| |
| |||||||
Log-Analyse und Auswertung: Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere WarnungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.05.2013, 07:56
| #1 |
 |  Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Liebe HelferInnen vom Trojaner-Board Auf meinem Laptop meldet Avira den Fund des Trojaners 'TR/Crypt.XPACK.Gen' sowie der Malware 'JAVA/Lamar.ltg.35'. Zudem hat Avira auch noch 5 weitere Warnungen ausgesprochen, bei denen ich jedoch nicht verstehe, ob etwas gefunden wurde bzw. was denn genau. Ich bin sehr verunsichert, was dies Funde denn nun für meinen Laptop bedeuten! In der Hoffnung, dass ihr mir helfen könnt, poste ich hier einmal den Report von AVIRA, sowie die Logs von OTL, Extra und Gmer. Report von AVIRA: Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 27. Mai 2013 18:13
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 1) [6.0.6001]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SILVAN-LAPTOP
Versionsinformationen:
BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 07.05.2013 13:01:29
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 26.03.2013 19:35:31
LUKE.DLL : 13.6.0.1262 65080 Bytes 07.05.2013 13:01:53
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 07.05.2013 13:01:29
AVREG.DLL : 13.6.0.1262 247864 Bytes 07.05.2013 13:01:28
avlode.dll : 13.6.2.1262 432184 Bytes 07.05.2013 13:01:27
avlode.rdf : 13.0.1.12 25921 Bytes 16.05.2013 19:50:15
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:16:47
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:18:13
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 13:18:13
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 13:18:13
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 13:18:13
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 13:18:13
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 13:18:13
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 13:18:13
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 13:18:13
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 13:18:13
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 13:18:13
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 13:18:13
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 13:18:13
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 13:18:13
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 10:59:36
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 11:48:39
VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 07:41:23
VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 19:41:24
VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 05:21:38
VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 19:16:35
VBASE020.VDF : 7.11.77.145 141312 Bytes 10.05.2013 19:16:35
VBASE021.VDF : 7.11.77.225 155648 Bytes 12.05.2013 19:16:36
VBASE022.VDF : 7.11.78.21 202752 Bytes 13.05.2013 14:43:59
VBASE023.VDF : 7.11.78.71 140800 Bytes 13.05.2013 07:12:58
VBASE024.VDF : 7.11.78.147 167936 Bytes 15.05.2013 06:26:18
VBASE025.VDF : 7.11.78.207 147456 Bytes 16.05.2013 19:50:09
VBASE026.VDF : 7.11.79.17 198656 Bytes 17.05.2013 20:51:47
VBASE027.VDF : 7.11.79.194 659968 Bytes 23.05.2013 13:40:36
VBASE028.VDF : 7.11.80.1 288256 Bytes 25.05.2013 11:48:30
VBASE029.VDF : 7.11.80.2 2048 Bytes 25.05.2013 11:48:30
VBASE030.VDF : 7.11.80.3 2048 Bytes 25.05.2013 11:48:30
VBASE031.VDF : 7.11.80.36 258560 Bytes 27.05.2013 15:39:47
Engineversion : 8.2.12.48
AEVDF.DLL : 8.1.2.10 102772 Bytes 14.07.2012 16:51:01
AESCRIPT.DLL : 8.1.4.118 487805 Bytes 23.05.2013 13:40:54
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 19:34:47
AESBX.DLL : 8.2.5.12 606578 Bytes 27.06.2012 08:53:31
AERDL.DLL : 8.2.0.88 643444 Bytes 13.01.2013 21:53:27
AEPACK.DLL : 8.3.2.12 754040 Bytes 12.05.2013 19:16:49
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 09.03.2013 11:28:27
AEHEUR.DLL : 8.1.4.378 5910905 Bytes 23.05.2013 13:40:51
AEHELP.DLL : 8.1.25.10 258425 Bytes 12.05.2013 19:16:39
AEGEN.DLL : 8.1.7.4 442741 Bytes 12.05.2013 19:16:38
AEEXP.DLL : 8.4.0.32 201078 Bytes 23.05.2013 13:40:59
AEEMU.DLL : 8.1.3.2 393587 Bytes 14.07.2012 16:50:54
AECORE.DLL : 8.1.31.2 201080 Bytes 23.02.2013 11:57:04
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:20:28
AVWINLL.DLL : 13.6.0.480 26480 Bytes 26.03.2013 19:34:38
AVPREF.DLL : 13.6.0.480 51056 Bytes 26.03.2013 19:35:29
AVREP.DLL : 13.6.0.480 178544 Bytes 26.03.2013 19:37:16
AVARKT.DLL : 13.6.0.1262 258104 Bytes 07.05.2013 13:01:20
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 07.05.2013 13:01:26
SQLITE3.DLL : 3.7.0.1 397704 Bytes 26.03.2013 19:36:36
AVSMTP.DLL : 13.6.0.480 62832 Bytes 26.03.2013 19:35:33
NETNT.DLL : 13.6.0.480 16240 Bytes 26.03.2013 19:36:19
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 26.03.2013 19:34:40
RCTEXT.DLL : 13.6.0.976 69344 Bytes 01.04.2013 21:00:33
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 27. Mai 2013 18:13
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'WINWORD.EXE' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'momclnt.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZuneLauncher.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '166' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'DashBoardS.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SecMIPService.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'aestsrv.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'bcmwltry.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRYSVC.EXE' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1586' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <SYSTEM>
C:\Users\Silvan\AppData\Local\Temp\0.30662022067813843.bfg
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[0] Archivtyp: Portable Executable Resource
--> id_99
[1] Archivtyp: CAB (Microsoft)
--> C:\Program Files\Zune\Drivers\Zune\WUDFUpdate_01009.dll
[2] Archivtyp: RSRC
--> C:\Users\Silvan\AppData\Local\Temp\jar_cache8797580636335720296.tmp
[3] Archivtyp: ZIP
--> QSkXTtJnF/aNGXf.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Klaslod.K
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QSkXTtJnF/dJmWRWzsr.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.KN
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QSkXTtJnF/iZpFtg.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.ltg.34
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QSkXTtJnF/pAiwuOuQF.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.JX
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QSkXTtJnF/WAbmOChS.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.ltg.35
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Silvan\AppData\Local\Temp\jar_cache8797580636335720296.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.ltg.35
Beginne mit der Suche in 'D:\' <DATA>
Beginne mit der Desinfektion:
C:\Users\Silvan\AppData\Local\Temp\jar_cache8797580636335720296.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.ltg.35
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55a03f6e.qua' verschoben!
C:\Users\Silvan\AppData\Local\Temp\0.30662022067813843.bfg
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ef41016.qua' verschoben!
Ende des Suchlaufs: Montag, 27. Mai 2013 20:00
Benötigte Zeit: 1:38:32 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
23193 Verzeichnisse wurden überprüft
575715 Dateien wurden geprüft
7 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
575708 Dateien ohne Befall
10773 Archive wurden durchsucht
5 Warnungen
2 Hinweise
495373 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
OTL.txt: Code:
ATTFilter OTL logfile created on: 27.05.2013 22:14:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Benutzer\Silvan\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.50 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 47.90% Memory free 7.22 Gb Paging File | 5.41 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40.04 Gb Total Space | 1.01 Gb Free Space | 2.52% Space Free | Partition Type: NTFS Drive D: | 257.91 Gb Total Space | 191.67 Gb Free Space | 74.32% Space Free | Partition Type: NTFS Computer Name: SILVAN-LAPTOP | User Name: Silvan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.27 22:10:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Benutzer\Silvan\Desktop\OTL.exe PRC - [2013.05.27 22:09:12 | 000,050,477 | ---- | M] () -- D:\Benutzer\Silvan\Desktop\Defogger.exe PRC - [2013.05.15 08:58:53 | 000,879,456 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe PRC - [2013.05.07 15:01:27 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.01 23:01:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.01 23:00:47 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.04.01 23:00:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.16 00:31:18 | 001,430,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe PRC - [2009.12.10 19:40:08 | 000,128,296 | R--- | M] (Swisscom) -- C:\Programme\Swisscom\Unlimited Data Manager\DashBoardS.exe PRC - [2009.11.16 12:41:02 | 001,414,440 | ---- | M] (Swisscom) -- C:\Programme\Swisscom\Sesam\BIN\SecMIPService.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.01 14:41:26 | 000,668,960 | ---- | M] () -- C:\Programme\uniFLOW_Client\momclnt.exe PRC - [2008.02.28 02:01:20 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\stacsv.exe PRC - [2008.02.28 01:58:34 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.02.13 10:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe PRC - [2008.02.08 16:18:16 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007.10.11 23:49:14 | 000,163,840 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2007.06.06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2007.05.22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe ========== Modules (No Company Name) ========== MOD - [2013.05.27 22:09:12 | 000,050,477 | ---- | M] () -- D:\Benutzer\Silvan\Desktop\Defogger.exe MOD - [2013.05.15 08:59:05 | 000,312,832 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2013.05.15 08:59:05 | 000,158,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2013.05.15 08:59:05 | 000,101,888 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2013.05.15 08:59:05 | 000,096,256 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2013.05.15 08:59:05 | 000,073,728 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2013.05.15 08:59:05 | 000,067,072 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2013.05.15 08:59:05 | 000,062,976 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2013.05.15 08:59:05 | 000,057,344 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2013.05.15 08:59:05 | 000,038,912 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2013.05.15 08:59:04 | 000,835,584 | ---- | M] () -- C:\Programme\Opera\gstreamer\gstreamer.dll MOD - [2013.05.15 08:59:04 | 000,094,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2013.05.15 08:59:04 | 000,093,696 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2013.03.10 13:58:54 | 000,014,336 | ---- | M] () -- C:\Users\Silvan\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU MOD - [2013.03.10 13:58:19 | 009,390,592 | ---- | M] () -- C:\Users\Silvan\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu MOD - [2012.12.18 16:28:12 | 000,305,880 | ---- | M] () -- C:\Programme\Adobe\Reader 10.0\Reader\sqlite.dll MOD - [2012.10.18 16:52:53 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2011.12.24 10:44:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.12.24 10:43:53 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.12.24 10:37:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.12.24 10:37:17 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.12.24 10:37:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.12.24 10:36:02 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.12.24 10:35:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2011.12.21 00:14:49 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2977.39064__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.12.21 00:14:49 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2977.39118__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.12.21 00:14:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2977.39097__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.12.21 00:14:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2977.39084__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.12.21 00:14:48 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2977.39104__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.12.21 00:14:48 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2977.39334__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.12.21 00:14:48 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2977.39340__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:48 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2977.39300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.12.21 00:14:48 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2977.39076__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:48 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2977.39263__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.12.21 00:14:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2977.39217__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.12.21 00:14:47 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2977.39271__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:47 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2977.39332__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:47 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2977.39277__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.12.21 00:14:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2977.39270__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.12.21 00:14:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2977.39331__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2011.12.21 00:14:46 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2977.39227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:46 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2977.39292__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.12.21 00:14:46 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2977.39226__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2977.39131__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2977.39219__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2977.39211__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2977.39085__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2977.39256__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2977.39138__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2011.12.21 00:14:45 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2977.39124__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2977.39244__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2977.39218__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2977.39137__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2977.39226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2977.39243__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2977.39255__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.12.21 00:14:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.12.21 00:14:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.12.21 00:14:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.12.21 00:14:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.12.21 00:14:44 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.12.21 00:14:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.12.21 00:14:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.12.21 00:14:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.12.21 00:14:43 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011.12.21 00:14:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.12.21 00:14:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.12.21 00:14:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.12.21 00:14:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.12.21 00:14:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.12.21 00:14:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2011.12.21 00:14:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.12.21 00:14:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.12.21 00:14:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011.12.21 00:14:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2977.39353__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.12.21 00:14:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2011.12.21 00:14:39 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2977.39056__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.12.21 00:14:38 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2977.39071__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.12.21 00:14:38 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2977.39091__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.12.21 00:14:38 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2977.39324__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.12.21 00:14:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2977.39056__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.12.21 00:14:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2977.39057__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011.12.21 00:14:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2977.39322__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.12.21 00:14:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.12.21 00:14:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.12.21 00:14:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.12.21 00:14:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.12.21 00:14:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2977.39323__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.12.21 00:14:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.12.21 00:14:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.12.21 00:14:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.12.21 