Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.06.2013, 11:02   #1
Sere
 
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Guten Tag,

mein Antivir hat gestern den Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7 gemeldet. Beide wurden in die Quarantäne von Antivir verschoben. Ich benötige Unterstützung bei der Beseitigung der Schädlinge.

Gemäß der Anleitung im Thread "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" habe ich Defogger installiert. Ich habe mit OTL einen Scann drüber laufen lassen. Gmer ist beim scannen abgestürzt.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 01.06.2013 11:52:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jennifer\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 63,45% Memory free
6,50 Gb Paging File | 5,11 Gb Available in Paging File | 78,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,19 Gb Free Space | 14,72% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
 
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.01 10:26:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 10:34:49 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 23:04:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 23:04:20 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.28 23:04:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.11.05 22:45:55 | 001,505,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2009.11.05 22:35:26 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2008.07.03 18:10:12 | 001,597,440 | ---- | M] (Hama GmbH & Co KG) -- C:\Programme\Hama\Common\RaUI.exe
PRC - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe
PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 17:35:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 17:34:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.02.14 09:45:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll
MOD - [2013.01.10 20:37:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 20:36:44 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 20:36:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 20:36:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 20:36:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.08.25 22:44:50 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.06.29 11:31:12 | 000,652,800 | ---- | M] () -- E:\Programme\IZArc\IZArcCM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 16:39:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.28 23:04:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 23:04:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007.08.24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.03.28 23:04:49 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.28 23:04:49 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.28 23:04:49 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.15 14:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.07 19:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2009.11.05 22:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E0 96 87 13 A2 CB 01  [binary data]
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 95 3B DB 3F 23 CE 01  [binary data]
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.31 08:42:17 | 000,000,000 | ---D | M]
 
[2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions
[2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\kn3gu7ao.default\extensions
[2012.06.23 18:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.24 09:44:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.15 19:03:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.16 20:50:03 | 000,446,020 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [GarminExpressTrayApp] E:\Program Files\Garmin\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6020D34-9C42-44B9-89C9-5210E7F997A0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.23 12:49:28 | 000,000,077 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.11.01 16:25:14 | 000,000,000 | ---D | M] - F:\Autoralley -- [ NTFS ]
O33 - MountPoints2\{d71635f9-0be5-11e0-8f34-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d71635f9-0be5-11e0-8f34-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Msetup4.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.19 19:06:17 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\Garmin
[2013.05.19 19:01:14 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Neuer Ordner
[2013.05.19 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2013.05.19 18:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.05.19 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.16 11:01:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 11:01:29 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 11:01:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 11:01:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 11:01:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 11:01:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 11:01:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 11:01:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 11:01:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 11:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 09:12:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 09:12:01 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 09:11:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 09:11:55 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.16 09:11:55 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.01 11:53:37 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 11:53:37 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 11:45:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.01 11:45:33 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 11:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 10:24:43 | 000,000,000 | ---- | M] () -- C:\Users\Raphael\defogger_reenable
[2013.05.19 18:55:05 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2013.05.19 10:57:39 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.19 10:57:39 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.19 10:57:39 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.19 10:57:39 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 17:34:10 | 000,439,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:39:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 16:39:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.13 19:32:43 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Gameforge Live.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.01 10:24:43 | 000,000,000 | ---- | C] () -- C:\Users\Raphael\defogger_reenable
[2013.05.19 18:55:05 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2011.03.17 21:46:31 | 000,000,680 | RHS- | C] () -- C:\Users\Raphael\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.05 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\FOG Downloader
[2013.05.19 19:03:14 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Garmin
[2011.03.23 16:02:32 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
[2012.10.30 12:45:22 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\pdfforge
[2010.12.29 18:55:09 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\FOG Downloader
[2013.05.19 18:55:11 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Garmin
[2011.02.15 19:04:18 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\OpenOffice.org
[2012.10.30 12:43:52 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\pdfforge
[2011.03.03 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 01.06.2013 11:52:47 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jennifer\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 63,45% Memory free
6,50 Gb Paging File | 5,11 Gb Available in Paging File | 78,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,19 Gb Free Space | 14,72% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
 
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "H:\Cewe\dm-Fotowelt\dm-Fotowelt.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Foto Paradies] -- "F:\cewe\dm\dm-Fotowelt\Foto Paradies.exe" "%1" ()
Directory [Mein CEWE FOTOBUCH] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2B414A-3D8B-40BA-9359-3C33226577AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1D1939E5-B494-4359-AB9B-9E9E93EA5977}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2C63C50C-7713-418F-B076-4845B9FBC55A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3041C936-470B-46D9-8A1B-3F5CBBDE787D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{432ED99F-DF16-41CE-BBDA-72E22C30DE92}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{47B5CE20-8D1B-4AB6-B798-C3B5BB30A681}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{5429D7EE-F395-466B-B3A8-BE06E1C406B0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{62E05942-54F7-4EBF-B337-7544EF52AC97}" = lport=139 | protocol=6 | dir=in | app=system | 
"{638E6196-DF8D-468A-AE6C-493A33F0877E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71AE9208-60B3-4B97-B639-43D681446DE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7ECFAD41-01FC-4703-94A0-0A7EF4D7DF90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9268442A-E994-4DE0-9581-300C3F5D5CFB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93E1C0FF-A251-420C-AB0A-F37F305F1CC5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{95C0894C-3A40-458E-8C46-F2E5587CCD69}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9B2C5559-05D6-4983-A10D-78EF2ABF8504}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A35D4A88-7CFE-44A7-9E23-C21EB32AA79D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3E080BC-ED8F-4540-9B0F-825C91D1C66C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C3D2B7B9-406F-4F46-9449-9F0A496BC8C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DEEFA361-8A7E-4C57-82DA-67AA60741CFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E2F073BE-AFAD-403B-A9DE-E4A5DDC9CFCB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F198FB6B-2701-4C0B-878D-EA875CC32168}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FBDE392B-69A4-41A3-824D-D16F5ED9722B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050F3611-BF59-4F16-8567-3464B7E80D78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14288556-9311-45B5-9096-3E916551D52B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1A84EF6B-ADB5-4E79-B507-D2195690AB82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{26AD5F6E-C6F5-4BCD-BA63-1E40CACA8E04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{520E672D-4167-4D75-95FD-AE1041A18C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8270593D-8A4A-49E7-81BE-D4C2D7EF9951}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{87C4DE77-60FE-403E-A2A9-2C9EC48B6D14}" = protocol=6 | dir=out | app=system | 
"{8AD696AD-E23C-4C35-BD54-81ED0CCC3D80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D48E281-ED96-4006-B9DF-A646470C2FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9906632A-D70C-4D8B-A265-FBEEBA585A5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A1EE4A09-9552-4D75-B301-F7DE27A6F45D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A49342C5-C84A-4310-A88C-9C457FADD0CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B85C07E4-DD81-427A-BAF3-789B17CBCEF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BFED79BE-E46E-4DCB-8C05-CDA058A4CB55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C2ED17D4-F836-43AE-B6F9-8C0377FE6642}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CDD03498-7A8F-428B-B4D7-589A46DCD8DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CFDA44FA-510F-4ADF-BA43-ABF5FEFBDC18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E80B11D0-1013-4DA2-B91C-3AF81AFB1914}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F69A80A9-3329-4975-A1BF-0FCEB1EB05C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA513E17-7362-44AF-8BB9-FD06675EA418}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF148A5A-D34C-45CA-86C0-682D764DA95C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{8A7455F9-85C1-4A75-B6C2-EAE44775E499}E:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\program files\runes of magic\client.exe | 
"TCP Query User{9B131DDB-C3B2-40A4-AEA6-204BD12B76AD}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe | 
"TCP Query User{B7BB0A1C-8E91-4CC3-A67F-6B6CC34EA13A}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe | 
"UDP Query User{5A10F57B-746F-4096-89BA-AAC9970FD063}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe | 
"UDP Query User{C464BDB6-7DE6-485D-80DA-D35E25B518EC}E:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\program files\runes of magic\client.exe | 
"UDP Query User{F2864DC7-95BF-4853-AEF0-6CED531A48FF}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{06092909-8851-C581-F990-7195076FDAEF}" = CCC Help Czech
"{0CA04779-346C-30FD-EB9B-8EEA2CE094B3}" = CCC Help Thai
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1B3B5C60-70B8-F022-5497-03FD2772586C}" = CCC Help Greek
"{1C160168-BF5B-72FE-BAFA-6DD5F737404C}" = CCC Help Chinese Standard
"{1ED3EBF6-A130-4B3B-B01A-C29B067798B3}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{278AD90C-D27D-AA89-58DF-AD13852D51CA}" = CCC Help Spanish
"{2CDBFF1A-6433-E94D-CA25-831FDB9775E9}" = CCC Help Italian
"{31DED885-1124-0E58-97FB-73E4EF692E8D}" = CCC Help Hungarian
"{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static
"{38D65ABC-A00B-6E13-2EF3-826CFC8CFC14}" = CCC Help French
"{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEBD42E-4DC7-A874-645B-28B63907E930}" = ATI AVIVO Codecs
"{3F8B39A4-B7CE-B036-941C-A8DB57676B04}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF9BBA-E137-7309-7BF9-567ADAB6B4E6}" = CCC Help Turkish
"{51AD839D-CE11-B9E3-227D-03BC89F227C8}" = CCC Help Danish
"{55043DDE-D718-C7F7-9B4C-2B3D818D8A1F}" = Catalyst Control Center InstallProxy
"{5774B4C1-8579-D5D9-8D38-A0CE32B6736C}" = CCC Help German
"{5D19BB0D-9B04-5B85-9295-4E11BCB1C2C3}" = CCC Help Polish
"{5D8A076D-F75E-A149-10D8-87338721AA3A}" = ATI Catalyst Install Manager
"{60341104-FC8E-EF26-12CB-93B17DF55976}" = CCC Help Japanese
"{62161867-51F1-9FB8-0E6E-FE49D89CBB71}" = CCC Help Dutch
"{6494E146-418F-85E1-142E-D2F122C75274}" = ccc-utility
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{6A7E9B60-4698-F505-CAD3-05F8AB22FB61}" = CCC Help Russian
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common
"{7CE47764-9A8F-380D-FB9E-FCFC37B9F727}" = CCC Help Korean
"{85D27E0C-6185-58BC-94B6-E5EED97962D8}" = AMD Drag and Drop Transcoding
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9ED77550-AF66-2B7E-97E1-34B3BFDEAC6D}" = CCC Help Swedish
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E6252F-8DC2-B508-D412-1C427CDB3448}" = CCC Help Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCB6F9DC-A0FF-621E-DE53-877E63864DD1}" = CCC Help Chinese Traditional
"{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Ceville" = Ceville 1.0
"dm-Fotowelt" = dm-Fotowelt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foto Paradies" = Foto Paradies
"Jack Keane" = Jack Keane
"Jewels of Atlantis/DE-German_is1" = Jewels of Atlantis
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"S4Uninst" = Die Siedler IV
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.05.2013 03:43:24 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 20.05.2013 11:48:55 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 21.05.2013 12:11:08 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 23.05.2013 04:33:50 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.05.2013 07:36:24 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 26.05.2013 14:04:42 | Computer Name = Jennifer-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 27.05.2013 11:00:45 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 28.05.2013 09:34:58 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 29.05.2013 17:38:27 | Computer Name = Jennifer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "e:\programme\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "e:\programme\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 01.06.2013 05:19:30 | Computer Name = Jennifer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0,
 Zeitstempel: 0x515d31f0  Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version:
 2.1.19163.0, Zeitstempel: 0x515d31f0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00012288
ID
 des fehlerhaften Prozesses: 0x8c8  Startzeit der fehlerhaften Anwendung: 0x01ce5ea8fadf6e54
Pfad
 der fehlerhaften Anwendung: C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe  Pfad des
 fehlerhaften Moduls: C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe  Berichtskennung:
 5cc5ea58-ca9c-11e2-af58-6c626d75ece4
 
