: System hive is missing.
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hama GmbH & Co KG) C:\Program Files\Hama\Common\RaUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1505144 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1468256 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [33648 2007-08-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1\n. ATTENTION! ====> ZeroAccess
MountPoints2: {d71635f9-0be5-11e0-8f34-806e6f6e6963} - D:\setup.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Garmin Communicator - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: No Name - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Hama\Common\RalinkRegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.)
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-01 13:18 - 2013-06-01 13:18 - 01355651 ____A (Farbar) C:\Users\Jennifer\Desktop\FRST.exe
2013-06-01 13:18 - 2013-06-01 13:18 - 00000000 ____D C:\FRST
2013-06-01 13:11 - 2013-06-01 13:11 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Jennifer\Desktop\tdsskiller.exe
2013-06-01 11:56 - 2013-06-01 11:56 - 00054876 ____A C:\Users\Jennifer\Desktop\Extras.Txt
2013-06-01 11:52 - 2013-06-01 11:55 - 00059968 ____A C:\Users\Jennifer\Desktop\OTL.Txt
2013-06-01 11:14 - 2013-06-01 11:14 - 00377856 ____A C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe
2013-06-01 11:12 - 2013-06-01 11:13 - 00000397 ____A C:\Users\Jennifer\Desktop\Neues Textdokument.txt
2013-06-01 10:26 - 2013-06-01 10:26 - 00602112 ____A (OldTimer Tools) C:\Users\Jennifer\Desktop\OTL.exe
2013-06-01 10:25 - 2013-06-01 10:25 - 00602112 ____A (OldTimer Tools) C:\Users\Jennifer\Downloads\OTL.exe
2013-06-01 10:24 - 2013-06-01 11:33 - 00000476 ____A C:\Users\Jennifer\Desktop\defogger_disable.log
2013-06-01 10:24 - 2013-06-01 10:24 - 00000000 ____A C:\Users\Raphael\defogger_reenable
2013-06-01 10:22 - 2013-06-01 10:21 - 00050477 ____A C:\Users\Jennifer\Desktop\Defogger.exe
2013-06-01 10:21 - 2013-06-01 10:21 - 00050477 ____A C:\Users\Jennifer\Downloads\Defogger.exe
2013-05-31 09:11 - 2013-05-31 09:10 - 31666592 ____A (Oracle Corporation) C:\Users\Jennifer\Desktop\jre-7u21-windows-i586.exe
2013-05-31 09:09 - 2013-05-31 09:10 - 31666592 ____A (Oracle Corporation) C:\Users\Jennifer\Downloads\jre-7u21-windows-i586.exe
2013-05-21 19:02 - 2013-05-22 19:17 - 00009694 ____A C:\Users\Jennifer\Desktop\Mappe1.xlsx
2013-05-20 17:27 - 2013-06-01 13:08 - 00001232 ____A C:\Windows\setupact.log
2013-05-20 17:27 - 2013-05-20 17:27 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 19:01 - 2013-05-19 19:01 - 00000000 ____D C:\Users\Raphael\Neuer Ordner
2013-05-19 18:58 - 2013-05-19 18:58 - 00000000 ____D C:\Users\Jennifer\Documents\Garmin
2013-05-19 18:55 - 2013-05-19 18:55 - 00001730 ____A C:\Users\Public\Desktop\Garmin Express.lnk
2013-05-19 18:55 - 2013-05-19 18:55 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Garmin
2013-05-19 18:54 - 2013-05-19 19:01 - 00000000 ____D C:\ProgramData\Garmin
2013-05-19 18:54 - 2013-05-19 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-19 18:53 - 2013-05-19 18:53 - 00000000 ____D C:\Program Files\CCleaner
2013-05-19 18:49 - 2013-05-19 18:50 - 03309368 ____A (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup401_slim.exe
2013-05-16 11:01 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 11:01 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 11:01 - 2013-04-05 07:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 11:01 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 11:01 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 11:01 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 09:12 - 2013-04-10 05:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 09:12 - 2013-03-19 06:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 09:12 - 2013-03-19 05:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 09:11 - 2013-04-10 07:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 09:11 - 2013-04-10 07:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 09:11 - 2013-02-27 07:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 09:11 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 09:11 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 09:11 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 09:11 - 2013-02-27 06:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-02 10:36 - 2013-05-02 10:36 - 00066656 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
==================== One Month Modified Files and Folders ========
2013-06-01 13:18 - 2013-06-01 13:18 - 01355651 ____A (Farbar) C:\Users\Jennifer\Desktop\FRST.exe
2013-06-01 13:18 - 2013-06-01 13:18 - 00000000 ____D C:\FRST
2013-06-01 13:15 - 2009-07-14 06:34 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-01 13:15 - 2009-07-14 06:34 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-01 13:11 - 2013-06-01 13:11 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Jennifer\Desktop\tdsskiller.exe
2013-06-01 13:08 - 2013-05-20 17:27 - 00001232 ____A C:\Windows\setupact.log
2013-06-01 13:08 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-01 12:17 - 2010-12-20 05:11 - 01291591 ____A C:\Windows\WindowsUpdate.log