00:14:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2011.12.21 00:14:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2977.39055__90ba9c70f846762e\APM.Server.dll MOD - [2011.12.21 00:14:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2977.39055__90ba9c70f846762e\AEM.Server.dll MOD - [2011.12.21 00:14:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.09.01 14:41:26 | 000,668,960 | ---- | M] () -- C:\Programme\uniFLOW_Client\momclnt.exe MOD - [2008.07.27 20:03:09 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.03.12 18:34:50 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll MOD - [2008.02.25 23:10:12 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.02.08 15:44:32 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Services (SafeList) ========== SRV - [2013.05.24 13:19:28 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.01 23:01:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.01 23:00:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2009.12.10 19:40:08 | 000,128,296 | R--- | M] (Swisscom) [Auto | Running] -- C:\Programme\Swisscom\Unlimited Data Manager\DashBoardS.exe -- (UDM Service) SRV - [2009.11.16 12:41:02 | 001,414,440 | ---- | M] (Swisscom) [Auto | Running] -- C:\Programme\Swisscom\Sesam\BIN\SecMIPService.exe -- (SesamService) SRV - [2008.02.28 02:01:20 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\stacsv.exe -- (STacSV) SRV - [2008.02.13 10:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe -- (AESTFilters) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB) DRV - [2013.04.01 23:01:07 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.01 23:01:07 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.01 23:01:07 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.26 21:37:15 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.10 18:06:28 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.12.10 18:06:28 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.12.10 18:06:28 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.20 16:32:06 | 000,286,760 | ---- | M] (Swisscom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wtsmpflt.sys -- (WtSmpFlt) DRV - [2009.07.20 16:32:06 | 000,039,720 | ---- | M] (Swisscom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wtsmpadap.sys -- (wtsmpadap) DRV - [2008.03.12 18:34:48 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008.02.28 02:06:32 | 000,374,784 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.02.26 01:53:22 | 003,520,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.02.16 02:00:00 | 000,277,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2008.02.15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.01.31 16:37:04 | 000,149,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2008.01.29 21:08:46 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2008.01.21 04:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2007.12.12 19:01:30 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110824&tt=4812_7&babsrc=HP_ss&mntrId=14c8aad100000000000000ade1ac1c1a IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4812_7&babsrc=SP_ss&mntrId=14c8aad100000000000000ade1ac1c1a IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "www.google.ch" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2012.06.30 15:22:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.30 14:31:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 13:19:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.02 21:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvan\AppData\Roaming\mozilla\Extensions [2012.12.24 10:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvan\AppData\Roaming\mozilla\Firefox\Profiles\m70kb871.default\extensions [2012.01.02 21:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.24 13:19:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.05.24 13:19:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.30 16:33:11 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013.05.24 13:19:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.05.24 13:19:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.05.24 13:19:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.24 13:19:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.05.24 13:19:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dashboard] File not found O4 - HKLM..\Run: [MOMCLIENT] C:\Programme\uniFLOW_Client\momclnt.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93D1DB22-F6A3-43C1-98F9-C218A236305B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Silvan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Silvan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7c212527-2b59-11e1-83ae-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{7c212527-2b59-11e1-83ae-0021707eda31}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{90ebfeeb-9a6c-11e1-9570-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{90ebfeeb-9a6c-11e1-9570-0021707eda31}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{90ebff28-9a6c-11e1-9570-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{90ebff28-9a6c-11e1-9570-0021707eda31}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{b540bdd8-c2b7-11e1-9fd4-001e101f2c0e}\Shell - "" = AutoRun O33 - MountPoints2\{b540bdd8-c2b7-11e1-9fd4-001e101f2c0e}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{ca4342fc-c282-11e1-b288-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{ca4342fc-c282-11e1-b288-0021707eda31}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{d231ed89-55bc-11e2-84fc-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{d231ed89-55bc-11e2-84fc-0021707eda31}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.27 22:10:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Benutzer\Silvan\Desktop\OTL.exe [2013.05.24 13:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.24 13:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.05.15 17:12:04 | 000,000,000 | ---D | C] -- D:\Benutzer\Silvan\Desktop\Terzi-Schmid%20Ursula [2013.05.13 15:54:10 | 000,000,000 | ---D | C] -- C:\Users\Silvan\AppData\Local\Macromedia [2 D:\Benutzer\Silvan\Desktop\*.tmp files -> D:\Benutzer\Silvan\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.27 22:10:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Benutzer\Silvan\Desktop\OTL.exe [2013.05.27 22:09:46 | 000,000,000 | ---- | M] () -- C:\Users\Silvan\defogger_reenable [2013.05.27 22:09:12 | 000,050,477 | ---- | M] () -- D:\Benutzer\Silvan\Desktop\Defogger.exe [2013.05.27 21:56:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.27 21:34:11 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 21:34:11 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 20:56:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.27 11:40:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.27 11:40:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.27 11:40:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.27 11:40:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.27 11:34:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.27 11:34:01 | 3755,974,656 | -HS- | M] () -- C:\hiberfil.sys [2013.05.14 15:14:34 | 000,016,384 | ---- | M] () -- D:\Benutzer\Silvan\Documents\Resultate_6.v12 [2013.05.09 10:29:52 | 000,061,440 | ---- | M] () -- C:\Users\Silvan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 D:\Benutzer\Silvan\Desktop\*.tmp files -> D:\Benutzer\Silvan\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.27 22:09:46 | 000,000,000 | ---- | C] () -- C:\Users\Silvan\defogger_reenable [2013.05.27 22:09:12 | 000,050,477 | ---- | C] () -- D:\Benutzer\Silvan\Desktop\Defogger.exe [2012.12.12 12:50:12 | 000,000,393 | ---- | C] () -- C:\Users\Silvan\AppData\Local\HamsterVideoConverterSettings.cfg [2012.09.18 20:32:32 | 000,002,651 | ---- | C] () -- C:\Users\Silvan\AppData\Local\recently-used.xbel [2012.01.27 12:18:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.08 14:09:20 | 000,095,406 | ---- | C] () -- C:\Users\Silvan\Antrag Strafregisterauszug.pdf [2012.01.02 18:40:16 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2012.01.02 18:33:11 | 000,000,861 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2012.01.02 18:05:05 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.12.24 12:59:11 | 000,061,440 | ---- | C] () -- C:\Users\Silvan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.22 10:41:03 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.12.22 10:41:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.12.21 08:43:59 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.12.21 08:43:59 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.12.21 08:43:59 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.12.21 08:43:59 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.12.21 00:25:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.21 00:11:48 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2011.12.21 00:11:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2011.12.21 00:11:46 | 000,166,450 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.12.21 00:07:34 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2011.12.21 00:07:33 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2011.12.20 23:56:10 | 000,001,356 | ---- | C] () -- C:\Users\Silvan\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.30 16:33:01 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Babylon [2012.09.18 09:12:31 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Ciamti [2013.01.30 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\DVDVideoSoft [2013.01.30 14:32:42 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.18 08:56:06 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Epos [2013.03.21 23:09:38 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Mp3tag [2011.12.21 00:42:49 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Opera [2012.01.27 12:18:09 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\pdfforge [2012.11.30 16:33:27 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\VideoConverterPackages ========== Purity Check ========== < End of report > EXTRAS.txt: Code:
ATTFilter OTL Extras logfile created on: 27.05.2013 22:21:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Benutzer\Silvan\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.50 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 47.90% Memory free
7.22 Gb Paging File | 5.41 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.04 Gb Total Space | 1.01 Gb Free Space | 2.52% Space Free | Partition Type: NTFS
Drive D: | 257.91 Gb Total Space | 191.67 Gb Free Space | 74.32% Space Free | Partition Type: NTFS
Computer Name: SILVAN-LAPTOP | User Name: Silvan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE\posterjack CEWE Fotobuch und Kalender\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [posterjack CEWE Fotobuch und Kalender] -- "C:\Program Files\CEWE\posterjack CEWE Fotobuch und Kalender\posterjack CEWE Fotobuch und Kalender.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42C7F14F-4549-491E-98E8-A7CA6DD706B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5491A70B-824F-49A8-AEFB-FFD54216ECB0}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AA58A3E-1B19-4CD2-BD5C-A43BFE0BC2F3}" = lport=138 | protocol=17 | dir=in | app=system |
"{7BE1E0F5-E3CE-4E06-9BCB-99C36F1CEE50}" = rport=445 | protocol=6 | dir=out | app=system |
"{86CB44E4-2291-41F6-9A26-547FB87DB6E3}" = rport=138 | protocol=17 | dir=out | app=system |
"{A460B3C4-B6AE-4F1F-A407-CF8818BD0899}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7A0769B-F33E-46F7-91A1-47438535476D}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8403272-4731-4FEC-A6AE-5FD0EF137E69}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB9BC383-5C75-4851-A213-0ACFF0E47D98}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA14573B-CC8D-4277-B487-940D818C4BF2}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09238BAA-86C7-4627-B7FA-2CD1543C5CBC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{20D69B94-65B9-4689-8C59-858A0230CADE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2513CB07-BE88-4585-9215-3C57D557C7BB}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{2E4ECBF2-7E08-41D9-9115-DAB84CD89D78}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{393D49B0-77B7-44CE-917F-A890DBA8A8EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D503407-E085-4729-B6D2-4BA33BD9E14D}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{54DA02EA-3B75-4BF4-AC15-E09A7505C03A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67EA6843-84E9-4960-A7BD-64573CB9862C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{7AE86CC4-3014-472E-BE9F-A4E8EC734CF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E6FB224-4474-4B34-A2C3-1AE5C947689C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4BE9BB9-042A-4DF7-B7E8-6979D34AC77D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{A98C5575-2AA4-46AB-87EE-4180E87CD896}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{ABEB807C-0182-47F8-99BD-1FF8B6D8CE1D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{E106E9BA-6D0C-450F-9F84-E90952E6310D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E853A449-88D8-480F-8DC8-96D23EE9FED8}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{FC4FF036-7D1A-48CD-9E9D-FB580544463D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{08A043E8-9D38-4392-9086-8B8D5D8BB3CF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6FD16C74-6CC2-43E6-BE18-F265016FF3C5}C:\program files\pinnacle\videospin\programs\videospin.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"TCP Query User{7FD7A8C1-A8F1-4EBE-961E-B5F1C2839162}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9380E611-C924-45E6-9101-A4AAA6A36E14}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{F04DC46E-AE5B-4C5E-8470-CC8BC1868E20}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3F7002AE-7648-4CBF-853E-E24F8D3F7A67}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{640A32D7-7DB1-423E-B49A-B62509A27F6F}C:\program files\pinnacle\videospin\programs\videospin.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"UDP Query User{714FE910-2DDE-463B-99CA-80A622B0EEA8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{7D121028-573D-458B-8DD6-F0F010CAA079}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{F309D81F-DC46-4C92-864C-A0CF89A279AE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4400
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{07EF2D4D-6EF5-4066-7A2A-1321FBE3A14D}" = Catalyst Control Center Graphics Previews Common
"{0E75B023-0320-75F2-0B8E-23B27B799367}" = Catalyst Control Center Graphics Full New
"{1EA02FAC-4A8C-C0F8-C55C-46AF4CF6EB19}" = ccc-utility
"{241A1B40-03B3-A765-5664-F5CA987875B0}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FCB5BAD-937E-FAD6-147B-6BBC44491A50}" = Skins
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4E62807B-3EB4-4817-96DE-82DA97F9C547}" = uniFLOW Client
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{58213F22-17C7-3594-D02A-09F798513D71}" = Catalyst Control Center Core Implementation
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{832F40BE-F620-3974-B9F0-CEC4501248BE}" = Catalyst Control Center Graphics Full Existing
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{886BE51A-3420-49AB-A6D0-E868D11E519B}" = On s'entraîne 6
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A155B015-7FBB-41C1-8277-D88623310F2A}" = Unlimited Data Manager 9.1.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DAD54070-AD45-8451-7509-09344D95D976}" = ccc-core-static
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6046DDA-2E4C-1443-DBF2-4DE211C413C8}" = Catalyst Control Center Localization German
"{E859F800-75F2-F1B1-8E9D-12B3A514240B}" = Catalyst Control Center Graphics Previews Vista
"{EBEF6999-FFD3-1E0A-F989-BF3E35694C91}" = Catalyst Control Center Graphics Light
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7F4C2EC-DFDC-59F0-CC21-3937B1B2A0B3}" = ATI Catalyst Install Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"Creative OA001" = Integrated Webcam Driver (1.00.08.0216)
"Free Studio_is1" = Free Studio version 2013
"GIMP-2_is1" = GIMP 2.8.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ifolor-Designer" = ifolor Designer
"LehrerOffice Easy_is1" = LehrerOffice Easy
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"Opera 12.15.1748" = Opera 12.15
"posterjack CEWE Fotobuch und Kalender" = posterjack CEWE Fotobuch und Kalender
"SopCast" = SopCast 3.5.0
"VideoPad" = VideoPad Videobearbeitungs-Software
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Zune" = Zune
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.05.2013 17:56:26 | Computer Name = Silvan-Laptop | Source = EventSystem | ID = 4622
Description =
Error - 24.05.2013 17:56:26 | Computer Name = Silvan-Laptop | Source = EventSystem | ID = 4621
Description =
Error - 25.05.2013 01:43:06 | Computer Name = Silvan-Laptop | Source = LPR Print Monitor | ID = 2007
Description =
Error - 25.05.2013 01:43:06 | Computer Name = Silvan-Laptop | Source = LPR Print Monitor | ID = 2007
Description =
Error - 25.05.2013 01:44:35 | Computer Name = Silvan-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 27.05.2013 05:34:16 | Computer Name = Silvan-Laptop | Source = LPR Print Monitor | ID = 2007
Description =
Error - 27.05.2013 05:34:16 | Computer Name = Silvan-Laptop | Source = LPR Print Monitor | ID = 2007
Description =
Error - 27.05.2013 05:35:43 | Computer Name = Silvan-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 27.05.2013 05:40:02 | Computer Name = Silvan-Laptop | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 11.0.6001.7010 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1164 Anfangszeit: 01ce5abdef50b61d Zeitpunkt
der Beendigung: 60000
Error - 27.05.2013 05:46:37 | Computer Name = Silvan-Laptop | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 11a4 Anfangszeit: 01ce5abdf22be1cd Zeitpunkt der Beendigung:
74
[ OSession Events ]
Error - 18.02.2013 18:26:15 | Computer Name = Silvan-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25439
seconds with 2820 seconds of active time. This session ended with a crash.