[ OSession Events ]
Error - 02.07.2011 16:14:35 | Computer Name = Jennifer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2773
 seconds with 1920 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.05.2013 03:28:15 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 22.05.2013 12:09:42 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 23.05.2013 09:22:11 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 24.05.2013 05:40:09 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 24.05.2013 10:45:54 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.05.2013 10:59:16 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.05.2013 11:18:04 | Computer Name = Jennifer-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?05.?2013 um 17:11:57 unerwartet heruntergefahren.
 
Error - 29.05.2013 17:40:05 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 29.05.2013 17:56:46 | Computer Name = Jennifer-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.05.2013 05:40:49 | Computer Name = Jennifer-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
Vielen Dank im Voraus.

Gruß
Sere

Alt 01.06.2013, 11:56   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Hi,

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 01.06.2013, 12:21   #3
Sere
 
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Hallo Schrauber,

erstmal Danke für deine Unterstützung.

TDSSKiller:
Code:
ATTFilter
13:12:29.0204 3752  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:12:29.0422 3752  ============================================================
13:12:29.0422 3752  Current date / time: 2013/06/01 13:12:29.0422
13:12:29.0422 3752  SystemInfo:
13:12:29.0422 3752  
13:12:29.0422 3752  OS Version: 6.1.7601 ServicePack: 1.0
13:12:29.0422 3752  Product type: Workstation
13:12:29.0422 3752  ComputerName: JENNIFER-PC
13:12:29.0422 3752  UserName: Raphael
13:12:29.0422 3752  Windows directory: C:\Windows
13:12:29.0422 3752  System windows directory: C:\Windows
13:12:29.0422 3752  Processor architecture: Intel x86
13:12:29.0422 3752  Number of processors: 4
13:12:29.0422 3752  Page size: 0x1000
13:12:29.0422 3752  Boot type: Normal boot
13:12:29.0422 3752  ============================================================
13:12:30.0655 3752  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:12:30.0655 3752  Drive \Device\Harddisk1\DR1 - Size: 0x76C000000 (29.69 Gb), SectorSize: 0x200, Cylinders: 0xF23, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:12:30.0655 3752  ============================================================
13:12:30.0655 3752  \Device\Harddisk0\DR0:
13:12:30.0655 3752  MBR partitions:
13:12:30.0655 3752  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
13:12:30.0655 3752  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A8000, BlocksNum 0x186A0000
13:12:30.0655 3752  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E848000, BlocksNum 0x1BB3D000
13:12:30.0655 3752  \Device\Harddisk1\DR1:
13:12:30.0655 3752  MBR partitions:
13:12:30.0655 3752  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x60, BlocksNum 0x3B5FFA0
13:12:30.0655 3752  ============================================================
13:12:30.0686 3752  C: <-> \Device\Harddisk0\DR0\Partition1
13:12:30.0701 3752  E: <-> \Device\Harddisk0\DR0\Partition2
13:12:30.0717 3752  F: <-> \Device\Harddisk0\DR0\Partition3
13:12:30.0717 3752  ============================================================
13:12:30.0717 3752  Initialize success
13:12:30.0717 3752  ============================================================
13:13:28.0889 3452  ============================================================
13:13:28.0889 3452  Scan started
13:13:28.0889 3452  Mode: Manual; 
13:13:28.0889 3452  ============================================================
13:13:29.0529 3452  ================ Scan system memory ========================
13:13:29.0529 3452  System memory - ok
13:13:29.0529 3452  ================ Scan services =============================
13:13:29.0654 3452  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:13:29.0669 3452  1394ohci - ok
13:13:29.0701 3452  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:13:29.0701 3452  ACPI - ok
13:13:29.0732 3452  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:13:29.0732 3452  AcpiPmi - ok
13:13:29.0794 3452  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:13:29.0794 3452  AdobeARMservice - ok
13:13:29.0857 3452  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:13:29.0888 3452  AdobeFlashPlayerUpdateSvc - ok
13:13:29.0919 3452  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:13:29.0935 3452  adp94xx - ok
13:13:29.0950 3452  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:13:29.0966 3452  adpahci - ok
13:13:29.0981 3452  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:13:29.0981 3452  adpu320 - ok
13:13:30.0013 3452  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:13:30.0013 3452  AeLookupSvc - ok
13:13:30.0059 3452  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
13:13:30.0091 3452  AFD - ok
13:13:30.0122 3452  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
13:13:30.0137 3452  agp440 - ok
13:13:30.0153 3452  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
13:13:30.0153 3452  aic78xx - ok
13:13:30.0169 3452  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
13:13:30.0184 3452  ALG - ok
13:13:30.0184 3452  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:13:30.0200 3452  aliide - ok
13:13:30.0231 3452  [ 369FC70BDBAA2D13E0E66647E14CECEF ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:13:30.0231 3452  AMD External Events Utility - ok
13:13:30.0247 3452  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:13:30.0247 3452  amdagp - ok
13:13:30.0262 3452  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:13:30.0262 3452  amdide - ok
13:13:30.0278 3452  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:13:30.0293 3452  AmdK8 - ok
13:13:30.0434 3452  [ DA3CF5B94AD09290896E2B73DF6D4173 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:13:30.0715 3452  amdkmdag - ok
13:13:30.0730 3452  [ 46A3F55772FD2D1526994693AE352579 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:13:30.0746 3452  amdkmdap - ok
13:13:30.0777 3452  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:13:30.0777 3452  AmdPPM - ok
13:13:30.0793 3452  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:13:30.0808 3452  amdsata - ok
13:13:30.0824 3452  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:13:30.0839 3452  amdsbs - ok
13:13:30.0871 3452  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:13:30.0871 3452  amdxata - ok
13:13:30.0933 3452  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:13:30.0933 3452  AntiVirSchedulerService - ok
13:13:30.0980 3452  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:13:30.0980 3452  AntiVirService - ok
13:13:31.0011 3452  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
13:13:31.0011 3452  AppID - ok
13:13:31.0058 3452  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:13:31.0058 3452  AppIDSvc - ok
13:13:31.0089 3452  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
13:13:31.0105 3452  Appinfo - ok
13:13:31.0120 3452  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:13:31.0136 3452  arc - ok
13:13:31.0151 3452  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:13:31.0151 3452  arcsas - ok
13:13:31.0167 3452  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:13:31.0167 3452  AsyncMac - ok
13:13:31.0183 3452  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
13:13:31.0183 3452  atapi - ok
13:13:31.0214 3452  [ 7B4342936A3885CFE18E5D1DF6D55BC5 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
13:13:31.0229 3452  AtiHDAudioService - ok
13:13:31.0261 3452  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:13:31.0276 3452  AudioEndpointBuilder - ok
13:13:31.0292 3452  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:13:31.0292 3452  Audiosrv - ok
13:13:31.0354 3452  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:13:31.0370 3452  avgntflt - ok
13:13:31.0401 3452  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:13:31.0417 3452  avipbb - ok
13:13:31.0463 3452  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:13:31.0479 3452  avkmgr - ok
13:13:31.0510 3452  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:13:31.0510 3452  AxInstSV - ok
13:13:31.0526 3452  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
13:13:31.0541 3452  b06bdrv - ok
13:13:31.0557 3452  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
13:13:31.0573 3452  b57nd60x - ok
13:13:31.0588 3452  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:13:31.0604 3452  BDESVC - ok
13:13:31.0619 3452  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:13:31.0619 3452  Beep - ok
13:13:31.0666 3452  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
13:13:31.0713 3452  BFE - ok
13:13:31.0744 3452  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
13:13:31.0744 3452  BITS - ok
13:13:31.0760 3452  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:13:31.0760 3452  blbdrive - ok
13:13:31.0807 3452  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:13:31.0807 3452  bowser - ok
13:13:31.0822 3452  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:13:31.0822 3452  BrFiltLo - ok
13:13:31.0838 3452  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:13:31.0838 3452  BrFiltUp - ok
13:13:31.0853 3452  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