2013-06-01 11:56 - 2013-06-01 11:56 - 00054876 ____A C:\Users\Jennifer\Desktop\Extras.Txt
2013-06-01 11:55 - 2013-06-01 11:52 - 00059968 ____A C:\Users\Jennifer\Desktop\OTL.Txt
2013-06-01 11:39 - 2012-09-27 19:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-01 11:33 - 2013-06-01 10:24 - 00000476 ____A C:\Users\Jennifer\Desktop\defogger_disable.log
2013-06-01 11:14 - 2013-06-01 11:14 - 00377856 ____A C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe
2013-06-01 11:13 - 2013-06-01 11:12 - 00000397 ____A C:\Users\Jennifer\Desktop\Neues Textdokument.txt
2013-06-01 10:26 - 2013-06-01 10:26 - 00602112 ____A (OldTimer Tools) C:\Users\Jennifer\Desktop\OTL.exe
2013-06-01 10:25 - 2013-06-01 10:25 - 00602112 ____A (OldTimer Tools) C:\Users\Jennifer\Downloads\OTL.exe
2013-06-01 10:24 - 2013-06-01 10:24 - 00000000 ____A C:\Users\Raphael\defogger_reenable
2013-06-01 10:24 - 2010-12-20 22:11 - 00000000 ____D C:\users\Raphael
2013-06-01 10:22 - 2011-07-24 09:45 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Skype
2013-06-01 10:21 - 2013-06-01 10:22 - 00050477 ____A C:\Users\Jennifer\Desktop\Defogger.exe
2013-06-01 10:21 - 2013-06-01 10:21 - 00050477 ____A C:\Users\Jennifer\Downloads\Defogger.exe
2013-05-31 09:10 - 2013-05-31 09:11 - 31666592 ____A (Oracle Corporation) C:\Users\Jennifer\Desktop\jre-7u21-windows-i586.exe
2013-05-31 09:10 - 2013-05-31 09:09 - 31666592 ____A (Oracle Corporation) C:\Users\Jennifer\Downloads\jre-7u21-windows-i586.exe
2013-05-30 20:34 - 2013-03-06 18:31 - 00035381 ____A C:\Users\Jennifer\Desktop\Darian.xlsx
2013-05-27 17:18 - 2011-03-18 10:34 - 00000000 ____D C:\users\Jennifer
2013-05-22 19:17 - 2013-05-21 19:02 - 00009694 ____A C:\Users\Jennifer\Desktop\Mappe1.xlsx
2013-05-20 17:27 - 2013-05-20 17:27 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 19:03 - 2012-12-11 22:15 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Garmin
2013-05-19 19:01 - 2013-05-19 19:01 - 00000000 ____D C:\Users\Raphael\Neuer Ordner
2013-05-19 19:01 - 2013-05-19 18:54 - 00000000 ____D C:\ProgramData\Garmin
2013-05-19 18:59 - 2013-01-05 09:17 - 00000000 ____D C:\Windows\Minidump
2013-05-19 18:59 - 2011-03-17 21:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-19 18:59 - 2010-12-20 05:03 - 00000000 ____D C:\Windows\Panther
2013-05-19 18:58 - 2013-05-19 18:58 - 00000000 ____D C:\Users\Jennifer\Documents\Garmin
2013-05-19 18:55 - 2013-05-19 18:55 - 00001730 ____A C:\Users\Public\Desktop\Garmin Express.lnk
2013-05-19 18:55 - 2013-05-19 18:55 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Garmin
2013-05-19 18:55 - 2012-12-11 22:23 - 00000000 ____D C:\Users\Raphael\AppData\Roaming\Garmin
2013-05-19 18:54 - 2013-05-19 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-19 18:53 - 2013-05-19 18:53 - 00000000 ____D C:\Program Files\CCleaner
2013-05-19 18:50 - 2013-05-19 18:49 - 03309368 ____A (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup401_slim.exe
2013-05-19 18:36 - 2012-12-11 22:18 - 00000089 ____A C:\Users\Jennifer\Desktop\sonstiges.txt
2013-05-19 10:57 - 2010-12-20 22:12 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-16 18:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-05-16 17:51 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 17:34 - 2009-07-14 06:33 - 00439008 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 17:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-16 10:59 - 2011-01-02 14:29 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 16:39 - 2012-09-27 19:48 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 16:39 - 2012-09-27 19:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-13 19:32 - 2013-01-05 00:50 - 00000728 ____A C:\Users\Public\Desktop\Gameforge Live.lnk
2013-05-13 19:32 - 2013-01-05 00:50 - 00000000 ____D C:\Users\Raphael\Downloads\Gameforge Live
2013-05-02 10:36 - 2013-05-02 10:36 - 00066656 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-05-02 02:06 - 2010-12-29 14:23 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-06-2013 01
Ran by Jennifer at 2013-06-01 13:19:06 Run:
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
ATI AVIVO Codecs (Version: 11.6.0.50825)
ATI Catalyst Install Manager (Version: 3.0.790.0)
Avira Free Antivirus (Version: 13.0.0.3640)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0825.2146.37182)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0825.2146.37182)
Catalyst Control Center InstallProxy (Version: 2010.0825.2146.37182)
Catalyst Control Center Localization All (Version: 2010.0825.2146.37182)
CCC Help Chinese Standard (Version: 2010.0825.2145.37182)
CCC Help Chinese Traditional (Version: 2010.0825.2145.37182)
CCC Help Czech (Version: 2010.0825.2145.37182)
CCC Help Danish (Version: 2010.0825.2145.37182)
CCC Help Dutch (Version: 2010.0825.2145.37182)
CCC Help English (Version: 2010.0825.2145.37182)
CCC Help Finnish (Version: 2010.0825.2145.37182)
CCC Help French (Version: 2010.0825.2145.37182)
CCC Help German (Version: 2010.0825.2145.37182)
CCC Help Greek (Version: 2010.0825.2145.37182)