Error - 07.03.2013 05:15:04 | Computer Name = Silvan-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1352
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 21.05.2013 15:13:40 | Computer Name = Silvan-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19260
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.05.2013 13:39:21 | Computer Name = Silvan-Laptop | Source = DCOM | ID = 10010
Description =
Error - 26.05.2013 13:56:13 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.20 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2013 05:34:07 | Computer Name = Silvan-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.05.2013 um 20:04:39 unerwartet heruntergefahren.
Error - 27.05.2013 05:34:13 | Computer Name = Silvan-Laptop | Source = HTTP | ID = 15016
Description =
Error - 27.05.2013 05:34:29 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.20 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2013 05:34:56 | Computer Name = Silvan-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 27.05.2013 05:35:44 | Computer Name = Silvan-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 27.05.2013 05:36:20 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 169.254.145.224 registriert werden. Der Computer mit IP-Adresse 169.254.1.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2013 05:36:42 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 169.254.145.224 registriert werden. Der Computer mit IP-Adresse 169.254.1.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2013 05:54:52 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.20 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
< End of report >
Gmer.txt: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-28 07:58:39
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Silvan\AppData\Local\Temp\fglirkob.sys
---- System - GMER 2.1 ----
SSDT 8D80FFBE ZwCreateSection
SSDT 8D80FFC8 ZwRequestWaitReplyPort
SSDT 8D80FFC3 ZwSetContextThread
SSDT 8D80FFCD ZwSetSecurityObject
SSDT 8D80FFD2 ZwSystemDebugControl
SSDT 8D80FF5F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetTimerEx + 448 82303A6C 4 Bytes [BE, FF, 80, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 76C 82303D90 4 Bytes [C8, FF, 80, 8D] {ENTER 0x80ff, 0x8d}
.text ntkrnlpa.exe!KeSetTimerEx + 7A0 82303DC4 4 Bytes [C3, FF, 80, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 804 82303E28 4 Bytes [CD, FF, 80, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 84C 82303E70 4 Bytes [D2, FF, 80, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A06000, 0x1F5F94, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 848F2BD8
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
---- EOF - GMER 2.1 ----
Beste Grüsse, Silvan P.S: Habe da noch eine Frage: Lohnt sich eine Bereinigung überhaupt, oder muss ich eher eine Neuaufsetzung des Systems in Betracht ziehen? |
|
28.05.2013, 08:14
| #2 |
| /// the machine /// TB-Ausbilder    | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen hi,
__________________immer locker, wir schauen mal  Scan mit Combofix
__________________ |
|
28.05.2013, 08:37
| #3 |
| | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Hallo schrauber
__________________Danke für die schnelle Antwort! Habe Combofix eben gestartet (schreibe diesen Eintrag von einem anderen Computer). Mir ist erst jetzt gerade in den Sinn gekommen, ob ich meine persönlichen Daten hätte abspeichern sollen auf einem externen Datenträger? Könnte da jetzt etwas verloren gehen? Gruss, Silvan P.S. Logfile von Combofix folgt sobald der Scan durch ist! Hier nun also das Logfile von Combofix: Code:
ATTFilter ComboFix 13-05-28.01 - Silvan 28.05.2013 9:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.41.1031.18.3581.1809 [GMT 2:00]
ausgeführt von:: d:\benutzer\Silvan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-1015886030-3323842824-1470768695-1000\$a935c93e49e252c27a6eb9b66c51c604\@
c:\$recycle.bin\S-1-5-21-1015886030-3323842824-1470768695-1000\$a935c93e49e252c27a6eb9b66c51c604\n
c:\$recycle.bin\S-1-5-21-1015886030-3323842824-1470768695-1000\$a935c93e49e252c27a6eb9b66c51c604\U\00000001.@
c:\$recycle.bin\S-1-5-21-1015886030-3323842824-1470768695-1000\$a935c93e49e252c27a6eb9b66c51c604\U\80000000.@
c:\$recycle.bin\S-1-5-21-1015886030-3323842824-1470768695-1000\$a935c93e49e252c27a6eb9b66c51c604\U\800000cb.@
c:\programdata\Local
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\10.bb
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\8.bb
c:\programdata\Local\Temp\WtUtilBlackBoard_EngineBBDashBoardV1_\9.bb
c:\users\Silvan\AppData\Local\assembly\tmp
c:\users\Silvan\AppData\Roaming\Epos
c:\users\Silvan\AppData\Roaming\Epos\goso.uzu
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-28 bis 2013-05-28 ))))))))))))))))))))))))))))))
.
.
2013-05-28 07:40 . 2013-05-28 07:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-24 11:19 . 2013-05-24 11:19 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-05-24 11:19 . 2013-05-24 11:19 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2013-05-24 11:19 . 2013-05-24 11:19 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2013-05-24 11:19 . 2013-05-24 11:19 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-05-24 11:19 . 2013-05-24 11:19 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-05-13 13:54 . 2013-05-13 13:54 -------- d-----w- c:\users\Silvan\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 21:01 . 2013-03-26 20:26 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-01 21:01 . 2013-03-26 20:26 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-01 21:01 . 2013-03-26 20:26 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-19 04:50 . 2013-03-26 09:40 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{939926A2-263D-4038-A063-296D28853860}\mpengine.dll
2013-05-24 11:19 . 2012-01-02 19:14 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:54 281760 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-11 163840]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-02-27 442433]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"MOMCLIENT"="c:\program files\uniFLOW_Client\momclnt.exe" [2008-09-01 668960]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FGLIRKOB
*Deregistered* - fglirkob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-09 18:35]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-09 18:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=110824&tt=4812_7&babsrc=HP_ss&mntrId=14c8aad100000000000000ade1ac1c1a
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Silvan\AppData\Roaming\Mozilla\Firefox\Profiles\m70kb871.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=14c8aad100000000000000ade1ac1c1a&q=
FF - user.js: extensions.BabylonToolbar.id - 14c8aad100000000000000ade1ac1c1a
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15674
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.815:33
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Dashboard - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-28 09:40
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-05-28 09:42:39
ComboFix-quarantined-files.txt 2013-05-28 07:42
.
Vor Suchlauf: 1'259'159'552 Bytes frei
Nach Suchlauf: 4'312'309'760 Bytes frei
.