13:13:31.0869 3452  Browser - ok
13:13:31.0885 3452  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:13:31.0900 3452  Brserid - ok
13:13:31.0900 3452  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:13:31.0916 3452  BrSerWdm - ok
13:13:31.0916 3452  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:13:31.0916 3452  BrUsbMdm - ok
13:13:31.0931 3452  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:13:31.0931 3452  BrUsbSer - ok
13:13:31.0931 3452  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:13:31.0931 3452  BTHMODEM - ok
13:13:31.0947 3452  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
13:13:31.0947 3452  bthserv - ok
13:13:31.0963 3452  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:13:31.0978 3452  cdfs - ok
13:13:32.0025 3452  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
13:13:32.0041 3452  cdrom - ok
13:13:32.0072 3452  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:13:32.0087 3452  CertPropSvc - ok
13:13:32.0087 3452  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:13:32.0103 3452  circlass - ok
13:13:32.0119 3452  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
13:13:32.0134 3452  CLFS - ok
13:13:32.0181 3452  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:32.0197 3452  clr_optimization_v2.0.50727_32 - ok
13:13:32.0259 3452  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:13:32.0290 3452  clr_optimization_v4.0.30319_32 - ok
13:13:32.0306 3452  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:13:32.0306 3452  CmBatt - ok
13:13:32.0337 3452  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:13:32.0353 3452  cmdide - ok
13:13:32.0368 3452  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:13:32.0384 3452  CNG - ok
13:13:32.0384 3452  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:13:32.0399 3452  Compbatt - ok
13:13:32.0415 3452  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:13:32.0431 3452  CompositeBus - ok
13:13:32.0446 3452  COMSysApp - ok
13:13:32.0462 3452  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:13:32.0477 3452  crcdisk - ok
13:13:32.0509 3452  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:13:32.0509 3452  CryptSvc - ok
13:13:32.0555 3452  [ 91C1736E77CFF029302728B431D0EEDB ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
13:13:32.0555 3452  dc3d - ok
13:13:32.0602 3452  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:13:32.0602 3452  DcomLaunch - ok
13:13:32.0618 3452  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:13:32.0633 3452  defragsvc - ok
13:13:32.0665 3452  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:13:32.0665 3452  DfsC - ok
13:13:32.0696 3452  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:13:32.0711 3452  Dhcp - ok
13:13:32.0727 3452  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
13:13:32.0727 3452  discache - ok
13:13:32.0758 3452  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:13:32.0758 3452  Disk - ok
13:13:32.0789 3452  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:13:32.0789 3452  Dnscache - ok
13:13:32.0821 3452  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:13:32.0836 3452  dot3svc - ok
13:13:32.0867 3452  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
13:13:32.0867 3452  DPS - ok
13:13:32.0883 3452  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:13:32.0883 3452  drmkaud - ok
13:13:32.0930 3452  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:13:32.0961 3452  DXGKrnl - ok
13:13:32.0992 3452  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
13:13:33.0008 3452  EapHost - ok
13:13:33.0101 3452  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
13:13:33.0164 3452  ebdrv - ok
13:13:33.0179 3452  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
13:13:33.0179 3452  EFS - ok
13:13:33.0211 3452  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:13:33.0257 3452  ehRecvr - ok
13:13:33.0273 3452  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
13:13:33.0289 3452  ehSched - ok
13:13:33.0304 3452  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:13:33.0320 3452  elxstor - ok
13:13:33.0335 3452  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:13:33.0335 3452  ErrDev - ok
13:13:33.0367 3452  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
13:13:33.0382 3452  EventSystem - ok
13:13:33.0398 3452  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
13:13:33.0413 3452  exfat - ok
13:13:33.0413 3452  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:13:33.0429 3452  fastfat - ok
13:13:33.0460 3452  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
13:13:33.0476 3452  Fax - ok
13:13:33.0476 3452  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:13:33.0491 3452  fdc - ok
13:13:33.0507 3452  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
13:13:33.0507 3452  fdPHost - ok
13:13:33.0507 3452  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
13:13:33.0523 3452  FDResPub - ok
13:13:33.0538 3452  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:13:33.0538 3452  FileInfo - ok
13:13:33.0554 3452  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:13:33.0554 3452  Filetrace - ok
13:13:33.0569 3452  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:13:33.0569 3452  flpydisk - ok
13:13:33.0585 3452  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:13:33.0601 3452  FltMgr - ok
13:13:33.0632 3452  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
13:13:33.0679 3452  FontCache - ok
13:13:33.0725 3452  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:33.0741 3452  FontCache3.0.0.0 - ok
13:13:33.0757 3452  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:13:33.0757 3452  FsDepends - ok
13:13:33.0788 3452  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:13:33.0788 3452  Fs_Rec - ok
13:13:33.0819 3452  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:13:33.0835 3452  fvevol - ok
13:13:33.0850 3452  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:13:33.0866 3452  gagp30kx - ok
13:13:33.0944 3452  [ 2973B4EB7BE10A0D491B2037DCAAE88F ] Garmin Core Update Service E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
13:13:33.0944 3452  Garmin Core Update Service - ok
13:13:33.0975 3452  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:13:34.0037 3452  gpsvc - ok
13:13:34.0053 3452  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:13:34.0053 3452  hcw85cir - ok
13:13:34.0100 3452  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:13:34.0115 3452  HdAudAddService - ok
13:13:34.0131 3452  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:13:34.0131 3452  HDAudBus - ok
13:13:34.0147 3452  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:13:34.0147 3452  HidBatt - ok
13:13:34.0162 3452  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:13:34.0178 3452  HidBth - ok
13:13:34.0193 3452  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:13:34.0209 3452  HidIr - ok
13:13:34.0225 3452  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
13:13:34.0225 3452  hidserv - ok
13:13:34.0256 3452  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:13:34.0256 3452  HidUsb - ok
13:13:34.0287 3452  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:13:34.0303 3452  hkmsvc - ok
13:13:34.0318 3452  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:13:34.0334 3452  HomeGroupListener - ok
13:13:34.0365 3452  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:13:34.0381 3452  HomeGroupProvider - ok
13:13:34.0396 3452  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:13:34.0412 3452  HpSAMD - ok
13:13:34.0443 3452  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:13:34.0459 3452  HTTP - ok
13:13:34.0490 3452  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:13:34.0490 3452  hwpolicy - ok
13:13:34.0521 3452  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:13:34.0537 3452  i8042prt - ok
13:13:34.0552 3452  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:13:34.0568 3452  iaStorV - ok
13:13:34.0615 3452  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:13:34.0677 3452  idsvc - ok
13:13:34.0693 3452  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:13:34.0693 3452  iirsp - ok
13:13:34.0739 3452  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:13:34.0771 3452  IKEEXT - ok
13:13:34.0802 3452  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:13:34.0802 3452  intelide - ok
13:13:34.0817 3452  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:13:34.0833 3452  intelppm - ok
13:13:34.0849 3452  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:13:34.0864 3452  IPBusEnum - ok
13:13:34.0880 3452  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:13:34.0880 3452  IpFilterDriver - ok
13:13:34.0895 3452  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:13:34.0911 3452  iphlpsvc - ok
13:13:34.0927 3452  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:13:34.0927 3452  IPMIDRV - ok
13:13:34.0942 3452  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:13:34.0958 3452  IPNAT - ok
13:13:34.0973 3452  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:13:34.0973 3452  IRENUM - ok
13:13:35.0005 3452  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:13:35.0005 3452  isapnp - ok
13:13:35.0020 3452  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:13:35.0036 3452  iScsiPrt - ok
13:13:35.0051 3452  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:13:35.0067 3452  kbdclass - ok