CCC Help Hungarian (Version: 2010.0825.2145.37182)
CCC Help Italian (Version: 2010.0825.2145.37182)
CCC Help Japanese (Version: 2010.0825.2145.37182)
CCC Help Korean (Version: 2010.0825.2145.37182)
CCC Help Norwegian (Version: 2010.0825.2145.37182)
CCC Help Polish (Version: 2010.0825.2145.37182)
CCC Help Portuguese (Version: 2010.0825.2145.37182)
CCC Help Russian (Version: 2010.0825.2145.37182)
CCC Help Spanish (Version: 2010.0825.2145.37182)
CCC Help Swedish (Version: 2010.0825.2145.37182)
CCC Help Thai (Version: 2010.0825.2145.37182)
CCC Help Turkish (Version: 2010.0825.2145.37182)
ccc-core-static (Version: 2010.0825.2146.37182)
ccc-utility (Version: 2010.0825.2146.37182)
CCleaner (Version: 4.01)
Ceville 1.0 (Version: 1.0)
Die Siedler IV
dm-Fotowelt (Version: 5.0.1)
Elevated Installer (Version: 2.1.13)
Foto Paradies
Gameforge Live 1.0 "Legend" (Version: 1.1.1724)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin Update Service (Version: 2.1.13)
Hama Wireless LAN Adapter (Version: 1.00.0000)
HydraVision (Version: 4.2.180.0)
IZArc 4.1.2 (Version: 4.1.2)
Jack Keane
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 22 (Version: 6.0.220)
Jewels of Atlantis
Mein CEWE FOTOBUCH (Version: 5.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 7.1 (Version: 7.10.344.0)
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 13.0.1 (x86 de) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PDFCreator (Version: 1.5.1)
Runes of Magic (Version: 5.0.0.2535)
Skype Toolbars (Version: 5.5.7896)
Skype™ 5.3 (Version: 5.3.120)
Spybot - Search & Destroy (Version: 1.6.2)
TuxGuitar (Version: 1.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Outlook 2007 Junk Email Filter (kb947945)
Warcraft III
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
==================== Restore Points =========================
==================== Hosts content: ==========================
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
There are 1000 more lines starting with "127.0.0.1"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/01/2013 11:19:30 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012288
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3
Error: (05/29/2013 11:38:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/28/2013 03:34:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/27/2013 05:00:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/26/2013 08:04:42 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"
Error: (05/24/2013 01:36:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/23/2013 10:33:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/21/2013 06:11:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/20/2013 05:48:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/19/2013 09:43:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (05/30/2013 11:40:49 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/29/2013 11:56:46 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (05/29/2013 11:40:05 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/27/2013 05:18:04 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?27.?05.?2013 um 17:11:57 unerwartet heruntergefahren.
Error: (05/27/2013 04:59:16 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/24/2013 04:45:54 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/24/2013 11:40:09 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/23/2013 03:22:11 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/22/2013 06:09:42 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/22/2013 09:28:15 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Microsoft Office Sessions:
=========================
Error: (07/02/2011 10:14:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2773 seconds with 1920 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 3327.18 MB
Available physical RAM: 2178.56 MB
Total Pagefile: 6652.65 MB
Available Pagefile: 5242.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.83 GB) (Free:7.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (J&MC2) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS
Drive e: (Volume) (Fixed) (Total:195.31 GB) (Free:166.51 GB) NTFS
Drive f: (Volume) (Fixed) (Total:221.62 GB) (Free:3.97 GB) NTFS
Drive h: () (Removable) (Total:29.67 GB) (Free:13.59 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Gruß Sere |
|
01.06.2013, 12:36
| #4 | |
| /// the machine /// TB-Ausbilder | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1\n. ATTENTION! ====> ZeroAccess
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 13:11
| #5 |
| | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Beide Programme ausgeführt. Nach der Ausführung von ComboFix scheint nun ein alter Wiederherstellungspunkt eingerichtet worden zu sein. Viele Programme und Datein vom Desktop u.a. auch der Fixlog von Frst sind verschwunden. ComboFix Log: Code:
ATTFilter ComboFix 13-06-01.01 - Raphael 01.06.2013 13:49:11.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.2199 [GMT 2:00]
ausgeführt von:: c:\users\Jennifer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-01 bis 2013-06-01 ))))))))))))))))))))))))))))))
.
.