- - End Of File - - E03F5C6214B1299B1CDBC1FBA0E9188A
Gruss, Silvan |
|
28.05.2013, 08:55
| #4 |
| /// the machine /// TB-Ausbilder | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Nee, nur starten wenn es nach dem Scan Probleme gab Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.05.2013, 09:03
| #5 |
| | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Entschuldige bitte, ich habe noch eine Frage: Ich arbeite zuhause in einem Heimnetzwerk mit mehreren PCs daran. Jedesmal wenn ich mit meinem Laptop nun für den Download deiner vorgeschlagenen Tools eine Internetverbindung herstellen muss, verbindet sich der Laptop ja mit dem Netzwerk. --> Stellt mein Laptop für die anderen Computer im Netzwerk eine Gefahr dar? Gruss, Silvan Hier nun also der Inhalt des Logfiles von TDSSKiller: Code:
ATTFilter 10:12:01.0081 19492 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:12:01.0129 19492 ============================================================
10:12:01.0129 19492 Current date / time: 2013/05/28 10:12:01.0129
10:12:01.0129 19492 SystemInfo:
10:12:01.0129 19492
10:12:01.0129 19492 OS Version: 6.0.6001 ServicePack: 1.0
10:12:01.0129 19492 Product type: Workstation
10:12:01.0130 19492 ComputerName: SILVAN-LAPTOP
10:12:01.0130 19492 UserName: Silvan
10:12:01.0130 19492 Windows directory: C:\Windows
10:12:01.0130 19492 System windows directory: C:\Windows
10:12:01.0130 19492 Processor architecture: Intel x86
10:12:01.0130 19492 Number of processors: 2
10:12:01.0130 19492 Page size: 0x1000
10:12:01.0130 19492 Boot type: Normal boot
10:12:01.0130 19492 ============================================================
10:12:02.0486 19492 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:12:02.0700 19492 ============================================================
10:12:02.0700 19492 \Device\Harddisk0\DR0:
10:12:02.0701 19492 MBR partitions:
10:12:02.0701 19492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x5014000
10:12:02.0701 19492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x505B000, BlocksNum 0x203D3000
10:12:02.0701 19492 ============================================================
10:12:02.0728 19492 C: <-> \Device\Harddisk0\DR0\Partition1
10:12:02.0786 19492 D: <-> \Device\Harddisk0\DR0\Partition2
10:12:02.0787 19492 ============================================================
10:12:02.0787 19492 Initialize success
10:12:02.0787 19492 ============================================================
10:12:23.0483 6964 ============================================================
10:12:23.0483 6964 Scan started
10:12:23.0483 6964 Mode: Manual; SigCheck; TDLFS;
10:12:23.0483 6964 ============================================================
10:12:24.0197 6964 ================ Scan system memory ========================
10:12:24.0197 6964 System memory - ok
10:12:24.0197 6964 ================ Scan services =============================
10:12:24.0379 6964 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
10:12:24.0562 6964 ACPI - ok
10:12:24.0726 6964 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:12:24.0754 6964 AdobeARMservice - ok
10:12:24.0798 6964 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:12:24.0860 6964 adp94xx - ok
10:12:24.0896 6964 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:12:24.0928 6964 adpahci - ok
10:12:24.0954 6964 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:12:24.0979 6964 adpu160m - ok
10:12:24.0997 6964 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:12:25.0023 6964 adpu320 - ok
10:12:25.0057 6964 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:12:25.0145 6964 AeLookupSvc - ok
10:12:25.0272 6964 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
10:12:25.0313 6964 AESTFilters - ok
10:12:25.0363 6964 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
10:12:25.0420 6964 AFD - ok
10:12:25.0462 6964 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:12:25.0503 6964 agp440 - ok
10:12:25.0527 6964 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:12:25.0551 6964 aic78xx - ok
10:12:25.0572 6964 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:12:25.0620 6964 ALG - ok
10:12:25.0637 6964 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
10:12:25.0658 6964 aliide - ok
10:12:25.0687 6964 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:12:25.0724 6964 amdagp - ok
10:12:25.0752 6964 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
10:12:25.0773 6964 amdide - ok
10:12:25.0800 6964 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:12:25.0865 6964 AmdK7 - ok
10:12:25.0889 6964 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:12:25.0955 6964 AmdK8 - ok
10:12:26.0034 6964 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:12:26.0078 6964 AntiVirSchedulerService - ok
10:12:26.0119 6964 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:12:26.0146 6964 AntiVirService - ok
10:12:26.0180 6964 [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
10:12:26.0305 6964 ApfiltrService - ok
10:12:26.0355 6964 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:12:26.0392 6964 Appinfo - ok
10:12:26.0448 6964 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
10:12:26.0473 6964 arc - ok
10:12:26.0495 6964 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:12:26.0520 6964 arcsas - ok
10:12:26.0538 6964 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:12:26.0583 6964 AsyncMac - ok
10:12:26.0599 6964 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
10:12:26.0613 6964 atapi - ok
10:12:26.0670 6964 [ F81CAC1FFAC56A997E0EA750BDB30B03 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
10:12:26.0835 6964 Ati External Event Utility - ok
10:12:26.0969 6964 [ 38973519D2A61E33E49A09C6B05621CD ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:12:27.0346 6964 atikmdag - ok
10:12:27.0401 6964 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:12:27.0460 6964 AudioEndpointBuilder - ok
10:12:27.0472 6964 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:12:27.0517 6964 Audiosrv - ok
10:12:27.0540 6964 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:12:27.0624 6964 avgntflt - ok
10:12:27.0662 6964 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:12:27.0741 6964 avipbb - ok
10:12:27.0762 6964 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:12:27.0840 6964 avkmgr - ok
10:12:27.0887 6964 [ BCB27987AAF7962C72B0F337A201CC28 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
10:12:27.0935 6964 BCM42RLY - ok
10:12:27.0992 6964 [ B2134F695EFD5EB392E906AC2413452E ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
10:12:28.0210 6964 BCM43XX - ok
10:12:28.0264 6964 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:12:28.0308 6964 Beep - ok
10:12:28.0350 6964 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
10:12:28.0439 6964 BFE - ok
10:12:28.0507 6964 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
10:12:28.0670 6964 BITS - ok
10:12:28.0710 6964 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:12:28.0755 6964 blbdrive - ok
10:12:28.0781 6964 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:12:28.0829 6964 bowser - ok
10:12:28.0861 6964 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:12:28.0896 6964 BrFiltLo - ok
10:12:28.0912 6964 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:12:28.0947 6964 BrFiltUp - ok
10:12:28.0986 6964 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:12:29.0048 6964 Browser - ok
10:12:29.0077 6964 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:12:29.0155 6964 Brserid - ok
10:12:29.0169 6964 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:12:29.0255 6964 BrSerWdm - ok
10:12:29.0276 6964 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:12:29.0351 6964 BrUsbMdm - ok
10:12:29.0372 6964 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:12:29.0446 6964 BrUsbSer - ok
10:12:29.0477 6964 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:12:29.0570 6964 BTHMODEM - ok
10:12:29.0644 6964 [ 34B3A9EA46AE6AA2985B78A10E41B0D3 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
10:12:29.0747 6964 btwdins - ok
10:12:29.0817 6964 catchme - ok
10:12:29.0859 6964 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:12:29.0926 6964 cdfs - ok
10:12:29.0954 6964 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:12:30.0014 6964 cdrom - ok
10:12:30.0054 6964 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
10:12:30.0103 6964 CertPropSvc - ok
10:12:30.0127 6964 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
10:12:30.0185 6964 circlass - ok
10:12:30.0207 6964 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
10:12:30.0247 6964 CLFS - ok
10:12:30.0341 6964 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:12:30.0377 6964 clr_optimization_v2.0.50727_32 - ok
10:12:30.0435 6964 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:12:30.0463 6964 clr_optimization_v4.0.30319_32 - ok
10:12:30.0506 6964 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:12:30.0550 6964 CmBatt - ok
10:12:30.0561 6964 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:12:30.0582 6964 cmdide - ok
10:12:30.0594 6964 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:12:30.0625 6964 Compbatt - ok
10:12:30.0632 6964 COMSysApp - ok
10:12:30.0641 6964 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:12:30.0673 6964 crcdisk - ok
10:12:30.0702 6964 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:12:30.0761 6964 Crusoe - ok
10:12:30.0793 6964 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:12:30.0834 6964 CryptSvc - ok
10:12:30.0890 6964 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:12:30.0945 6964 DcomLaunch - ok
10:12:30.0984 6964 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:12:31.0040 6964 DfsC - ok
10:12:31.0134 6964 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
10:12:31.0247 6964 DFSR - ok
10:12:31.0263 6964 DFUBTUSB - ok
10:12:31.0340 6964 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:12:31.0395 6964 Dhcp - ok
10:12:31.0430 6964 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
10:12:31.0469 6964 disk - ok
10:12:31.0502 6964 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:12:31.0532 6964 Dnscache - ok
10:12:31.0557 6964 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
10:12:31.0622 6964 dot3svc - ok
10:12:31.0664 6964 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:12:31.0733 6964 DPS - ok
10:12:31.0773 6964 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:12:31.0809 6964 drmkaud - ok
10:12:31.0860 6964 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:12:31.0949 6964 DXGKrnl - ok
10:12:32.0010 6964 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:12:32.0073 6964 E1G60 - ok
10:12:32.0105 6964 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:12:32.0152 6964 EapHost - ok
10:12:32.0188 6964 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:12:32.0237 6964 Ecache - ok
10:12:32.0315 6964 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:12:32.0366 6964 ehRecvr - ok
10:12:32.0400 6964 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:12:32.0462 6964 ehSched - ok
10:12:32.0482 6964 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:12:32.0527 6964 ehstart - ok
10:12:32.0572 6964 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:12:32.0606 6964 elxstor - ok
10:12:32.0657 6964 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:12:32.0724 6964 EMDMgmt - ok
10:12:32.0766 6964 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:12:32.0809 6964 ErrDev - ok
10:12:32.0848 6964 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
10:12:32.0870 6964 EventSystem - ok
10:12:32.0905 6964 [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
10:12:32.0932 6964 ewusbnet - ok
10:12:32.0955 6964 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
10:12:33.0008 6964 exfat - ok
10:12:33.0030 6964 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:12:33.0079 6964 fastfat - ok
10:12:33.0112 6964 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:12:33.0155 6964 fdc - ok
10:12:33.0182 6964 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:12:33.0240 6964 fdPHost - ok
10:12:33.0261 6964 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:12:33.0347 6964 FDResPub - ok
10:12:33.0358 6964 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:12:33.0393 6964 FileInfo - ok
10:12:33.0413 6964 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:12:33.0457 6964 Filetrace - ok
10:12:33.0489 6964 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:12:33.0533 6964 flpydisk - ok
10:12:33.0553 6964 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:12:33.0592 6964 FltMgr - ok
10:12:33.0657 6964 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:12:33.0677 6964 FontCache3.0.0.0 - ok
10:12:33.0688 6964 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:12:33.0723 6964 Fs_Rec - ok
10:12:33.0755 6964 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:12:33.0778 6964 gagp30kx - ok
10:12:33.0822 6964 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
10:12:33.0938 6964 gpsvc - ok
10:12:34.0022 6964 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:12:34.0052 6964 gupdate - ok
10:12:34.0058 6964 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:12:34.0072 6964 gupdatem - ok
10:12:34.0117 6964 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:12:34.0218 6964 HdAudAddService - ok
10:12:34.0241 6964 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:12:34.0309 6964 HDAudBus - ok
10:12:34.0325 6964 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:12:34.0404 6964 HidBth - ok
10:12:34.0419 6964 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:12:34.0494 6964 HidIr - ok
10:12:34.0518 6964 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
10:12:34.0615 6964 hidserv - ok
10:12:34.0634 6964 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:12:34.0676 6964 HidUsb - ok
10:12:34.0699 6964 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:12:34.0764 6964 hkmsvc - ok
10:12:34.0783 6964 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:12:34.0816 6964 HpCISSs - ok
10:12:34.0859 6964 [ 299683D4C8AAA3F6F5D5D226A1782A6E ] HPFXBULK C:\Windows\system32\drivers\hpfxbulk.sys
10:12:34.0916 6964 HPFXBULK - ok
10:12:34.0948 6964 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:12:35.0046 6964 HTTP - ok
10:12:35.0099 6964 [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
10:12:35.0134 6964 hwdatacard - ok
10:12:35.0193 6964 [ 1D4D6D24256F61E6B08A3CF8184A78B8 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
10:12:35.0233 6964 hwusbfake - ok
10:12:35.0255 6964 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:12:35.0277 6964 i2omp - ok
10:12:35.0310 6964 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:12:35.0364 6964 i8042prt - ok
10:12:35.0392 6964 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:12:35.0435 6964 iaStorV - ok
10:12:35.0606 6964 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:12:35.0759 6964 idsvc - ok
10:12:35.0793 6964 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:12:35.0814 6964 iirsp - ok
10:12:35.0857 6964 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
10:12:35.0932 6964 IKEEXT - ok
10:12:35.0974 6964 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
10:12:35.0995 6964 intelide - ok
10:12:36.0024 6964 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:12:36.0084 6964 intelppm - ok
10:12:36.0113 6964 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:12:36.0173 6964 IPBusEnum - ok
10:12:36.0190 6964 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:12:36.0236 6964 IpFilterDriver - ok
10:12:36.0267 6964 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:12:36.0326 6964 iphlpsvc - ok
10:12:36.0333 6964 IpInIp - ok
10:12:36.0355 6964 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:12:36.0405 6964 IPMIDRV - ok
10:12:36.0432 6964 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:12:36.0481 6964 IPNAT - ok
10:12:36.0499 6964 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:12:36.0544 6964 IRENUM - ok