13:13:35.0098 3452  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:13:35.0114 3452  kbdhid - ok
13:13:35.0129 3452  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
13:13:35.0129 3452  KeyIso - ok
13:13:35.0161 3452  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:13:35.0161 3452  KSecDD - ok
13:13:35.0192 3452  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:13:35.0207 3452  KSecPkg - ok
13:13:35.0207 3452  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:13:35.0223 3452  KtmRm - ok
13:13:35.0270 3452  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:13:35.0285 3452  LanmanServer - ok
13:13:35.0301 3452  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:13:35.0317 3452  LanmanWorkstation - ok
13:13:35.0332 3452  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:13:35.0348 3452  lltdio - ok
13:13:35.0363 3452  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:13:35.0363 3452  lltdsvc - ok
13:13:35.0379 3452  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:13:35.0395 3452  lmhosts - ok
13:13:35.0410 3452  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:13:35.0410 3452  LSI_FC - ok
13:13:35.0426 3452  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:13:35.0426 3452  LSI_SAS - ok
13:13:35.0457 3452  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:13:35.0457 3452  LSI_SAS2 - ok
13:13:35.0473 3452  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:13:35.0473 3452  LSI_SCSI - ok
13:13:35.0488 3452  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
13:13:35.0488 3452  luafv - ok
13:13:35.0519 3452  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:13:35.0519 3452  Mcx2Svc - ok
13:13:35.0535 3452  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:13:35.0535 3452  megasas - ok
13:13:35.0551 3452  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:13:35.0551 3452  MegaSR - ok
13:13:35.0629 3452  [ 033B947AF4A997820E86FCB070B1F450 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:13:35.0644 3452  Microsoft Office Groove Audit Service - ok
13:13:35.0660 3452  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
13:13:35.0660 3452  MMCSS - ok
13:13:35.0675 3452  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
13:13:35.0675 3452  Modem - ok
13:13:35.0691 3452  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:13:35.0691 3452  monitor - ok
13:13:35.0707 3452  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:13:35.0722 3452  mouclass - ok
13:13:35.0722 3452  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:13:35.0738 3452  mouhid - ok
13:13:35.0753 3452  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:13:35.0769 3452  mountmgr - ok
13:13:35.0816 3452  [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:13:35.0831 3452  MozillaMaintenance - ok
13:13:35.0863 3452  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:13:35.0863 3452  mpio - ok
13:13:35.0894 3452  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:13:35.0894 3452  mpsdrv - ok
13:13:35.0925 3452  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:13:35.0956 3452  MpsSvc - ok
13:13:35.0972 3452  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:13:35.0987 3452  MRxDAV - ok
13:13:36.0003 3452  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:13:36.0019 3452  mrxsmb - ok
13:13:36.0050 3452  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:13:36.0065 3452  mrxsmb10 - ok
13:13:36.0065 3452  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:13:36.0081 3452  mrxsmb20 - ok
13:13:36.0097 3452  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
13:13:36.0112 3452  msahci - ok
13:13:36.0143 3452  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:13:36.0143 3452  msdsm - ok
13:13:36.0175 3452  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
13:13:36.0190 3452  MSDTC - ok
13:13:36.0206 3452  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:13:36.0206 3452  Msfs - ok
13:13:36.0221 3452  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:13:36.0237 3452  mshidkmdf - ok
13:13:36.0253 3452  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:13:36.0253 3452  msisadrv - ok
13:13:36.0284 3452  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:13:36.0284 3452  MSiSCSI - ok
13:13:36.0299 3452  msiserver - ok
13:13:36.0315 3452  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:13:36.0315 3452  MSKSSRV - ok
13:13:36.0331 3452  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:13:36.0346 3452  MSPCLOCK - ok
13:13:36.0346 3452  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:13:36.0346 3452  MSPQM - ok
13:13:36.0362 3452  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:13:36.0362 3452  MsRPC - ok
13:13:36.0377 3452  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:13:36.0377 3452  mssmbios - ok
13:13:36.0393 3452  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:13:36.0393 3452  MSTEE - ok
13:13:36.0393 3452  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:13:36.0409 3452  MTConfig - ok
13:13:36.0409 3452  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:13:36.0424 3452  Mup - ok
13:13:36.0440 3452  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
13:13:36.0455 3452  napagent - ok
13:13:36.0471 3452  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:13:36.0487 3452  NativeWifiP - ok
13:13:36.0533 3452  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:13:36.0549 3452  NDIS - ok
13:13:36.0565 3452  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:13:36.0580 3452  NdisCap - ok
13:13:36.0580 3452  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:13:36.0596 3452  NdisTapi - ok
13:13:36.0611 3452  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:13:36.0611 3452  Ndisuio - ok
13:13:36.0643 3452  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:13:36.0658 3452  NdisWan - ok
13:13:36.0689 3452  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:13:36.0705 3452  NDProxy - ok
13:13:36.0705 3452  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:13:36.0721 3452  NetBIOS - ok
13:13:36.0736 3452  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:13:36.0752 3452  NetBT - ok
13:13:36.0767 3452  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
13:13:36.0767 3452  Netlogon - ok
13:13:36.0799 3452  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
13:13:36.0814 3452  Netman - ok
13:13:36.0830 3452  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
13:13:36.0892 3452  netprofm - ok
13:13:36.0923 3452  [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
13:13:36.0970 3452  netr28u - ok
13:13:37.0001 3452  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:13:37.0017 3452  NetTcpPortSharing - ok
13:13:37.0033 3452  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:13:37.0033 3452  nfrd960 - ok
13:13:37.0048 3452  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:13:37.0064 3452  NlaSvc - ok
13:13:37.0079 3452  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:13:37.0079 3452  Npfs - ok
13:13:37.0079 3452  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
13:13:37.0095 3452  nsi - ok
13:13:37.0095 3452  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:13:37.0111 3452  nsiproxy - ok
13:13:37.0142 3452  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:13:37.0204 3452  Ntfs - ok
13:13:37.0204 3452  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
13:13:37.0204 3452  Null - ok
13:13:37.0251 3452  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:13:37.0267 3452  nvraid - ok
13:13:37.0298 3452  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:13:37.0313 3452  nvstor - ok
13:13:37.0345 3452  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:13:37.0360 3452  nv_agp - ok
13:13:37.0423 3452  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:13:37.0454 3452  odserv - ok
13:13:37.0485 3452  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:13:37.0485 3452  ohci1394 - ok
13:13:37.0532 3452  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:13:37.0532 3452  ose - ok
13:13:37.0563 3452  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:13:37.0563 3452  p2pimsvc - ok
13:13:37.0579 3452  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:13:37.0594 3452  p2psvc - ok
13:13:37.0610 3452  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:13:37.0625 3452  Parport - ok
13:13:37.0641 3452  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:13:37.0657 3452  partmgr - ok
13:13:37.0657 3452  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
13:13:37.0672 3452  Parvdm - ok
13:13:37.0672 3452  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:13:37.0688 3452  PcaSvc - ok
13:13:37.0719 3452  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
13:13:37.0719 3452  pci - ok
13:13:37.0735 3452  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
13:13:37.0735 3452  pciide - ok
13:13:37.0750 3452  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:13:37.0766 3452  pcmcia - ok
13:13:37.0766 3452  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
13:13:37.0781 3452  pcw - ok
13:13:37.0797 3452  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:13:37.0828 3452  PEAUTH - ok
13:13:37.0891 3452  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
13:13:37.0937 3452  pla - ok
13:13:37.0969 3452  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:13:38.0000 3452  PlugPlay - ok
13:13:38.0000 3452  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:13:38.0015 3452  PNRPAutoReg - ok