2013-06-01 11:18 . 2013-06-01 11:18 -------- d-----w- C:\FRST
2013-06-01 08:06 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F91B13E-C376-4F81-92E8-C9BAD29F9B29}\mpengine.dll
2013-05-19 17:06 . 2013-05-19 17:06 -------- d-----w- c:\users\Raphael\AppData\Local\Garmin
2013-05-19 17:01 . 2013-05-19 17:01 -------- d-----w- c:\users\Raphael\Neuer Ordner
2013-05-19 16:55 . 2013-05-19 16:55 -------- d-----w- c:\users\Jennifer\AppData\Local\Garmin
2013-05-19 16:54 . 2013-05-19 17:01 -------- d-----w- c:\programdata\Garmin
2013-05-19 16:54 . 2013-05-19 16:54 -------- d-----w- c:\programdata\Package Cache
2013-05-19 16:53 . 2013-05-19 16:53 -------- d-----w- c:\program files\CCleaner
2013-05-16 07:12 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 07:12 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 07:12 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 07:11 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 07:11 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 07:11 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-16 07:11 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-16 07:11 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 14:39 . 2012-09-27 17:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 14:39 . 2012-09-27 17:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 08:36 . 2013-05-02 08:36 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-12-29 12:23 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-16 07:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 07:26 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-29 14:33 . 2013-03-29 14:33 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 14:33 . 2013-03-29 14:33 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 14:33 . 2013-03-29 14:33 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 14:33 . 2013-03-29 14:33 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-03-29 14:33 . 2013-03-29 14:33 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 14:33 . 2013-03-29 14:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-29 14:33 . 2013-03-29 14:33 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-03-29 14:33 . 2013-03-29 14:33 361984 ----a-w- c:\windows\system32\html.iec
2013-03-29 14:33 . 2013-03-29 14:33 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-29 14:33 . 2013-03-29 14:33 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-03-29 14:33 . 2013-03-29 14:33 158720 ----a-w- c:\windows\system32\msls31.dll
2013-03-29 14:33 . 2013-03-29 14:33 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-03-29 14:33 . 2013-03-29 14:33 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 14:33 . 2013-03-29 14:33 138752 ----a-w- c:\windows\system32\wextract.exe
2013-03-29 14:33 . 2013-03-29 14:33 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 14:33 . 2013-03-29 14:33 12800 ----a-w- c:\windows\system32\mshta.exe
2013-03-29 14:33 . 2013-03-29 14:33 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-28 21:04 . 2012-11-13 19:05 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-28 21:04 . 2012-11-13 19:05 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 21:04 . 2012-11-13 19:05 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-19 05:04 . 2013-04-10 14:01 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:01 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 14:01 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 14:01 69632 ----a-w- c:\windows\system32\smss.exe
2012-06-14 22:19 . 2012-06-23 16:26 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"GarminExpressTrayApp"="e:\program files\Garmin\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448]
.
c:\users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2010-12-22 1597440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;e:\program files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 77427003
*Deregistered* - 77427003
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 14:39]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\kn3gu7ao.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-dm-Fotowelt - h:\cewe\dm-Fotowelt\uninstall.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-01 13:56:03
ComboFix-quarantined-files.txt 2013-06-01 11:56
.
Vor Suchlauf: 7.257.378.816 Bytes frei
Nach Suchlauf: 7.466.840.064 Bytes frei
.
- - End Of File - - 98A8AE057C6E7359E3FED787290DD803
|
|
01.06.2013, 13:14
| #6 |
| /// the machine /// TB-Ausbilder | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. kurze Frage: Wieviele Useraccounts gibt es an dem Rechner? Und warum machst Du die Scans von unterschiedlichen Accounts? einmal mit und einmal ohne Adminrechte?
__________________ --> Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. |
|
01.06.2013, 13:37
| #7 |
| | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Es gibt 2 User Accounts am Rechner. Den normalen Account von dem ich jetzt aus aktiv und einen zusätzlichen mit Adminrechten. Zu Beginn, als ich mir den Thread "Für alle Hilfesuchenden..." durchgelesen habe, stand im Text, dass man das Programm Defogger + Gmer mit der Option "als Admin..." ausführen soll. Dies hatte ich beim OTR Scan auch noch zusätzlich gemacht. Da wir hauptsächlich von dem normalen Account ohne Adminrechte arbeiten, ist mir leider nicht in den Sinn gekommen, mich als Admin einzuloggen. Falls dies nun zu Mehraufwand führt, bitte ich das zu entschuldigen. Soll ich nun für die weitere Bearbeitung auf den Admin Account wechseln? |
|
01.06.2013, 13:40
| #8 |
| /// the machine /// TB-Ausbilder | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Bitte FRST nochmal vom Adminacc ausführen, sowie Combofix auch bitte 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 13:43
| #9 |
| | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Okay wird erledigt. Kurzer Hinweis noch. Habe den Rechner nochmal neu gestartet. Nun ist der Desktop wieder okay. Alle Datein wieder da. Hier die Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-06-2013 02
Ran by Raphael at 2013-06-01 14:50:12 Run:2
Running from C:\Users\Raphael\Desktop
Boot Mode: Normal
==============================================
HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Error setting value.
C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1 => File/Directory not found.
==== End of Fixlog ====
Code:
ATTFilter ComboFix 13-06-01.01 - Raphael 01.06.2013 14:55:52.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.2263 [GMT 2:00]
ausgeführt von:: c:\users\Raphael\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-01 bis 2013-06-01 ))))))))))))))))))))))))))))))
.
.