10:12:36.0557 6964 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:12:36.0601 6964 isapnp - ok
10:12:36.0628 6964 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:12:36.0669 6964 iScsiPrt - ok
10:12:36.0687 6964 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:12:36.0720 6964 iteatapi - ok
10:12:36.0742 6964 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:12:36.0770 6964 iteraid - ok
10:12:36.0826 6964 [ A67E8CFCAD7D4F8B35643D6C79BA64C3 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
10:12:36.0871 6964 k57nd60x - ok
10:12:36.0903 6964 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:12:36.0933 6964 kbdclass - ok
10:12:36.0958 6964 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:12:37.0001 6964 kbdhid - ok
10:12:37.0018 6964 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
10:12:37.0057 6964 KeyIso - ok
10:12:37.0085 6964 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:12:37.0139 6964 KSecDD - ok
10:12:37.0186 6964 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:12:37.0272 6964 KtmRm - ok
10:12:37.0333 6964 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:12:37.0384 6964 LanmanServer - ok
10:12:37.0420 6964 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:12:37.0476 6964 LanmanWorkstation - ok
10:12:37.0519 6964 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:12:37.0567 6964 lltdio - ok
10:12:37.0599 6964 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:12:37.0652 6964 lltdsvc - ok
10:12:37.0672 6964 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:12:37.0750 6964 lmhosts - ok
10:12:37.0774 6964 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:12:37.0798 6964 LSI_FC - ok
10:12:37.0817 6964 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:12:37.0858 6964 LSI_SAS - ok
10:12:37.0909 6964 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:12:37.0934 6964 LSI_SCSI - ok
10:12:37.0950 6964 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:12:38.0015 6964 luafv - ok
10:12:38.0051 6964 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:12:38.0080 6964 Mcx2Svc - ok
10:12:38.0106 6964 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
10:12:38.0127 6964 megasas - ok
10:12:38.0163 6964 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:12:38.0209 6964 MegaSR - ok
10:12:38.0230 6964 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:12:38.0294 6964 MMCSS - ok
10:12:38.0318 6964 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:12:38.0365 6964 Modem - ok
10:12:38.0391 6964 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:12:38.0457 6964 monitor - ok
10:12:38.0475 6964 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:12:38.0519 6964 mouclass - ok
10:12:38.0537 6964 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:12:38.0584 6964 mouhid - ok
10:12:38.0606 6964 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:12:38.0632 6964 MountMgr - ok
10:12:38.0702 6964 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:12:38.0731 6964 MozillaMaintenance - ok
10:12:38.0772 6964 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
10:12:38.0823 6964 mpio - ok
10:12:38.0842 6964 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:12:38.0881 6964 mpsdrv - ok
10:12:38.0924 6964 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
10:12:38.0985 6964 MpsSvc - ok
10:12:39.0001 6964 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:12:39.0034 6964 Mraid35x - ok
10:12:39.0064 6964 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:12:39.0110 6964 MRxDAV - ok
10:12:39.0139 6964 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:12:39.0202 6964 mrxsmb - ok
10:12:39.0213 6964 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:12:39.0246 6964 mrxsmb10 - ok
10:12:39.0254 6964 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:12:39.0283 6964 mrxsmb20 - ok
10:12:39.0316 6964 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
10:12:39.0356 6964 msahci - ok
10:12:39.0384 6964 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:12:39.0410 6964 msdsm - ok
10:12:39.0430 6964 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:12:39.0495 6964 MSDTC - ok
10:12:39.0524 6964 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:12:39.0577 6964 Msfs - ok
10:12:39.0600 6964 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:12:39.0633 6964 msisadrv - ok
10:12:39.0662 6964 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:12:39.0725 6964 MSiSCSI - ok
10:12:39.0732 6964 msiserver - ok
10:12:39.0753 6964 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:12:39.0796 6964 MSKSSRV - ok
10:12:39.0803 6964 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:12:39.0849 6964 MSPCLOCK - ok
10:12:39.0873 6964 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:12:39.0917 6964 MSPQM - ok
10:12:39.0938 6964 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:12:39.0973 6964 MsRPC - ok
10:12:39.0994 6964 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:12:40.0025 6964 mssmbios - ok
10:12:40.0033 6964 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:12:40.0081 6964 MSTEE - ok
10:12:40.0108 6964 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
10:12:40.0132 6964 Mup - ok
10:12:40.0155 6964 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
10:12:40.0202 6964 napagent - ok
10:12:40.0245 6964 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:12:40.0272 6964 NativeWifiP - ok
10:12:40.0313 6964 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:12:40.0391 6964 NDIS - ok
10:12:40.0432 6964 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:12:40.0467 6964 NdisTapi - ok
10:12:40.0478 6964 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:12:40.0522 6964 Ndisuio - ok
10:12:40.0539 6964 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:12:40.0604 6964 NdisWan - ok
10:12:40.0614 6964 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:12:40.0651 6964 NDProxy - ok
10:12:40.0698 6964 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:12:40.0725 6964 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:12:40.0725 6964 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:12:40.0749 6964 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:12:40.0802 6964 NetBIOS - ok
10:12:40.0829 6964 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:12:40.0882 6964 netbt - ok
10:12:40.0892 6964 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
10:12:40.0913 6964 Netlogon - ok
10:12:40.0938 6964 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:12:41.0009 6964 Netman - ok
10:12:41.0033 6964 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:12:41.0080 6964 netprofm - ok
10:12:41.0129 6964 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:12:41.0174 6964 NetTcpPortSharing - ok
10:12:41.0209 6964 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:12:41.0230 6964 nfrd960 - ok
10:12:41.0262 6964 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:12:41.0306 6964 NlaSvc - ok
10:12:41.0316 6964 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:12:41.0363 6964 Npfs - ok
10:12:41.0386 6964 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:12:41.0446 6964 nsi - ok
10:12:41.0464 6964 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:12:41.0507 6964 nsiproxy - ok
10:12:41.0554 6964 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:12:41.0688 6964 Ntfs - ok
10:12:41.0715 6964 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:12:41.0789 6964 ntrigdigi - ok
10:12:41.0805 6964 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:12:41.0849 6964 Null - ok
10:12:41.0873 6964 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:12:41.0911 6964 nvraid - ok
10:12:41.0931 6964 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:12:41.0953 6964 nvstor - ok
10:12:41.0977 6964 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:12:42.0003 6964 nv_agp - ok
10:12:42.0009 6964 NwlnkFlt - ok
10:12:42.0017 6964 NwlnkFwd - ok
10:12:42.0051 6964 [ 9B7CD7151A7C4009C383396155F02B95 ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
10:12:42.0106 6964 OA001Ufd - ok
10:12:42.0131 6964 [ CDCDAD303A9208CF3513400EF2A05F80 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
10:12:42.0201 6964 OA001Vid - ok
10:12:42.0279 6964 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:12:42.0361 6964 odserv - ok
10:12:42.0414 6964 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:12:42.0477 6964 ohci1394 - ok
10:12:42.0515 6964 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:12:42.0540 6964 ose - ok
10:12:42.0634 6964 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:12:42.0737 6964 p2pimsvc - ok
10:12:42.0809 6964 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
10:12:42.0874 6964 p2psvc - ok
10:12:42.0925 6964 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:12:43.0002 6964 Parport - ok
10:12:43.0020 6964 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:12:43.0060 6964 partmgr - ok
10:12:43.0080 6964 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:12:43.0155 6964 Parvdm - ok
10:12:43.0185 6964 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:12:43.0227 6964 PcaSvc - ok
10:12:43.0236 6964 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
10:12:43.0276 6964 pci - ok
10:12:43.0297 6964 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
10:12:43.0317 6964 pciide - ok
10:12:43.0336 6964 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:12:43.0366 6964 pcmcia - ok
10:12:43.0413 6964 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:12:43.0599 6964 PEAUTH - ok
10:12:43.0684 6964 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:12:43.0786 6964 pla - ok
10:12:43.0814 6964 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:12:43.0888 6964 PlugPlay - ok
10:12:43.0912 6964 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:12:43.0941 6964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:12:43.0941 6964 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:12:43.0976 6964 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:12:44.0043 6964 PNRPAutoReg - ok
10:12:44.0061 6964 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:12:44.0129 6964 PNRPsvc - ok
10:12:44.0183 6964 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:12:44.0258 6964 PolicyAgent - ok
10:12:44.0307 6964 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:12:44.0353 6964 PptpMiniport - ok
10:12:44.0371 6964 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
10:12:44.0427 6964 Processor - ok
10:12:44.0459 6964 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
10:12:44.0533 6964 ProfSvc - ok
10:12:44.0553 6964 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:12:44.0576 6964 ProtectedStorage - ok
10:12:44.0605 6964 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:12:44.0654 6964 PSched - ok
10:12:44.0715 6964 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:12:44.0852 6964 ql2300 - ok
10:12:44.0874 6964 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:12:44.0898 6964 ql40xx - ok
10:12:44.0936 6964 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:12:44.0989 6964 QWAVE - ok
10:12:45.0003 6964 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:12:45.0028 6964 QWAVEdrv - ok
10:12:45.0061 6964 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:12:45.0106 6964 RasAcd - ok
10:12:45.0120 6964 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:12:45.0187 6964 RasAuto - ok
10:12:45.0208 6964 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:12:45.0256 6964 Rasl2tp - ok
10:12:45.0292 6964 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
10:12:45.0367 6964 RasMan - ok
10:12:45.0381 6964 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:12:45.0445 6964 RasPppoe - ok
10:12:45.0471 6964 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:12:45.0531 6964 RasSstp - ok
10:12:45.0552 6964 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:12:45.0610 6964 rdbss - ok
10:12:45.0626 6964 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:12:45.0670 6964 RDPCDD - ok
10:12:45.0703 6964 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:12:45.0762 6964 rdpdr - ok
10:12:45.0770 6964 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:12:45.0818 6964 RDPENCDD - ok
10:12:45.0846 6964 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:12:45.0918 6964 RDPWD - ok
10:12:45.0962 6964 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:12:46.0027 6964 RemoteAccess - ok
10:12:46.0059 6964 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:12:46.0129 6964 RemoteRegistry - ok
10:12:46.0175 6964 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
10:12:46.0209 6964 rimmptsk - ok
10:12:46.0227 6964 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
10:12:46.0250 6964 rimsptsk - ok
10:12:46.0259 6964 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
10:12:46.0299 6964 rismxdp - ok
10:12:46.0330 6964 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:12:46.0366 6964 RpcLocator - ok
10:12:46.0396 6964 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
10:12:46.0432 6964 RpcSs - ok
10:12:46.0472 6964 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:12:46.0532 6964 rspndr - ok
10:12:46.0553 6964 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
10:12:46.0574 6964 SamSs - ok
10:12:46.0586 6964 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:12:46.0618 6964 sbp2port - ok
10:12:46.0654 6964 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:12:46.0706 6964 SCardSvr - ok
10:12:46.0746 6964 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
10:12:46.0785 6964 Schedule - ok
10:12:46.0827 6964 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
10:12:46.0868 6964 SCPolicySvc - ok
10:12:46.0907 6964 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:12:46.0964 6964 sdbus - ok
10:12:46.0996 6964 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:12:47.0028 6964 SDRSVC - ok
10:12:47.0057 6964 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:12:47.0133 6964 secdrv - ok
10:12:47.0159 6964 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:12:47.0217 6964 seclogon - ok
10:12:47.0235 6964 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
10:12:47.0277 6964 SENS - ok
10:12:47.0293 6964 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:12:47.0366 6964 Serenum - ok
10:12:47.0394 6964 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:12:47.0475 6964 Serial - ok
10:12:47.0496 6964 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:12:47.0539 6964 sermouse - ok
10:12:47.0653 6964 [ 8631221AC3AF3B09C718DAA1B19EB8DD ] SesamService C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe
10:12:47.0852 6964 SesamService - ok
10:12:47.0929 6964 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:12:47.0984 6964 SessionEnv - ok
10:12:48.0015 6964 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
10:12:48.0050 6964 sffdisk - ok
10:12:48.0084 6964 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:12:48.0128 6964 sffp_mmc - ok
10:12:48.0141 6964 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
10:12:48.0184 6964 sffp_sd - ok
10:12:48.0206 6964 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:12:48.0248 6964 sfloppy - ok
10:12:48.0291 6964 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:12:48.0346 6964 SharedAccess - ok
10:12:48.0377 6964 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:12:48.0428 6964 ShellHWDetection - ok
10:12:48.0451 6964 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:12:48.0490 6964 sisagp - ok
10:12:48.0509 6964 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:12:48.0547 6964 SiSRaid2 - ok
10:12:48.0564 6964 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:12:48.0589 6964 SiSRaid4 - ok
10:12:48.0678 6964 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
10:12:49.0009 6964 slsvc - ok
10:12:49.0041 6964 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:12:49.0100 6964 SLUINotify - ok
10:12:49.0122 6964 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:12:49.0170 6964 Smb - ok