13:13:38.0015 3452  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:13:38.0015 3452  PNRPsvc - ok
13:13:38.0047 3452  [ 04DF0452FBEDEDF9297FD2E5440CB3C9 ] Point32         C:\Windows\system32\DRIVERS\point32k.sys
13:13:38.0047 3452  Point32 - ok
13:13:38.0062 3452  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:13:38.0062 3452  PolicyAgent - ok
13:13:38.0093 3452  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
13:13:38.0093 3452  Power - ok
13:13:38.0109 3452  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:13:38.0109 3452  PptpMiniport - ok
13:13:38.0125 3452  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:13:38.0125 3452  Processor - ok
13:13:38.0156 3452  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
13:13:38.0171 3452  ProfSvc - ok
13:13:38.0171 3452  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:13:38.0187 3452  ProtectedStorage - ok
13:13:38.0203 3452  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:13:38.0203 3452  Psched - ok
13:13:38.0249 3452  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:13:38.0327 3452  ql2300 - ok
13:13:38.0343 3452  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:13:38.0359 3452  ql40xx - ok
13:13:38.0374 3452  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
13:13:38.0390 3452  QWAVE - ok
13:13:38.0405 3452  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:13:38.0405 3452  QWAVEdrv - ok
13:13:38.0452 3452  [ 432F5B15E21A54B48072593F03570326 ] RalinkRegistryWriter C:\Program Files\Hama\Common\RalinkRegistryWriter.exe
13:13:38.0452 3452  RalinkRegistryWriter - ok
13:13:38.0468 3452  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:13:38.0468 3452  RasAcd - ok
13:13:38.0499 3452  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:13:38.0499 3452  RasAgileVpn - ok
13:13:38.0515 3452  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
13:13:38.0530 3452  RasAuto - ok
13:13:38.0530 3452  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:13:38.0546 3452  Rasl2tp - ok
13:13:38.0561 3452  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
13:13:38.0577 3452  RasMan - ok
13:13:38.0593 3452  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:13:38.0593 3452  RasPppoe - ok
13:13:38.0608 3452  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:13:38.0608 3452  RasSstp - ok
13:13:38.0624 3452  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:13:38.0639 3452  rdbss - ok
13:13:38.0639 3452  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:13:38.0655 3452  rdpbus - ok
13:13:38.0671 3452  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:13:38.0671 3452  RDPCDD - ok
13:13:38.0702 3452  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:13:38.0702 3452  RDPENCDD - ok
13:13:38.0702 3452  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:13:38.0717 3452  RDPREFMP - ok
13:13:38.0733 3452  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:13:38.0733 3452  RDPWD - ok
13:13:38.0764 3452  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:13:38.0780 3452  rdyboost - ok
13:13:38.0795 3452  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:13:38.0795 3452  RemoteAccess - ok
13:13:38.0811 3452  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:13:38.0811 3452  RemoteRegistry - ok
13:13:38.0827 3452  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:13:38.0827 3452  RpcEptMapper - ok
13:13:38.0842 3452  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
13:13:38.0842 3452  RpcLocator - ok
13:13:38.0889 3452  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
13:13:38.0889 3452  RpcSs - ok
13:13:38.0905 3452  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:13:38.0920 3452  rspndr - ok
13:13:38.0951 3452  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
13:13:38.0967 3452  RTL8167 - ok
13:13:38.0967 3452  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
13:13:38.0967 3452  SamSs - ok
13:13:38.0998 3452  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:13:39.0014 3452  sbp2port - ok
13:13:39.0029 3452  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:13:39.0045 3452  SCardSvr - ok
13:13:39.0061 3452  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:13:39.0061 3452  scfilter - ok
13:13:39.0092 3452  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
13:13:39.0154 3452  Schedule - ok
13:13:39.0170 3452  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:13:39.0170 3452  SCPolicySvc - ok
13:13:39.0185 3452  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:13:39.0201 3452  SDRSVC - ok
13:13:39.0217 3452  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:13:39.0217 3452  secdrv - ok
13:13:39.0232 3452  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
13:13:39.0232 3452  seclogon - ok
13:13:39.0248 3452  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
13:13:39.0248 3452  SENS - ok
13:13:39.0263 3452  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:13:39.0263 3452  SensrSvc - ok
13:13:39.0279 3452  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:13:39.0279 3452  Serenum - ok
13:13:39.0295 3452  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:13:39.0295 3452  Serial - ok
13:13:39.0310 3452  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:13:39.0326 3452  sermouse - ok
13:13:39.0341 3452  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:13:39.0357 3452  SessionEnv - ok
13:13:39.0373 3452  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:13:39.0373 3452  sffdisk - ok
13:13:39.0388 3452  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:13:39.0388 3452  sffp_mmc - ok
13:13:39.0404 3452  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:13:39.0404 3452  sffp_sd - ok
13:13:39.0419 3452  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:13:39.0419 3452  sfloppy - ok
13:13:39.0435 3452  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:13:39.0451 3452  SharedAccess - ok
13:13:39.0466 3452  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:13:39.0466 3452  ShellHWDetection - ok
13:13:39.0482 3452  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:13:39.0482 3452  sisagp - ok
13:13:39.0513 3452  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:13:39.0513 3452  SiSRaid2 - ok
13:13:39.0529 3452  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:13:39.0529 3452  SiSRaid4 - ok
13:13:39.0544 3452  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:13:39.0560 3452  Smb - ok
13:13:39.0560 3452  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:13:39.0560 3452  SNMPTRAP - ok
13:13:39.0575 3452  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:13:39.0591 3452  spldr - ok
13:13:39.0607 3452  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
13:13:39.0638 3452  Spooler - ok
13:13:39.0716 3452  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
13:13:39.0763 3452  sppsvc - ok
13:13:39.0794 3452  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:13:39.0794 3452  sppuinotify - ok
13:13:39.0809 3452  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:13:39.0825 3452  srv - ok
13:13:39.0841 3452  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:13:39.0856 3452  srv2 - ok
13:13:39.0872 3452  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:13:39.0872 3452  srvnet - ok
13:13:39.0903 3452  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:13:39.0903 3452  SSDPSRV - ok
13:13:39.0965 3452  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
13:13:39.0981 3452  ssmdrv - ok
13:13:39.0997 3452  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:13:40.0012 3452  SstpSvc - ok
13:13:40.0012 3452  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:13:40.0028 3452  stexstor - ok
13:13:40.0059 3452  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
13:13:40.0090 3452  StiSvc - ok
13:13:40.0106 3452  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:13:40.0106 3452  swenum - ok
13:13:40.0121 3452  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
13:13:40.0137 3452  swprv - ok
13:13:40.0168 3452  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
13:13:40.0184 3452  SysMain - ok
13:13:40.0199 3452  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:13:40.0215 3452  TabletInputService - ok
13:13:40.0246 3452  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:13:40.0246 3452  TapiSrv - ok
13:13:40.0262 3452  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
13:13:40.0262 3452  TBS - ok
13:13:40.0324 3452  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:13:40.0371 3452  Tcpip - ok
13:13:40.0402 3452  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:13:40.0418 3452  TCPIP6 - ok
13:13:40.0449 3452  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:13:40.0449 3452  tcpipreg - ok
13:13:40.0465 3452  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:13:40.0465 3452  TDPIPE - ok
13:13:40.0496 3452  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:13:40.0496 3452  TDTCP - ok
13:13:40.0527 3452  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:13:40.0527 3452  tdx - ok
13:13:40.0543 3452  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:13:40.0543 3452  TermDD - ok
13:13:40.0574 3452  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
13:13:40.0589 3452  TermService - ok
13:13:40.0589 3452  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
13:13:40.0589 3452  Themes - ok
13:13:40.0605 3452  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