2013-06-01 12:59 . 2013-06-01 12:59 -------- d-----w- c:\users\Jennifer\AppData\Local\temp
2013-06-01 12:59 . 2013-06-01 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-01 11:56 . 2013-06-01 12:59 -------- d-----w- c:\users\Raphael\AppData\Local\temp
2013-06-01 11:18 . 2013-06-01 11:18 -------- d-----w- C:\FRST
2013-06-01 08:06 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F91B13E-C376-4F81-92E8-C9BAD29F9B29}\mpengine.dll
2013-05-19 17:06 . 2013-05-19 17:06 -------- d-----w- c:\users\Raphael\AppData\Local\Garmin
2013-05-19 17:01 . 2013-05-19 17:01 -------- d-----w- c:\users\Raphael\Neuer Ordner
2013-05-19 16:55 . 2013-05-19 16:55 -------- d-----w- c:\users\Jennifer\AppData\Local\Garmin
2013-05-19 16:54 . 2013-05-19 17:01 -------- d-----w- c:\programdata\Garmin
2013-05-19 16:54 . 2013-05-19 16:54 -------- d-----w- c:\programdata\Package Cache
2013-05-19 16:53 . 2013-05-19 16:53 -------- d-----w- c:\program files\CCleaner
2013-05-16 07:12 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 07:12 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 07:12 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 07:11 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 07:11 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 07:11 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-16 07:11 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-16 07:11 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 14:39 . 2012-09-27 17:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 14:39 . 2012-09-27 17:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 08:36 . 2013-05-02 08:36 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-12-29 12:23 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-16 07:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 07:26 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-29 14:33 . 2013-03-29 14:33 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 14:33 . 2013-03-29 14:33 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 14:33 . 2013-03-29 14:33 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-29 14:33 . 2013-03-29 14:33 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-03-29 14:33 . 2013-03-29 14:33 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-03-29 14:33 . 2013-03-29 14:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-29 14:33 . 2013-03-29 14:33 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-03-29 14:33 . 2013-03-29 14:33 361984 ----a-w- c:\windows\system32\html.iec
2013-03-29 14:33 . 2013-03-29 14:33 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-29 14:33 . 2013-03-29 14:33 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-03-29 14:33 . 2013-03-29 14:33 158720 ----a-w- c:\windows\system32\msls31.dll
2013-03-29 14:33 . 2013-03-29 14:33 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-03-29 14:33 . 2013-03-29 14:33 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-29 14:33 . 2013-03-29 14:33 138752 ----a-w- c:\windows\system32\wextract.exe
2013-03-29 14:33 . 2013-03-29 14:33 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-29 14:33 . 2013-03-29 14:33 12800 ----a-w- c:\windows\system32\mshta.exe
2013-03-29 14:33 . 2013-03-29 14:33 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-28 21:04 . 2012-11-13 19:05 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-28 21:04 . 2012-11-13 19:05 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-28 21:04 . 2012-11-13 19:05 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-19 05:04 . 2013-04-10 14:01 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:01 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 14:01 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 14:01 69632 ----a-w- c:\windows\system32\smss.exe
2012-06-14 22:19 . 2012-06-23 16:26 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"GarminExpressTrayApp"="e:\program files\Garmin\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
.
c:\users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2010-12-22 1597440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;e:\program files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 14:39]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\kn3gu7ao.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-01 15:01:03
ComboFix-quarantined-files.txt 2013-06-01 13:01
ComboFix2.txt 2013-06-01 11:56
.
Vor Suchlauf: 7.878.320.128 Bytes frei
Nach Suchlauf: 8.154.890.240 Bytes frei
.
- - End Of File - - FB6768E5D9D9BDC6E26235C38A99C78D
Geändert von Sere (01.06.2013 um 14:02 Uhr) |
|
01.06.2013, 14:50
| #10 |
| /// the machine /// TB-Ausbilder | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Ok. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
Und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 16:39
| #11 |
| | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Hier Log von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 01/06/2013 um 17:35:27 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Raphael - JENNIFER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Raphael\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Jennifer\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Raphael\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v13.0.1 (de)
Datei : C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\kn3gu7ao.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1237 octets] - [01/06/2013 17:35:27]
########## EOF - C:\AdwCleaner[S1].txt - [1297 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Raphael on 01.06.2013 at 17:42:46,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2013 at 17:43:32,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Geändert von Sere (01.06.2013 um 16:45 Uhr) |
|
01.06.2013, 17:42
| #12 |
| /// the machine /// TB-Ausbilder | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 18:37
| #13 |
| | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Hier von ESET: 2 Funde... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c8bd21ea0e879841b5547421d1b6d76f
# engine=13969
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-01 05:27:03
# local_time=2013-06-01 07:27:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 7009 235530913 0 0
# compatibility_mode=5893 16776573 100 94 6020 121738814 0 0
# scanned=193573
# found=2
# cleaned=0
# scan_time=5251
sh=99C1522A4BA1FF60EC6E5D87019285D144FCFC56 ft=0 fh=0000000000000000 vn="JS/Kryptik.AKT trojan" ac=I fn="F:\JENNIFER-PC\Backup Set 2013-03-24 194346\Backup Files 2013-05-19 190001\Backup files 1.zip"
sh=234AC30F8198A6F5FD5F5B874198146F01EF43B9 ft=0 fh=0000000000000000 vn="JS/Kryptik.AKT trojan" ac=I fn="F:\JENNIFER-PC\Backup Set 2013-03-24 194346\Backup Files 2013-05-19 190001\Backup files 3.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Raphael Desktop avira_free3640_antivirus_de.exe