10:12:49.0221 6964 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:12:49.0261 6964 SNMPTRAP - ok
10:12:49.0283 6964 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:12:49.0304 6964 spldr - ok
10:12:49.0338 6964 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
10:12:49.0374 6964 Spooler - ok
10:12:49.0411 6964 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:12:49.0458 6964 srv - ok
10:12:49.0478 6964 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:12:49.0534 6964 srv2 - ok
10:12:49.0542 6964 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:12:49.0583 6964 srvnet - ok
10:12:49.0612 6964 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:12:49.0683 6964 SSDPSRV - ok
10:12:49.0712 6964 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
10:12:49.0730 6964 ssmdrv - ok
10:12:49.0777 6964 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:12:49.0820 6964 SstpSvc - ok
10:12:49.0930 6964 [ 6318D2AEAB600AB2FB7D2F75E7484BEB ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
10:12:49.0972 6964 STacSV - ok
10:12:50.0004 6964 [ 87B7FC4CDE516C40AB84E786B97953DD ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
10:12:50.0061 6964 STHDA - ok
10:12:50.0108 6964 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
10:12:50.0179 6964 stisvc - ok
10:12:50.0208 6964 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:12:50.0227 6964 swenum - ok
10:12:50.0264 6964 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
10:12:50.0334 6964 swprv - ok
10:12:50.0421 6964 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:12:50.0450 6964 Symc8xx - ok
10:12:50.0472 6964 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:12:50.0492 6964 Sym_hi - ok
10:12:50.0512 6964 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:12:50.0531 6964 Sym_u3 - ok
10:12:50.0558 6964 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
10:12:50.0643 6964 SysMain - ok
10:12:50.0677 6964 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:12:50.0714 6964 TabletInputService - ok
10:12:50.0765 6964 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
10:12:50.0826 6964 TapiSrv - ok
10:12:50.0848 6964 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:12:50.0917 6964 TBS - ok
10:12:50.0958 6964 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:12:51.0021 6964 Tcpip - ok
10:12:51.0046 6964 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:12:51.0173 6964 Tcpip6 - ok
10:12:51.0205 6964 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:12:51.0249 6964 tcpipreg - ok
10:12:51.0269 6964 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:12:51.0312 6964 TDPIPE - ok
10:12:51.0328 6964 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:12:51.0372 6964 TDTCP - ok
10:12:51.0383 6964 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:12:51.0448 6964 tdx - ok
10:12:51.0481 6964 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:12:51.0523 6964 TermDD - ok
10:12:51.0566 6964 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
10:12:51.0652 6964 TermService - ok
10:12:51.0677 6964 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
10:12:51.0704 6964 Themes - ok
10:12:51.0718 6964 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:12:51.0760 6964 THREADORDER - ok
10:12:51.0777 6964 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:12:51.0838 6964 TrkWks - ok
10:12:51.0891 6964 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:12:51.0959 6964 TrustedInstaller - ok
10:12:51.0992 6964 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:12:52.0035 6964 tssecsrv - ok
10:12:52.0056 6964 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:12:52.0080 6964 tunmp - ok
10:12:52.0106 6964 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:12:52.0145 6964 tunnel - ok
10:12:52.0169 6964 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:12:52.0200 6964 uagp35 - ok
10:12:52.0235 6964 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:12:52.0289 6964 udfs - ok
10:12:52.0329 6964 [ 52B42D0D13FD2DBEE4599E676B634FF6 ] UDM Service C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe
10:12:52.0374 6964 UDM Service - ok
10:12:52.0406 6964 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:12:52.0476 6964 UI0Detect - ok
10:12:52.0492 6964 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:12:52.0526 6964 uliagpkx - ok
10:12:52.0547 6964 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:12:52.0575 6964 uliahci - ok
10:12:52.0603 6964 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:12:52.0639 6964 UlSata - ok
10:12:52.0661 6964 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:12:52.0701 6964 ulsata2 - ok
10:12:52.0722 6964 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:12:52.0775 6964 umbus - ok
10:12:52.0801 6964 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:12:52.0860 6964 upnphost - ok
10:12:52.0902 6964 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:12:52.0955 6964 usbccgp - ok
10:12:52.0988 6964 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:12:53.0071 6964 usbcir - ok
10:12:53.0102 6964 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:12:53.0167 6964 usbehci - ok
10:12:53.0197 6964 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:12:53.0248 6964 usbhub - ok
10:12:53.0268 6964 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:12:53.0341 6964 usbohci - ok
10:12:53.0375 6964 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:12:53.0419 6964 usbprint - ok
10:12:53.0453 6964 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:12:53.0505 6964 usbscan - ok
10:12:53.0530 6964 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:12:53.0588 6964 USBSTOR - ok
10:12:53.0618 6964 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:12:53.0653 6964 usbuhci - ok
10:12:53.0690 6964 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:12:53.0749 6964 usbvideo - ok
10:12:53.0781 6964 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
10:12:53.0830 6964 UxSms - ok
10:12:53.0859 6964 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
10:12:53.0949 6964 vds - ok
10:12:53.0982 6964 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:12:54.0027 6964 vga - ok
10:12:54.0041 6964 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:12:54.0086 6964 VgaSave - ok
10:12:54.0107 6964 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:12:54.0148 6964 viaagp - ok
10:12:54.0164 6964 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:12:54.0217 6964 ViaC7 - ok
10:12:54.0237 6964 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
10:12:54.0257 6964 viaide - ok
10:12:54.0270 6964 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:12:54.0302 6964 volmgr - ok
10:12:54.0332 6964 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:12:54.0381 6964 volmgrx - ok
10:12:54.0399 6964 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:12:54.0432 6964 volsnap - ok
10:12:54.0454 6964 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:12:54.0480 6964 vsmraid - ok
10:12:54.0540 6964 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
10:12:54.0666 6964 VSS - ok
10:12:54.0709 6964 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
10:12:54.0786 6964 W32Time - ok
10:12:54.0808 6964 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:12:54.0883 6964 WacomPen - ok
10:12:54.0900 6964 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:12:54.0940 6964 Wanarp - ok
10:12:54.0945 6964 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:12:54.0977 6964 Wanarpv6 - ok
10:12:55.0005 6964 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:12:55.0093 6964 wcncsvc - ok
10:12:55.0135 6964 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:12:55.0195 6964 WcsPlugInService - ok
10:12:55.0223 6964 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
10:12:55.0244 6964 Wd - ok
10:12:55.0289 6964 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:12:55.0370 6964 Wdf01000 - ok
10:12:55.0399 6964 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:12:55.0452 6964 WdiServiceHost - ok
10:12:55.0458 6964 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:12:55.0502 6964 WdiSystemHost - ok
10:12:55.0543 6964 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
10:12:55.0592 6964 WebClient - ok
10:12:55.0628 6964 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:12:55.0670 6964 Wecsvc - ok
10:12:55.0689 6964 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:12:55.0744 6964 wercplsupport - ok
10:12:55.0777 6964 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
10:12:55.0830 6964 WerSvc - ok
10:12:55.0876 6964 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:12:55.0915 6964 WinDefend - ok
10:12:55.0924 6964 WinHttpAutoProxySvc - ok
10:12:55.0993 6964 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:12:56.0060 6964 Winmgmt - ok
10:12:56.0114 6964 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:12:56.0304 6964 WinRM - ok
10:12:56.0361 6964 [ F03110711B17AD31271CB2BAF0DBB2B1 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
10:12:56.0406 6964 WinUSB - ok
10:12:56.0448 6964 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:12:56.0512 6964 Wlansvc - ok
10:12:56.0518 6964 wltrysvc - ok
10:12:56.0548 6964 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:12:56.0594 6964 WmiAcpi - ok
10:12:56.0629 6964 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:12:56.0681 6964 wmiApSrv - ok
10:12:56.0751 6964 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:12:56.0908 6964 WMPNetworkSvc - ok
10:12:57.0015 6964 [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
10:12:57.0068 6964 WMZuneComm - ok
10:12:57.0162 6964 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:12:57.0225 6964 WPCSvc - ok
10:12:57.0272 6964 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:12:57.0303 6964 WPDBusEnum - ok
10:12:57.0399 6964 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:12:57.0449 6964 WPFFontCache_v0400 - ok
10:12:57.0473 6964 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:12:57.0516 6964 ws2ifsl - ok
10:12:57.0541 6964 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
10:12:57.0565 6964 wscsvc - ok
10:12:57.0570 6964 WSearch - ok
10:12:57.0610 6964 [ 422B6AFCADC56CA255EF0150B050DA8A ] wtsmpadap C:\Windows\system32\DRIVERS\wtsmpadap.sys
10:12:57.0645 6964 wtsmpadap - ok
10:12:57.0699 6964 [ 4AF1385F6257E341F2D16FE0619BDFB8 ] WtSmpFlt C:\Windows\system32\DRIVERS\wtsmpflt.sys
10:12:57.0738 6964 WtSmpFlt - ok
10:12:57.0817 6964 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
10:12:57.0903 6964 wuauserv - ok
10:12:57.0958 6964 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:12:57.0996 6964 WudfPf - ok
10:12:58.0056 6964 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:12:58.0086 6964 WUDFRd - ok
10:12:58.0132 6964 [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:12:58.0179 6964 wudfsvc - ok
10:12:58.0363 6964 [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
10:12:58.0729 6964 ZuneNetworkSvc - ok
10:12:58.0796 6964 [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
10:12:58.0910 6964 ZuneWlanCfgSvc - ok
10:12:58.0957 6964 ================ Scan global ===============================
10:12:58.0985 6964 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:12:59.0032 6964 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
10:12:59.0082 6964 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
10:12:59.0117 6964 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
10:12:59.0158 6964 [Global] - ok
10:12:59.0158 6964 ================ Scan MBR ==================================
10:12:59.0170 6964 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:13:00.0259 6964 \Device\Harddisk0\DR0 - ok
10:13:00.0260 6964 ================ Scan VBR ==================================
10:13:00.0290 6964 [ FEF686F247CBDA710268FB38E12518BE ] \Device\Harddisk0\DR0\Partition1
10:13:00.0294 6964 \Device\Harddisk0\DR0\Partition1 - ok
10:13:00.0299 6964 [ 8135EFD47AB4D0D500C33AAE042C5096 ] \Device\Harddisk0\DR0\Partition2
10:13:00.0303 6964 \Device\Harddisk0\DR0\Partition2 - ok
10:13:00.0303 6964 ============================================================
10:13:00.0304 6964 Scan finished
10:13:00.0304 6964 ============================================================
10:13:00.0319 12292 Detected object count: 2
10:13:00.0319 12292 Actual detected object count: 2
10:13:26.0649 12292 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:13:26.0650 12292 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:13:26.0654 12292 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:13:26.0654 12292 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 28/05/2013 um 10:18:51 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Silvan - SILVAN-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : D:\Benutzer\Silvan\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Silvan\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Silvan\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Silvan\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6001.18639
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110824&tt=4812_7&babsrc=HP_ss&mntrId=14c8aad100000000000000ade1ac1c1a --> hxxp://www.google.com
-\\ Mozilla Firefox v12.0 (de)
Datei : C:\Users\Silvan\AppData\Roaming\Mozilla\Firefox\Profiles\m70kb871.default\prefs.js
C:\Users\Silvan\AppData\Roaming\Mozilla\Firefox\Profiles\m70kb871.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "14c8aad100000000000000ade1ac1c1a");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15674");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4812_[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.815:33:19");
-\\ Opera v12.15.1748.0
Datei : C:\Users\Silvan\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [4109 octets] - [28/05/2013 10:18:51]
########## EOF - C:\AdwCleaner[S1].txt - [4169 octets] ##########
|
|
28.05.2013, 09:38
| #6 |
| /// the machine /// TB-Ausbilder | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen sind die alle im Heimnetzwerk? Also hast Du überall heimnetzwerk eingestellt (die können Daten tauschen). Dann, nur dann, je nach Befall, könnte es Stress geben. Aber nicht bei diesem
__________________ --> Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen |
|
28.05.2013, 09:43
| #7 |
| | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Logfile von JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Silvan on 28.05.2013 at 10:32:48.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Silvan\AppData\Roaming\mozilla\firefox\profiles\m70kb871.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2013 at 10:35:02.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2013
Ran by Silvan (administrator) on 28-05-2013 10:42:52
Running from D:\Benutzer\Silvan\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Swisscom) C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe
(Swisscom) C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
() C:\Program Files\uniFLOW_Client\momclnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Farbar) D:\Benutzer\Silvan\Desktop\FRST.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [163840 2007-10-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-03-12] (Dell Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [442433 2008-02-28] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MOMCLIENT] C:\Program Files\uniFLOW_Client\momclnt.exe [668960 2008-09-01] ()
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [System]
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Silvan\AppData\Roaming\Mozilla\Firefox\Profiles\m70kb871.default
FF Homepage: www.google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe [73728 2008-02-13] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-01] (Avira Operations GmbH & Co. KG)
R2 SesamService; C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe [1414440 2009-11-16] (Swisscom)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe [221239 2008-02-28] (IDT, Inc.)