13:13:40.0605 3452  THREADORDER - ok
13:13:40.0621 3452  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
13:13:40.0621 3452  TrkWks - ok
13:13:40.0652 3452  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:13:40.0667 3452  TrustedInstaller - ok
13:13:40.0699 3452  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:13:40.0714 3452  tssecsrv - ok
13:13:40.0745 3452  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:13:40.0745 3452  TsUsbFlt - ok
13:13:40.0777 3452  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:13:40.0777 3452  tunnel - ok
13:13:40.0792 3452  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:13:40.0808 3452  uagp35 - ok
13:13:40.0823 3452  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:13:40.0823 3452  udfs - ok
13:13:40.0839 3452  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:13:40.0839 3452  UI0Detect - ok
13:13:40.0870 3452  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:13:40.0886 3452  uliagpkx - ok
13:13:40.0901 3452  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
13:13:40.0917 3452  umbus - ok
13:13:40.0933 3452  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:13:40.0933 3452  UmPass - ok
13:13:40.0948 3452  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
13:13:40.0964 3452  upnphost - ok
13:13:40.0979 3452  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:13:40.0995 3452  usbccgp - ok
13:13:41.0026 3452  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:13:41.0026 3452  usbcir - ok
13:13:41.0042 3452  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:13:41.0042 3452  usbehci - ok
13:13:41.0073 3452  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:13:41.0073 3452  usbhub - ok
13:13:41.0104 3452  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:13:41.0104 3452  usbohci - ok
13:13:41.0120 3452  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:13:41.0120 3452  usbprint - ok
13:13:41.0135 3452  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:13:41.0151 3452  USBSTOR - ok
13:13:41.0151 3452  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:13:41.0167 3452  usbuhci - ok
13:13:41.0167 3452  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
13:13:41.0182 3452  UxSms - ok
13:13:41.0182 3452  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
13:13:41.0182 3452  VaultSvc - ok
13:13:41.0198 3452  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:13:41.0198 3452  vdrvroot - ok
13:13:41.0229 3452  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
13:13:41.0276 3452  vds - ok
13:13:41.0291 3452  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:13:41.0291 3452  vga - ok
13:13:41.0307 3452  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:13:41.0307 3452  VgaSave - ok
13:13:41.0323 3452  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:13:41.0338 3452  vhdmp - ok
13:13:41.0338 3452  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:13:41.0354 3452  viaagp - ok
13:13:41.0369 3452  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
13:13:41.0369 3452  ViaC7 - ok
13:13:41.0385 3452  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
13:13:41.0385 3452  viaide - ok
13:13:41.0401 3452  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:13:41.0401 3452  volmgr - ok
13:13:41.0432 3452  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:13:41.0447 3452  volmgrx - ok
13:13:41.0447 3452  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:13:41.0463 3452  volsnap - ok
13:13:41.0479 3452  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:13:41.0494 3452  vsmraid - ok
13:13:41.0525 3452  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
13:13:41.0588 3452  VSS - ok
13:13:41.0603 3452  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:13:41.0603 3452  vwifibus - ok
13:13:41.0619 3452  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:13:41.0635 3452  vwififlt - ok
13:13:41.0650 3452  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
13:13:41.0666 3452  W32Time - ok
13:13:41.0681 3452  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:13:41.0697 3452  WacomPen - ok
13:13:41.0713 3452  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:13:41.0713 3452  WANARP - ok
13:13:41.0713 3452  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:13:41.0713 3452  Wanarpv6 - ok
13:13:41.0744 3452  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
13:13:41.0775 3452  wbengine - ok
13:13:41.0791 3452  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:13:41.0806 3452  WbioSrvc - ok
13:13:41.0822 3452  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:13:41.0837 3452  wcncsvc - ok
13:13:41.0837 3452  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:13:41.0853 3452  WcsPlugInService - ok
13:13:41.0853 3452  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:13:41.0853 3452  Wd - ok
13:13:41.0884 3452  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:13:41.0900 3452  Wdf01000 - ok
13:13:41.0915 3452  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:13:41.0915 3452  WdiServiceHost - ok
13:13:41.0915 3452  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:13:41.0915 3452  WdiSystemHost - ok
13:13:41.0947 3452  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
13:13:41.0962 3452  WebClient - ok
13:13:41.0962 3452  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:13:41.0978 3452  Wecsvc - ok
13:13:41.0978 3452  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:13:41.0993 3452  wercplsupport - ok
13:13:42.0009 3452  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:13:42.0025 3452  WerSvc - ok
13:13:42.0040 3452  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:13:42.0040 3452  WfpLwf - ok
13:13:42.0056 3452  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:13:42.0056 3452  WIMMount - ok
13:13:42.0103 3452  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:13:42.0134 3452  WinDefend - ok
13:13:42.0149 3452  WinHttpAutoProxySvc - ok
13:13:42.0181 3452  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:13:42.0196 3452  Winmgmt - ok
13:13:42.0243 3452  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
13:13:42.0274 3452  WinRM - ok
13:13:42.0305 3452  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:13:42.0321 3452  WinUsb - ok
13:13:42.0352 3452  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:13:42.0399 3452  Wlansvc - ok
13:13:42.0415 3452  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:13:42.0415 3452  WmiAcpi - ok
13:13:42.0430 3452  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:13:42.0446 3452  wmiApSrv - ok
13:13:42.0493 3452  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:13:42.0524 3452  WMPNetworkSvc - ok
13:13:42.0524 3452  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:13:42.0539 3452  WPCSvc - ok
13:13:42.0571 3452  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:13:42.0586 3452  WPDBusEnum - ok
13:13:42.0602 3452  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:13:42.0617 3452  ws2ifsl - ok
13:13:42.0617 3452  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:13:42.0633 3452  wscsvc - ok
13:13:42.0633 3452  WSearch - ok
13:13:42.0695 3452  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
13:13:42.0727 3452  wuauserv - ok
13:13:42.0758 3452  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:13:42.0758 3452  WudfPf - ok
13:13:42.0789 3452  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:13:42.0789 3452  WUDFRd - ok
13:13:42.0820 3452  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:13:42.0836 3452  wudfsvc - ok
13:13:42.0867 3452  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:13:42.0883 3452  WwanSvc - ok
13:13:42.0883 3452  ================ Scan global ===============================
13:13:42.0914 3452  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:13:42.0945 3452  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:13:42.0961 3452  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:13:42.0992 3452  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:13:43.0023 3452  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:13:43.0023 3452  [Global] - ok
13:13:43.0039 3452  ================ Scan MBR ==================================
13:13:43.0039 3452  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:13:43.0241 3452  \Device\Harddisk0\DR0 - ok
13:13:43.0257 3452  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:13:45.0301 3452  \Device\Harddisk1\DR1 - ok
13:13:45.0301 3452  ================ Scan VBR ==================================
13:13:45.0301 3452  [ D91B5F4CBF7AE61BFABCF1DC8E57454E ] \Device\Harddisk0\DR0\Partition1
13:13:45.0301 3452  \Device\Harddisk0\DR0\Partition1 - ok
13:13:45.0301 3452  [ 2C18237BAF3378DFC023B1013885D7D4 ] \Device\Harddisk0\DR0\Partition2
13:13:45.0316 3452  \Device\Harddisk0\DR0\Partition2 - ok
13:13:45.0316 3452  [ BAACEAF2B12AF8CAE4A546063FEEDBFB ] \Device\Harddisk0\DR0\Partition3
13:13:45.0316 3452  \Device\Harddisk0\DR0\Partition3 - ok
13:13:45.0332 3452  [ 46968E16BCE624166A0B62CD8A34F14C ] \Device\Harddisk1\DR1\Partition1
13:13:45.0332 3452  \Device\Harddisk1\DR1\Partition1 - ok
13:13:45.0332 3452  ============================================================
13:13:45.0332 3452  Scan finished
13:13:45.0332 3452  ============================================================
13:13:45.0363 2236  Detected object count: 0
13:13:45.0363 2236  Actual detected object count: 0
13:14:11.0883 0864  Deinitialize success
         