Raphael AppData Local Temp\RarSFX0\presetup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter OTL logfile created on: 01.06.2013 19:52:07 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raphael\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,62% Memory free 6,50 Gb Paging File | 5,02 Gb Available in Paging File | 77,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 7,56 Gb Free Space | 15,49% Space Free | Partition Type: NTFS Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32 Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.01 19:51:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe PRC - [2013.05.15 16:39:56 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Garmin\Express Tray\ExpressTray.exe PRC - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.11.05 22:45:55 | 001,505,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe PRC - [2009.11.05 22:35:26 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.07.03 18:10:12 | 001,597,440 | ---- | M] (Hama GmbH & Co KG) -- C:\Programme\Hama\Common\RaUI.exe PRC - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 17:51:46 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\98e8641e2ca570f03352a91836b0b97a\System.ServiceModel.Routing.ni.dll MOD - [2013.05.16 17:51:45 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0e5d2997438866de453e8b1401d84398\System.ServiceModel.Discovery.ni.dll MOD - [2013.05.16 17:51:45 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a75004c8363a598f4997686c16ae55e\System.ServiceModel.Channels.ni.dll MOD - [2013.05.16 17:51:44 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4dbbfceeddfc9180d5f621f0fc586e2c\System.ServiceModel.Activities.ni.dll MOD - [2013.05.16 17:51:43 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll MOD - [2013.05.16 17:51:29 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll MOD - [2013.05.16 17:50:25 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll MOD - [2013.05.16 17:50:24 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll MOD - [2013.05.16 17:50:22 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll MOD - [2013.05.16 17:35:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 17:34:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.16 11:01:17 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.16 11:01:06 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.16 11:01:04 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013.05.16 11:01:01 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll MOD - [2013.05.16 11:00:58 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.05.16 11:00:56 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.05.15 16:39:56 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.02.14 09:45:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll MOD - [2013.01.13 21:08:01 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll MOD - [2013.01.13 21:07:54 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.10 20:37:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 20:36:44 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 20:36:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 20:36:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 20:36:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.09 22:28:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.01.09 22:28:39 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.09 22:28:37 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.09 22:28:35 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.09 22:28:30 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.08.25 22:44:50 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.08.04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2010.06.29 11:31:12 | 000,652,800 | ---- | M] () -- E:\Programme\IZArc\IZArcCM.dll ========== Services (SafeList) ========== SRV - [2013.05.15 16:39:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2007.08.24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Raphael\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.07.15 14:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.07.07 19:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2009.11.05 22:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E0 96 87 13 A2 CB 01 [binary data] IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:27:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.31 08:42:17 | 000,000,000 | ---D | M] [2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions [2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\kn3gu7ao.default\extensions [2012.06.23 18:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.07.24 09:44:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.15 19:03:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.06.01 13:53:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [GarminExpressTrayApp] E:\Program Files\Garmin\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6020D34-9C42-44B9-89C9-5210E7F997A0}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.11.23 12:49:28 | 000,000,077 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.11.01 16:25:14 | 000,000,000 | ---D | M] - F:\Autoralley -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.01 19:51:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe [2013.06.01 19:50:29 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Avira [2013.06.01 19:47:02 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.06.01 19:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.01 19:45:03 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.06.01 19:45:03 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.06.01 19:45:03 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.06.01 19:45:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.06.01 19:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.01 19:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.06.01 17:48:04 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Raphael\Desktop\esetsmartinstaller_enu.exe [2013.06.01 17:42:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.01 17:42:40 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.01 17:41:19 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Raphael\Desktop\JRT.exe [2013.06.01 15:00:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.01 14:59:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.01 14:51:50 | 005,076,199 | R--- | C] (Swearware) -- C:\Users\Raphael\Desktop\ComboFix.exe [2013.06.01 14:47:34 | 001,355,657 | ---- | C] (Farbar) -- C:\Users\Raphael\Desktop\FRST.exe [2013.06.01 13:56:05 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\temp [2013.06.01 13:48:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.01 