R2 UDM Service; C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe [128296 2009-12-10] (Swisscom)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-03-12] (Dell Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-03-12] (Broadcom Corporation)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2009-12-10] (Huawei Technologies Co., Ltd.)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [149208 2008-01-31] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277624 2008-02-16] (Creative Technology Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-26] (Avira GmbH)
R3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [39720 2009-07-20] (Swisscom)
R3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [286760 2009-07-20] (Swisscom)
S3 catchme; \??\C:\Users\Silvan\AppData\Local\Temp\catchme.sys [x]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-28 10:42 - 2013-05-28 10:42 - 00000000 ____D C:\FRST
2013-05-28 10:35 - 2013-05-28 10:35 - 00001085 ____A C:\Users\Silvan\Desktop\JRT.txt
2013-05-28 10:32 - 2013-05-28 10:32 - 00000000 ____D C:\Windows\ERUNT
2013-05-28 10:32 - 2013-05-28 10:32 - 00000000 ____D C:\JRT
2013-05-28 10:18 - 2013-05-28 10:19 - 00004238 ____A C:\AdwCleaner[S1].txt
2013-05-28 09:42 - 2013-05-28 09:42 - 00008852 ____A C:\ComboFix.txt
2013-05-28 09:31 - 2013-05-28 09:42 - 00000000 ____D C:\ComboFix
2013-05-28 09:31 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-28 09:31 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-28 09:31 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-28 09:29 - 2013-05-28 09:42 - 00000000 ____D C:\Qoobox
2013-05-28 09:28 - 2013-05-28 09:41 - 00000000 ____D C:\Windows\erdnt
2013-05-27 22:09 - 2013-05-27 22:09 - 00000000 ____A C:\Users\Silvan\defogger_reenable
2013-05-24 13:19 - 2013-05-24 13:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-24 13:19 - 2013-05-24 13:19 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-13 15:54 - 2013-05-13 15:54 - 00000000 ____D C:\Users\Silvan\AppData\Local\Macromedia
==================== One Month Modified Files and Folders ========
2013-05-28 10:42 - 2013-05-28 10:42 - 00000000 ____D C:\FRST
2013-05-28 10:35 - 2013-05-28 10:35 - 00001085 ____A C:\Users\Silvan\Desktop\JRT.txt
2013-05-28 10:32 - 2013-05-28 10:32 - 00000000 ____D C:\Windows\ERUNT
2013-05-28 10:32 - 2013-05-28 10:32 - 00000000 ____D C:\JRT
2013-05-28 10:30 - 2008-01-21 03:35 - 02036034 ____A C:\Windows\WindowsUpdate.log
2013-05-28 10:26 - 2006-11-02 12:33 - 01445310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-28 10:21 - 2012-09-09 20:35 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-28 10:20 - 2008-01-21 04:47 - 00127144 ____A C:\Windows\PFRO.log
2013-05-28 10:20 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-28 10:20 - 2006-11-02 14:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-28 10:20 - 2006-11-02 14:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-28 10:19 - 2013-05-28 10:18 - 00004238 ____A C:\AdwCleaner[S1].txt
2013-05-28 10:19 - 2006-11-02 15:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-28 09:56 - 2012-09-09 20:35 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-28 09:42 - 2013-05-28 09:42 - 00008852 ____A C:\ComboFix.txt
2013-05-28 09:42 - 2013-05-28 09:31 - 00000000 ____D C:\ComboFix
2013-05-28 09:42 - 2013-05-28 09:29 - 00000000 ____D C:\Qoobox
2013-05-28 09:42 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default
2013-05-28 09:42 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-05-28 09:41 - 2013-05-28 09:28 - 00000000 ____D C:\Windows\erdnt
2013-05-28 09:40 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini
2013-05-27 22:09 - 2013-05-27 22:09 - 00000000 ____A C:\Users\Silvan\defogger_reenable
2013-05-27 22:09 - 2011-12-20 23:56 - 00000000 ____D C:\users\Silvan
2013-05-24 13:19 - 2013-05-24 13:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-24 13:19 - 2013-05-24 13:19 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-24 13:19 - 2012-01-02 21:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-23 14:11 - 2012-03-27 09:34 - 00000000 ____D C:\Users\Silvan\AppData\Roaming\vlc
2013-05-20 15:29 - 2013-03-21 15:30 - 00000000 ____D C:\Users\Silvan\AppData\Roaming\U3
2013-05-16 12:01 - 2006-11-02 14:52 - 00108975 ____A C:\Windows\setupact.log
2013-05-15 22:48 - 2006-11-02 12:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-15 08:59 - 2011-12-21 00:42 - 00000000 ____D C:\Program Files\Opera
2013-05-13 15:54 - 2013-05-13 15:54 - 00000000 ____D C:\Users\Silvan\AppData\Local\Macromedia
2013-05-09 10:29 - 2011-12-24 12:59 - 00061440 ____A C:\Users\Silvan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-07 22:39 - 2011-12-21 00:31 - 00000000 ____D C:\Users\Silvan\AppData\Local\Microsoft Help
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-05-28 10:28
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-05-2013
Ran by Silvan at 2013-05-28 10:43:44 Run:
Running from D:\Benutzer\Silvan\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
32 Bit HP CIO Components Installer (Version: 8.1.4)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.6) - Deutsch (Version: 10.1.6)
ATI Catalyst Install Manager (Version: 3.0.664.0)
Avira Free Antivirus (Version: 13.0.0.3640)
Broadcom Gigabit NetLink Controller (Version: 11.06.01)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Full Existing (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Full New (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Light (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Previews Common (Version: 2008.0225.2153.39091)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0225.2153.39091)
Catalyst Control Center Localization German (Version: 2008.0225.2153.39091)
CCC Help German (Version: 2008.0225.2152.39091)
ccc-core-static (Version: 2008.0225.2153.39091)
ccc-utility (Version: 2008.0225.2153.39091)
Cisco EAP-FAST Module (Version: 2.1.3)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 7.1.104.2)
Dienstprogramm für Dell Wireless WLAN Karte (Version: 4.170.75.0)
Free Studio version 2013 (Version: 6.0.0.128)
GIMP 2.8.0 (Version: 2.8.0)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
Hamster Free Video Converter (Version: 2.5.2.33)
IDT Audio (Version: 1.0.5881.0)
ifolor Designer (Version: 3.2.3.0)
Integrated Webcam Driver (1.00.08.0216)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 30 (Version: 6.0.300)
LehrerOffice Easy (Version: 2009)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 12.0 (x86 de) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
Mp3tag v2.54 (Version: v2.54)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
On s'entraîne 6 (Version: 1.00.0000)
Opera 12.15 (Version: 12.15.1748)
PDFCreator (Version: 1.2.3)
posterjack CEWE Fotobuch und Kalender (Version: 4.8.7)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (Version: 3.54.02)
Skins (Version: 2008.0225.2153.39091)
SopCast 3.5.0 (Version: 3.5.0)
uniFLOW Client (Version: 1.0)
Unlimited Data Manager 9.1.0 (Version: 9.1.17491.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VideoPad Videobearbeitungs-Software
VLC media player 2.0.1 (Version: 2.0.1)
WIDCOMM Bluetooth Software 6.1.0.4400 (Version: 6.1.0.4400)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinRAR 4.01 (32-Bit) (Version: 4.01.0)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
==================== Restore Points =========================
19-05-2013 10:13:05 Geplanter Prüfpunkt
20-05-2013 10:55:39 Geplanter Prüfpunkt
21-05-2013 06:19:05 Geplanter Prüfpunkt
22-05-2013 07:51:47 Geplanter Prüfpunkt
25-05-2013 06:19:45 Geplanter Prüfpunkt
27-05-2013 15:39:55 Geplanter Prüfpunkt
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (05/21/2013 09:13:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19260 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/07/2013 11:15:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1352 seconds with 1320 seconds of active time. This session ended with a crash.