13:48:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.01 13:48:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.01 13:47:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.01 13:47:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.01 13:18:52 | 000,000,000 | ---D | C] -- C:\FRST [2013.05.19 19:06:17 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\Garmin [2013.05.19 19:01:14 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Neuer Ordner [2013.05.19 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin [2013.05.19 18:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.05.19 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.05.16 11:01:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.16 11:01:29 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.16 11:01:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.16 11:01:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.16 11:01:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.16 11:01:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.16 11:01:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.16 11:01:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.16 11:01:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.16 11:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.16 09:12:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.16 09:12:01 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.16 09:11:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.16 09:11:55 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.16 09:11:55 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe ========== Files - Modified Within 30 Days ========== [2013.06.01 19:51:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe [2013.06.01 19:50:52 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 19:50:52 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 19:46:50 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.06.01 19:45:11 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.01 19:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.01 19:43:28 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys [2013.06.01 19:39:58 | 000,890,839 | ---- | M] () -- C:\Users\Raphael\Desktop\SecurityCheck.exe [2013.06.01 19:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.01 18:00:34 | 102,323,272 | ---- | M] () -- C:\Users\Raphael\Desktop\avira_free3640_antivirus_de.exe [2013.06.01 17:48:10 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Raphael\Desktop\esetsmartinstaller_enu.exe [2013.06.01 17:41:24 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Raphael\Desktop\JRT.exe [2013.06.01 17:32:44 | 000,632,031 | ---- | M] () -- C:\Users\Raphael\Desktop\adwcleaner.exe [2013.06.01 14:52:16 | 005,076,199 | R--- | M] (Swearware) -- C:\Users\Raphael\Desktop\ComboFix.exe [2013.06.01 14:47:48 | 001,355,657 | ---- | M] (Farbar) -- C:\Users\Raphael\Desktop\FRST.exe [2013.06.01 13:53:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.01 10:24:43 | 000,000,000 | ---- | M] () -- C:\Users\Raphael\defogger_reenable [2013.05.19 18:55:05 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk [2013.05.19 10:57:39 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.19 10:57:39 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.19 10:57:39 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.19 10:57:39 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.16 17:34:10 | 000,439,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 16:39:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 16:39:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.13 19:32:43 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Gameforge Live.lnk ========== Files Created - No Company Name ========== [2013.06.01 19:45:11 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.01 19:39:53 | 000,890,839 | ---- | C] () -- C:\Users\Raphael\Desktop\SecurityCheck.exe [2013.06.01 17:53:52 | 102,323,272 | ---- | C] () -- C:\Users\Raphael\Desktop\avira_free3640_antivirus_de.exe [2013.06.01 17:32:39 | 000,632,031 | ---- | C] () -- C:\Users\Raphael\Desktop\adwcleaner.exe [2013.06.01 13:48:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.01 13:48:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.01 13:48:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.01 13:48:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.01 13:48:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.01 10:24:43 | 000,000,000 | ---- | C] () -- C:\Users\Raphael\defogger_reenable [2013.05.19 18:55:05 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk [2011.03.17 21:46:31 | 000,000,680 | RHS- | C] () -- C:\Users\Raphael\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.06.2013 19:52:07 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raphael\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,62% Memory free
6,50 Gb Paging File | 5,02 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,56 Gb Free Space | 15,49% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "H:\Cewe\dm-Fotowelt\dm-Fotowelt.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Foto Paradies] -- "F:\cewe\dm\dm-Fotowelt\Foto Paradies.exe" "%1" ()
Directory [Mein CEWE FOTOBUCH] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2B414A-3D8B-40BA-9359-3C33226577AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D1939E5-B494-4359-AB9B-9E9E93EA5977}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C63C50C-7713-418F-B076-4845B9FBC55A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3041C936-470B-46D9-8A1B-3F5CBBDE787D}" = rport=445 | protocol=6 | dir=out | app=system |
"{432ED99F-DF16-41CE-BBDA-72E22C30DE92}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47B5CE20-8D1B-4AB6-B798-C3B5BB30A681}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5429D7EE-F395-466B-B3A8-BE06E1C406B0}" = lport=138 | protocol=17 | dir=in | app=system |
"{62E05942-54F7-4EBF-B337-7544EF52AC97}" = lport=139 | protocol=6 | dir=in | app=system |
"{638E6196-DF8D-468A-AE6C-493A33F0877E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71AE9208-60B3-4B97-B639-43D681446DE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7ECFAD41-01FC-4703-94A0-0A7EF4D7DF90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9268442A-E994-4DE0-9581-300C3F5D5CFB}" = lport=137 | protocol=17 | dir=in | app=system |
"{93E1C0FF-A251-420C-AB0A-F37F305F1CC5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{95C0894C-3A40-458E-8C46-F2E5587CCD69}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B2C5559-05D6-4983-A10D-78EF2ABF8504}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A35D4A88-7CFE-44A7-9E23-C21EB32AA79D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3E080BC-ED8F-4540-9B0F-825C91D1C66C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C3D2B7B9-406F-4F46-9449-9F0A496BC8C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DEEFA361-8A7E-4C57-82DA-67AA60741CFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2F073BE-AFAD-403B-A9DE-E4A5DDC9CFCB}" = rport=138 | protocol=17 | dir=out | app=system |