Error: (02/19/2013 00:26:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25439 seconds with 2820 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-05-28 10:43:24.531
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-28 10:43:24.424
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-28 10:43:24.316
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-28 10:43:24.207
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-28 10:43:24.090
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-28 10:43:23.980
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-28 10:43:23.872
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-28 10:43:23.746
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-27 22:41:06.075
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Silvan\AppData\Local\Temp\tmp975.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-27 22:41:05.969
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Silvan\AppData\Local\Temp\tmp975.tmp" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3581.05 MB
Available physical RAM: 2104.57 MB
Total Pagefile: 7387.11 MB
Available Pagefile: 5846.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.18 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:40.04 GB) (Free:3.54 GB) NTFS
Drive d: (DATA) (Fixed) (Total:257.91 GB) (Free:204.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 298 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=141 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=258 GB) - (Type=07 NTFS)
==================== End Of Log ============================
AVIRA hat vorhin, als es aktiviert war, quasi im 10-Sekunden-Takt etwa weitere Funde gemeldet. Was könnte das sein? Gruss, Silvan |
|
28.05.2013, 09:55
| #8 |
| /// the machine /// TB-Ausbilder | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen schau mal in Avira ob Du die Fundorte ausmachen kannst. Protkolle oder Wächter. Downloade dir bitte Farbar's Service Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.05.2013, 09:59
| #9 |
| | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Wie mache ich die Fundorte aus? Was meinst du mit Protokolle oder Wächter? FSS.txt: Code:
ATTFilter Farbar Service Scanner Version: 25-05-2013
Ran by Silvan (administrator) on 28-05-2013 at 10:59:34
Running from "D:\Benutzer\Silvan\Desktop"
Windows Vista (TM) Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-12-21 10:51] - [2011-04-21 15:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-12-21 10:39] - [2010-06-16 17:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9
C:\Windows\system32\dnsrslvr.dll
[2011-12-21 10:53] - [2011-03-02 16:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D
C:\Windows\system32\mpssvc.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B
C:\Windows\system32\bfe.dll
[2008-01-21 04:23] - [2008-01-21 04:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 04:23] - [2008-01-21 04:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23
C:\Windows\system32\wscsvc.dll
[2008-01-21 04:23] - [2008-01-21 04:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C
C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 04:25] - [2008-01-21 04:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D
C:\Windows\system32\es.dll
[2011-12-21 10:50] - [2008-04-18 07:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465
C:\Windows\system32\cryptsvc.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2012-03-13 22:59] - [2010-02-18 16:11] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-12-21 10:40] - [2009-03-03 06:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
**** End of log ****
Bei Avira konnte ich unter Ereignisse die Funde anklicken. Anscheinend handelt es sich dabei immer um denselben Fund, der aber immer wieder nacheinander entdeckt wurde. Detailangaben aus Avira: In der Datei 'C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1015886030-3323842824-1470768695-1000\$a935c93e49e252c27a6eb9b66c51c604\n.vir' wurde ein Virus oder unerwünschtes Programm 'TR/Symmi.15280.1' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Was kann ich da tun? Ich weiss nun nicht, wie ich diesen Fund noch in die Quarantäne verschieben könnte! |
|
28.05.2013, 15:19
| #10 |
| /// the machine /// TB-Ausbilder | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Der Fund ist schon lange in Quarantäne ESET Online Scanner
und ein frisches Scanlogfile mit FRST bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.05.2013, 15:37
| #11 |
| | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Noch eine Frage dazu: Soll ich alle Wechseldatenträger anhängen, die ich jemals verwendet habe, oder einfach jene, die ich am häufigsten benutze? Besteht da nicht die Gefahr, dass ich somit alle Wechseldatenträger mitinfizieren könnte? |
|
28.05.2013, 15:42
| #12 |
| /// the machine /// TB-Ausbilder | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Ich würde alle dran machen, dann haste gleich en Update wie es um die steht
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.05.2013, 18:34
| #13 |
| | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Hi schrauber! Hier das Logfile vom ESET online Scan: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d7f2be57ba810b4db01e33976db56e22
# engine=13939
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-28 02:44:43
# local_time=2013-05-28 04:44:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 18240 140423588 11004 0
# compatibility_mode=5892 16776574 100 100 5465039 207285011 0 0
# scanned=10
# found=0
# cleaned=0
# scan_time=1
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d7f2be57ba810b4db01e33976db56e22
# engine=13939
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-28 04:33:17
# local_time=2013-05-28 06:33:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 24754 140430102 17518 0
# compatibility_mode=5892 16776574 100 100 5467953 207291525 0 0
# scanned=200525
# found=3
# cleaned=0
# scan_time=6283
sh=3925B0C7E4AF1E8D142EFCB1013DAD90DF3A2431 ft=1 fh=7dd8de47ed61e903 vn="a variant of Win32/Kryptik.AXMH trojan" ac=I fn="C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1015886030-3323842824-1470768695-1000\$a935c93e49e252c27a6eb9b66c51c604\n.vir"
sh=F18D87D7C547ED6118B74B2208E592F67B7FCA43 ft=1 fh=6fd2897493ee0a8a vn="Win32/Sirefef.FA trojan" ac=I fn="C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1015886030-3323842824-1470768695-1000\$a935c93e49e252c27a6eb9b66c51c604\U\80000000.@.vir"
sh=155675259B05E639451BAB5AF75CC4FA82453057 ft=1 fh=5c1581b6e7c71c26 vn="Win32/Sirefef.FL trojan" ac=I fn="C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1015886030-3323842824-1470768695-1000\$a935c93e49e252c27a6eb9b66c51c604\U\800000cb.@.vir"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2013
Ran by Silvan (administrator) on 28-05-2013 19:38:43
Running from D:\Benutzer\Silvan\Desktop
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Swisscom) C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe
(Swisscom) C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
() C:\Program Files\uniFLOW_Client\momclnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\ipmGui.exe
(Farbar) D:\Benutzer\Silvan\Desktop\FRST.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [163840 2007-10-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-03-12] (Dell Inc.)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [442433 2008-02-28] (IDT, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MOMCLIENT] C:\Program Files\uniFLOW_Client\momclnt.exe [668960 2008-09-01] ()
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [System]
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Silvan\AppData\Roaming\Mozilla\Firefox\Profiles\m70kb871.default
FF Homepage: www.google.ch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe [73728 2008-02-13] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-01] (Avira Operations GmbH & Co. KG)
R2 SesamService; C:\Program Files\Swisscom\Sesam\BIN\SecMIPService.exe [1414440 2009-11-16] (Swisscom)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe [221239 2008-02-28] (IDT, Inc.)
R2 UDM Service; C:\Program Files\Swisscom\Unlimited Data Manager\DashBoardS.exe [128296 2009-12-10] (Swisscom)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-03-12] (Dell Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-01] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-03-12] (Broadcom Corporation)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2009-12-10] (Huawei Technologies Co., Ltd.)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [149208 2008-01-31] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [277624 2008-02-16] (Creative Technology Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-26] (Avira GmbH)
R3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [39720 2009-07-20] (Swisscom)
R3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [286760 2009-07-20] (Swisscom)
S3 catchme; \??\C:\Users\Silvan\AppData\Local\Temp\catchme.sys [x]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-28 10:42 - 2013-05-28 10:42 - 00000000 ____D C:\FRST
2013-05-28 10:35 - 2013-05-28 10:35 - 00001085 ____A C:\Users\Silvan\Desktop\JRT.txt
2013-05-28 10:32 - 2013-05-28 10:32 - 00000000 ____D C:\Windows\ERUNT
2013-05-28 10:32 - 2013-05-28 10:32 - 00000000 ____D C:\JRT
2013-05-28 10:18 - 2013-05-28 10:19 - 00004238 ____A C:\AdwCleaner[S1].txt
2013-05-28 09:42 - 2013-05-28 09:42 - 00008852 ____A C:\ComboFix.txt
2013-05-28 09:31 - 2013-05-28 09:42 - 00000000 ____D C:\ComboFix
2013-05-28 09:31 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-28 09:31 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-28 09:31 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-28 09:31 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-28 09:29 - 2013-05-28 09:42 - 00000000 ____D C:\Qoobox
2013-05-28 09:28 - 2013-05-28 09:41 - 00000000 ____D C:\Windows\erdnt
2013-05-27 22:09 - 2013-05-27 22:09 - 00000000 ____A C:\Users\Silvan\defogger_reenable
2013-05-24 13:19 - 2013-05-24 13:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-24 13:19 - 2013-05-24 13:19 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-13 15:54 - 2013-05-13 15:54 - 00000000 ____D C:\Users\Silvan\AppData\Local\Macromedia
==================== One Month Modified Files and Folders ========
2013-05-28 18:56 - 2012-09-09 20:35 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-28 18:20 - 2006-11-02 14:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-28 18:20 - 2006-11-02 14:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-28 16:48 - 2008-01-21 03:35 - 02043787 ____A C:\Windows\WindowsUpdate.log
2013-05-28 16:44 - 2006-11-02 12:33 - 01445310 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-28 10:42 - 2013-05-28 10:42 - 00000000 ____D C:\FRST
2013-05-28 10:35 - 2013-05-28 10:35 - 00001085 ____A C:\Users\Silvan\Desktop\JRT.txt
2013-05-28 10:32 - 2013-05-28 10:32 - 00000000 ____D C:\Windows\ERUNT
2013-05-28 10:32 - 2013-05-28 10:32 - 00000000 ____D C:\JRT
2013-05-28 10:21 - 2012-09-09 20:35 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-28 10:20 - 2008-01-21 04:47 - 00127144 ____A C:\Windows\PFRO.log
2013-05-28 10:20 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-28 10:19 - 2013-05-28 10:18 - 00004238 ____A C:\AdwCleaner[S1].txt
2013-05-28 10:19 - 2006-11-02 15:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-28 09:42 - 2013-05-28 09:42 - 00008852 ____A C:\ComboFix.txt
2013-05-28 09:42 - 2013-05-28 09:31 - 00000000 ____D C:\ComboFix
2013-05-28 09:42 - 2013-05-28 09:29 - 00000000 ____D C:\Qoobox
2013-05-28 09:42 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default
2013-05-28 09:42 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-05-28 09:41 - 2013-05-28 09:28 - 00000000 ____D C:\Windows\erdnt
2013-05-28 09:40 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini
2013-05-27 22:09 - 2013-05-27 22:09 - 00000000 ____A C:\Users\Silvan\defogger_reenable
2013-05-27 22:09 - 2011-12-20 23:56 - 00000000 ____D C:\users\Silvan
2013-05-24 13:19 - 2013-05-24 13:19 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-24 13:19 - 2013-05-24 13:19 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-24 13:19 - 2012-01-02 21:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-23 14:11 - 2012-03-27 09:34 - 00000000 ____D C:\Users\Silvan\AppData\Roaming\vlc
2013-05-20 15:29 - 2013-03-21 15:30 - 00000000 ____D C:\Users\Silvan\AppData\Roaming\U3
2013-05-16 12:01 - 2006-11-02 14:52 - 00108975 ____A C:\Windows\setupact.log
2013-05-15 22:48 - 2006-11-02 12:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-15 08:59 - 2011-12-21 00:42 - 00000000 ____D C:\Program Files\Opera
2013-05-13 15:54 - 2013-05-13 15:54 - 00000000 ____D C:\Users\Silvan\AppData\Local\Macromedia
2013-05-09 10:29 - 2011-12-24 12:59 - 00061440 ____A C:\Users\Silvan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-07 22:39 - 2011-12-21 00:31 - 00000000 ____D C:\Users\Silvan\AppData\Local\Microsoft Help
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-05-28 10:28
==================== End Of Log ============================
Geändert von Sili2000 (28.05.2013 um 18:42 Uhr) |
|
28.05.2013, 21:03
| #14 |
| /// the machine /// TB-Ausbilder | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen hi, Downloade Dir bitte  SecurityCheck und:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Winlogon: [System]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2013, 08:00
| #15 |
| | Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Moin moin! Hier mal das checkup.txt vom Securitycheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.63
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-05-2013
Ran by Silvan at 2013-05-29 09:00:38 Run:1
Running from D:\Benutzer\Silvan\Desktop
Boot Mode: Normal
==============================================
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\System => Value deleted successfully.
==== End of Fixlog ====
Silvan |
|
| Themen zu Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen |
| 32 bit, avira, converter, desktop, dvdvideosoft ltd., exp/cve-2012-1723.jx, firefox, flash player, helper, hewlett packard, iexplore.exe, install.exe, java/dldr.klaslod.k, java/lamar.ltg.34, java/lamar.ltg.35, logfile, mp3, plug-in, programm, qskxttjnf/angxf.class, search the web, security, software, sttray.exe, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', tr/symmi.15280.1, trojaner, trojaner 'tr/crypt.xpack.gen', windows, wrapper, wuauclt.exe |
WARNUNG an die MITLESER: 