"{F198FB6B-2701-4C0B-878D-EA875CC32168}" = rport=137 | protocol=17 | dir=out | app=system |
"{FBDE392B-69A4-41A3-824D-D16F5ED9722B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050F3611-BF59-4F16-8567-3464B7E80D78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14288556-9311-45B5-9096-3E916551D52B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1A84EF6B-ADB5-4E79-B507-D2195690AB82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{26AD5F6E-C6F5-4BCD-BA63-1E40CACA8E04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{520E672D-4167-4D75-95FD-AE1041A18C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8270593D-8A4A-49E7-81BE-D4C2D7EF9951}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87C4DE77-60FE-403E-A2A9-2C9EC48B6D14}" = protocol=6 | dir=out | app=system |
"{8AD696AD-E23C-4C35-BD54-81ED0CCC3D80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D48E281-ED96-4006-B9DF-A646470C2FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9906632A-D70C-4D8B-A265-FBEEBA585A5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A1EE4A09-9552-4D75-B301-F7DE27A6F45D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A49342C5-C84A-4310-A88C-9C457FADD0CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B85C07E4-DD81-427A-BAF3-789B17CBCEF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFED79BE-E46E-4DCB-8C05-CDA058A4CB55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C2ED17D4-F836-43AE-B6F9-8C0377FE6642}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CDD03498-7A8F-428B-B4D7-589A46DCD8DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CFDA44FA-510F-4ADF-BA43-ABF5FEFBDC18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E80B11D0-1013-4DA2-B91C-3AF81AFB1914}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F69A80A9-3329-4975-A1BF-0FCEB1EB05C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA513E17-7362-44AF-8BB9-FD06675EA418}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF148A5A-D34C-45CA-86C0-682D764DA95C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{8A7455F9-85C1-4A75-B6C2-EAE44775E499}E:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\program files\runes of magic\client.exe |
"TCP Query User{9B131DDB-C3B2-40A4-AEA6-204BD12B76AD}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe |
"TCP Query User{B7BB0A1C-8E91-4CC3-A67F-6B6CC34EA13A}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe |
"UDP Query User{5A10F57B-746F-4096-89BA-AAC9970FD063}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe |
"UDP Query User{C464BDB6-7DE6-485D-80DA-D35E25B518EC}E:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\program files\runes of magic\client.exe |
"UDP Query User{F2864DC7-95BF-4853-AEF0-6CED531A48FF}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{06092909-8851-C581-F990-7195076FDAEF}" = CCC Help Czech
"{0CA04779-346C-30FD-EB9B-8EEA2CE094B3}" = CCC Help Thai
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1B3B5C60-70B8-F022-5497-03FD2772586C}" = CCC Help Greek
"{1C160168-BF5B-72FE-BAFA-6DD5F737404C}" = CCC Help Chinese Standard
"{1ED3EBF6-A130-4B3B-B01A-C29B067798B3}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{278AD90C-D27D-AA89-58DF-AD13852D51CA}" = CCC Help Spanish
"{2CDBFF1A-6433-E94D-CA25-831FDB9775E9}" = CCC Help Italian
"{31DED885-1124-0E58-97FB-73E4EF692E8D}" = CCC Help Hungarian
"{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static
"{38D65ABC-A00B-6E13-2EF3-826CFC8CFC14}" = CCC Help French
"{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEBD42E-4DC7-A874-645B-28B63907E930}" = ATI AVIVO Codecs
"{3F8B39A4-B7CE-B036-941C-A8DB57676B04}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF9BBA-E137-7309-7BF9-567ADAB6B4E6}" = CCC Help Turkish
"{51AD839D-CE11-B9E3-227D-03BC89F227C8}" = CCC Help Danish
"{55043DDE-D718-C7F7-9B4C-2B3D818D8A1F}" = Catalyst Control Center InstallProxy
"{5774B4C1-8579-D5D9-8D38-A0CE32B6736C}" = CCC Help German
"{5D19BB0D-9B04-5B85-9295-4E11BCB1C2C3}" = CCC Help Polish
"{5D8A076D-F75E-A149-10D8-87338721AA3A}" = ATI Catalyst Install Manager
"{60341104-FC8E-EF26-12CB-93B17DF55976}" = CCC Help Japanese
"{62161867-51F1-9FB8-0E6E-FE49D89CBB71}" = CCC Help Dutch
"{6494E146-418F-85E1-142E-D2F122C75274}" = ccc-utility
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{6A7E9B60-4698-F505-CAD3-05F8AB22FB61}" = CCC Help Russian
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common
"{7CE47764-9A8F-380D-FB9E-FCFC37B9F727}" = CCC Help Korean
"{85D27E0C-6185-58BC-94B6-E5EED97962D8}" = AMD Drag and Drop Transcoding
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9ED77550-AF66-2B7E-97E1-34B3BFDEAC6D}" = CCC Help Swedish
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E6252F-8DC2-B508-D412-1C427CDB3448}" = CCC Help Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCB6F9DC-A0FF-621E-DE53-877E63864DD1}" = CCC Help Chinese Traditional
"{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Ceville" = Ceville 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foto Paradies" = Foto Paradies
"Jack Keane" = Jack Keane
"Jewels of Atlantis/DE-German_is1" = Jewels of Atlantis
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 02.07.2011 16:14:35 | Computer Name = Jennifer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2773
seconds with 1920 seconds of active time. This session ended with a crash.
< End of report >
Geändert von Sere (01.06.2013 um 19:00 Uhr) |
|
01.06.2013, 19:06
| #14 |
| /// the machine /// TB-Ausbilder | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Das von ESET angemeckerte backup würd ich löschen. java, Adobe und Firefox aktualisieren. Noch Probleme mit dem Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 19:56
| #15 | |
| | Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. Hallo Schrauber, erst mal vielen Dank dafür, dass du mir bei meinem Problem geholfen hast. Danke! Wie vorgeschlagen: Back-up Datei habe ich gelöscht. Adobe, Firefox und Java sind nun aktualisiert. Zitat:
Eine Frage hätte ich aber noch: Ist dir bekannt, welche Funktion die Trojaner haben? (z.B. Daten ausspähen) Nochmals vielen Dank für deine Hilfe. Grüße aus dem Ruhrpott nach München. Sere |
|
| Themen zu Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. |
| adobe, antivir, avg, avira, beseitigung, bho, branding, defender, error, explorer, fehler, firefox, flash player, format, home, install.exe, logfile, mozilla, opera, plug-in, richtlinie, rundll, safer networking, scan, security, senden, software, svchost.exe, udp, windows |
Linear-Darstellung