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-06-2013 01
Ran by Jennifer (ATTENTION: The logged in user is not administrator) on 01-06-2013 13:18:54
Running from C:\Users\Jennifer\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
Attention: System hive is missing.


==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hama GmbH & Co KG) C:\Program Files\Hama\Common\RaUI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1505144 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1468256 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [33648 2007-08-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1\n. ATTENTION! ====> ZeroAccess
MountPoints2: {d71635f9-0be5-11e0-8f34-806e6f6e6963} - D:\setup.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
ShortcutTarget: Hama Wireless LAN Utility.lnk -> C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Garmin Communicator - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: No Name - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-28] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Hama\Common\RalinkRegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-01 13:18 - 2013-06-01 13:18 - 01355651 ____A (Farbar) C:\Users\Jennifer\Desktop\FRST.exe
2013-06-01 13:18 - 2013-06-01 13:18 - 00000000 ____D C:\FRST
2013-06-01 13:11 - 2013-06-01 13:11 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Jennifer\Desktop\tdsskiller.exe
2013-06-01 11:56 - 2013-06-01 11:56 - 00054876 ____A C:\Users\Jennifer\Desktop\Extras.Txt
2013-06-01 11:52 - 2013-06-01 11:55 - 00059968 ____A C:\Users\Jennifer\Desktop\OTL.Txt
2013-06-01 11:14 - 2013-06-01 11:14 - 00377856 ____A C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe
2013-06-01 11:12 - 2013-06-01 11:13 - 00000397 ____A C:\Users\Jennifer\Desktop\Neues Textdokument.txt
2013-06-01 10:26 - 2013-06-01 10:26 - 00602112 ____A (OldTimer Tools) C:\Users\Jennifer\Desktop\OTL.exe
2013-06-01 10:25 - 2013-06-01 10:25 - 00602112 ____A (OldTimer Tools) C:\Users\Jennifer\Downloads\OTL.exe
2013-06-01 10:24 - 2013-06-01 11:33 - 00000476 ____A C:\Users\Jennifer\Desktop\defogger_disable.log
2013-06-01 10:24 - 2013-06-01 10:24 - 00000000 ____A C:\Users\Raphael\defogger_reenable
2013-06-01 10:22 - 2013-06-01 10:21 - 00050477 ____A C:\Users\Jennifer\Desktop\Defogger.exe
2013-06-01 10:21 - 2013-06-01 10:21 - 00050477 ____A C:\Users\Jennifer\Downloads\Defogger.exe
2013-05-31 09:11 - 2013-05-31 09:10 - 31666592 ____A (Oracle Corporation) C:\Users\Jennifer\Desktop\jre-7u21-windows-i586.exe
2013-05-31 09:09 - 2013-05-31 09:10 - 31666592 ____A (Oracle Corporation) C:\Users\Jennifer\Downloads\jre-7u21-windows-i586.exe
2013-05-21 19:02 - 2013-05-22 19:17 - 00009694 ____A C:\Users\Jennifer\Desktop\Mappe1.xlsx
2013-05-20 17:27 - 2013-06-01 13:08 - 00001232 ____A C:\Windows\setupact.log
2013-05-20 17:27 - 2013-05-20 17:27 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 19:01 - 2013-05-19 19:01 - 00000000 ____D C:\Users\Raphael\Neuer Ordner
2013-05-19 18:58 - 2013-05-19 18:58 - 00000000 ____D C:\Users\Jennifer\Documents\Garmin
2013-05-19 18:55 - 2013-05-19 18:55 - 00001730 ____A C:\Users\Public\Desktop\Garmin Express.lnk
2013-05-19 18:55 - 2013-05-19 18:55 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Garmin
2013-05-19 18:54 - 2013-05-19 19:01 - 00000000 ____D C:\ProgramData\Garmin
2013-05-19 18:54 - 2013-05-19 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-19 18:53 - 2013-05-19 18:53 - 00000000 ____D C:\Program Files\CCleaner
2013-05-19 18:49 - 2013-05-19 18:50 - 03309368 ____A (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup401_slim.exe
2013-05-16 11:01 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 11:01 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 11:01 - 2013-04-05 07:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 11:01 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 11:01 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 11:01 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 11:01 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 09:12 - 2013-04-10 05:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 09:12 - 2013-03-19 06:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 09:12 - 2013-03-19 05:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 09:11 - 2013-04-10 07:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 09:11 - 2013-04-10 07:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 09:11 - 2013-02-27 07:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 09:11 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 09:11 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 09:11 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 09:11 - 2013-02-27 06:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-02 10:36 - 2013-05-02 10:36 - 00066656 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys

==================== One Month Modified Files and Folders ========

2013-06-01 13:18 - 2013-06-01 13:18 - 01355651 ____A (Farbar) C:\Users\Jennifer\Desktop\FRST.exe
2013-06-01 13:18 - 2013-06-01 13:18 - 00000000 ____D C:\FRST
2013-06-01 13:15 - 2009-07-14 06:34 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-01 13:15 - 2009-07-14 06:34 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-01 13:11 - 2013-06-01 13:11 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Jennifer\Desktop\tdsskiller.exe
2013-06-01 13:08 - 2013-05-20 17:27 - 00001232 ____A C:\Windows\setupact.log
2013-06-01 13:08 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-01 12:17 - 2010-12-20 05:11 - 01291591 ____A C:\Windows\WindowsUpdate.log
2013-06-01 11:56 - 2013-06-01 11:56 - 00054876 ____A C:\Users\Jennifer\Desktop\Extras.Txt
2013-06-01 11:55 - 2013-06-01 11:52 - 00059968 ____A C:\Users\Jennifer\Desktop\OTL.Txt
2013-06-01 11:39 - 2012-09-27 19:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-01 11:33 - 2013-06-01 10:24 - 00000476 ____A C:\Users\Jennifer\Desktop\defogger_disable.log
2013-06-01 11:14 - 2013-06-01 11:14 - 00377856 ____A C:\Users\Jennifer\Desktop\gmer_2.1.19163.exe
2013-06-01 11:13 - 2013-06-01 11:12 - 00000397 ____A C:\Users\Jennifer\Desktop\Neues Textdokument.txt
2013-06-01 10:26 - 2013-06-01 10:26 - 00602112 ____A (OldTimer Tools) C:\Users\Jennifer\Desktop\OTL.exe
2013-06-01 10:25 - 2013-06-01 10:25 - 00602112 ____A (OldTimer Tools) C:\Users\Jennifer\Downloads\OTL.exe
2013-06-01 10:24 - 2013-06-01 10:24 - 00000000 ____A C:\Users\Raphael\defogger_reenable
2013-06-01 10:24 - 2010-12-20 22:11 - 00000000 ____D C:\users\Raphael
2013-06-01 10:22 - 2011-07-24 09:45 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Skype
2013-06-01 10:21 - 2013-06-01 10:22 - 00050477 ____A C:\Users\Jennifer\Desktop\Defogger.exe
2013-06-01 10:21 - 2013-06-01 10:21 - 00050477 ____A C:\Users\Jennifer\Downloads\Defogger.exe
2013-05-31 09:10 - 2013-05-31 09:11 - 31666592 ____A (Oracle Corporation) C:\Users\Jennifer\Desktop\jre-7u21-windows-i586.exe
2013-05-31 09:10 - 2013-05-31 09:09 - 31666592 ____A (Oracle Corporation) C:\Users\Jennifer\Downloads\jre-7u21-windows-i586.exe
2013-05-30 20:34 - 2013-03-06 18:31 - 00035381 ____A C:\Users\Jennifer\Desktop\Darian.xlsx
2013-05-27 17:18 - 2011-03-18 10:34 - 00000000 ____D C:\users\Jennifer
2013-05-22 19:17 - 2013-05-21 19:02 - 00009694 ____A C:\Users\Jennifer\Desktop\Mappe1.xlsx
2013-05-20 17:27 - 2013-05-20 17:27 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 19:03 - 2012-12-11 22:15 - 00000000 ____D C:\Users\Jennifer\AppData\Roaming\Garmin
2013-05-19 19:01 - 2013-05-19 19:01 - 00000000 ____D C:\Users\Raphael\Neuer Ordner
2013-05-19 19:01 - 2013-05-19 18:54 - 00000000 ____D C:\ProgramData\Garmin
2013-05-19 18:59 - 2013-01-05 09:17 - 00000000 ____D C:\Windows\Minidump
2013-05-19 18:59 - 2011-03-17 21:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-19 18:59 - 2010-12-20 05:03 - 00000000 ____D C:\Windows\Panther
2013-05-19 18:58 - 2013-05-19 18:58 - 00000000 ____D C:\Users\Jennifer\Documents\Garmin
2013-05-19 18:55 - 2013-05-19 18:55 - 00001730 ____A C:\Users\Public\Desktop\Garmin Express.lnk
2013-05-19 18:55 - 2013-05-19 18:55 - 00000000 ____D C:\Users\Jennifer\AppData\Local\Garmin
2013-05-19 18:55 - 2012-12-11 22:23 - 00000000 ____D C:\Users\Raphael\AppData\Roaming\Garmin
2013-05-19 18:54 - 2013-05-19 18:54 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-19 18:53 - 2013-05-19 18:53 - 00000000 ____D C:\Program Files\CCleaner
2013-05-19 18:50 - 2013-05-19 18:49 - 03309368 ____A (Piriform Ltd) C:\Users\Jennifer\Downloads\ccsetup401_slim.exe
2013-05-19 18:36 - 2012-12-11 22:18 - 00000089 ____A C:\Users\Jennifer\Desktop\sonstiges.txt
2013-05-19 10:57 - 2010-12-20 22:12 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-16 18:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-05-16 17:51 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 17:34 - 2009-07-14 06:33 - 00439008 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 17:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-16 10:59 - 2011-01-02 14:29 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 16:39 - 2012-09-27 19:48 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 16:39 - 2012-09-27 19:48 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-13 19:32 - 2013-01-05 00:50 - 00000728 ____A C:\Users\Public\Desktop\Gameforge Live.lnk
2013-05-13 19:32 - 2013-01-05 00:50 - 00000000 ____D C:\Users\Raphael\Downloads\Gameforge Live
2013-05-02 10:36 - 2013-05-02 10:36 - 00066656 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-05-02 02:06 - 2010-12-29 14:23 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-06-2013 01
Ran by Jennifer at 2013-06-01 13:19:06 Run:
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
ATI AVIVO Codecs (Version: 11.6.0.50825)
ATI Catalyst Install Manager (Version: 3.0.790.0)
Avira Free Antivirus (Version: 13.0.0.3640)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0825.2146.37182)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0825.2146.37182)
Catalyst Control Center InstallProxy (Version: 2010.0825.2146.37182)
Catalyst Control Center Localization All (Version: 2010.0825.2146.37182)
CCC Help Chinese Standard (Version: 2010.0825.2145.37182)
CCC Help Chinese Traditional (Version: 2010.0825.2145.37182)
CCC Help Czech (Version: 2010.0825.2145.37182)
CCC Help Danish (Version: 2010.0825.2145.37182)
CCC Help Dutch (Version: 2010.0825.2145.37182)
CCC Help English (Version: 2010.0825.2145.37182)
CCC Help Finnish (Version: 2010.0825.2145.37182)
CCC Help French (Version: 2010.0825.2145.37182)
CCC Help German (Version: 2010.0825.2145.37182)
CCC Help Greek (Version: 2010.0825.2145.37182)
CCC Help Hungarian (Version: 2010.0825.2145.37182)
CCC Help Italian (Version: 2010.0825.2145.37182)
CCC Help Japanese (Version: 2010.0825.2145.37182)
CCC Help Korean (Version: 2010.0825.2145.37182)
CCC Help Norwegian (Version: 2010.0825.2145.37182)
CCC Help Polish (Version: 2010.0825.2145.37182)
CCC Help Portuguese (Version: 2010.0825.2145.37182)
CCC Help Russian (Version: 2010.0825.2145.37182)
CCC Help Spanish (Version: 2010.0825.2145.37182)
CCC Help Swedish (Version: 2010.0825.2145.37182)
CCC Help Thai (Version: 2010.0825.2145.37182)
CCC Help Turkish (Version: 2010.0825.2145.37182)
ccc-core-static (Version: 2010.0825.2146.37182)
ccc-utility (Version: 2010.0825.2146.37182)
CCleaner (Version: 4.01)
Ceville 1.0 (Version: 1.0)
Die Siedler IV
dm-Fotowelt (Version: 5.0.1)
Elevated Installer (Version: 2.1.13)
Foto Paradies
Gameforge Live 1.0 "Legend" (Version: 1.1.1724)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin Update Service (Version: 2.1.13)
Hama Wireless LAN Adapter (Version: 1.00.0000)
HydraVision (Version: 4.2.180.0)
IZArc 4.1.2 (Version: 4.1.2)
Jack Keane
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 22 (Version: 6.0.220)
Jewels of Atlantis
Mein CEWE FOTOBUCH (Version: 5.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 7.1 (Version: 7.10.344.0)
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 13.0.1 (x86 de) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PDFCreator (Version: 1.5.1)
Runes of Magic (Version: 5.0.0.2535)
Skype Toolbars (Version: 5.5.7896)
Skype™ 5.3 (Version: 5.3.120)
Spybot - Search & Destroy (Version: 1.6.2)
TuxGuitar (Version: 1.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Outlook 2007 Junk Email Filter (kb947945)
Warcraft III
WinRAR 4.20 (32-Bit) (Version: 4.20.0)

==================== Restore Points  =========================


==================== Hosts content: ==========================


127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com

There are 1000 more lines starting with "127.0.0.1"


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2013 11:19:30 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012288
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3

Error: (05/29/2013 11:38:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/28/2013 03:34:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/27/2013 05:00:45 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/26/2013 08:04:42 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"

Error: (05/24/2013 01:36:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/23/2013 10:33:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/21/2013 06:11:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/20/2013 05:48:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/19/2013 09:43:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (05/30/2013 11:40:49 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/29/2013 11:56:46 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/29/2013 11:40:05 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/27/2013 05:18:04 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?27.?05.?2013 um 17:11:57 unerwartet heruntergefahren.

Error: (05/27/2013 04:59:16 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/24/2013 04:45:54 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/24/2013 11:40:09 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/23/2013 03:22:11 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/22/2013 06:09:42 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/22/2013 09:28:15 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (07/02/2011 10:14:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2773 seconds with 1920 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3327.18 MB
Available physical RAM: 2178.56 MB
Total Pagefile: 6652.65 MB
Available Pagefile: 5242.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:7.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (J&MC2) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS
Drive e: (Volume) (Fixed) (Total:195.31 GB) (Free:166.51 GB) NTFS
Drive f: (Volume) (Fixed) (Total:221.62 GB) (Free:3.97 GB) NTFS
Drive h: () (Removable) (Total:29.67 GB) (Free:13.59 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Danke!
Gruß
Sere
__________________

Alt 01.06.2013, 12:36   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1\n. ATTENTION! ====> ZeroAccess
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1
         
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2013, 13:11   #5
Sere
 
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Beide Programme ausgeführt.
Nach der Ausführung von ComboFix scheint nun ein alter Wiederherstellungspunkt eingerichtet worden zu sein.
Viele Programme und Datein vom Desktop u.a. auch der Fixlog von Frst sind verschwunden.

ComboFix Log:
Code:
ATTFilter
ComboFix 13-06-01.01 - Raphael 01.06.2013  13:49:11.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.2199 [GMT 2:00]
ausgeführt von:: c:\users\Jennifer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-01 bis 2013-06-01  ))))))))))))))))))))))))))))))
.
.
2013-06-01 11:18 . 2013-06-01 11:18	--------	d-----w-	C:\FRST
2013-06-01 08:06 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F91B13E-C376-4F81-92E8-C9BAD29F9B29}\mpengine.dll
2013-05-19 17:06 . 2013-05-19 17:06	--------	d-----w-	c:\users\Raphael\AppData\Local\Garmin
2013-05-19 17:01 . 2013-05-19 17:01	--------	d-----w-	c:\users\Raphael\Neuer Ordner
2013-05-19 16:55 . 2013-05-19 16:55	--------	d-----w-	c:\users\Jennifer\AppData\Local\Garmin
2013-05-19 16:54 . 2013-05-19 17:01	--------	d-----w-	c:\programdata\Garmin
2013-05-19 16:54 . 2013-05-19 16:54	--------	d-----w-	c:\programdata\Package Cache
2013-05-19 16:53 . 2013-05-19 16:53	--------	d-----w-	c:\program files\CCleaner
2013-05-16 07:12 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-16 07:12 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-16 07:12 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-16 07:11 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 07:11 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 07:11 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-16 07:11 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-16 07:11 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-10 07:57 . 2013-05-10 07:57	187456	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 14:39 . 2012-09-27 17:48	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 14:39 . 2012-09-27 17:48	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-02 08:36 . 2013-05-02 08:36	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-12-29 12:23	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-16 07:12	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:12	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 07:26	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-29 14:33 . 2013-03-29 14:33	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 14:33 . 2013-03-29 14:33	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 14:33 . 2013-03-29 14:33	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 14:33 . 2013-03-29 14:33	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-03-29 14:33 . 2013-03-29 14:33	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 14:33 . 2013-03-29 14:33	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-29 14:33 . 2013-03-29 14:33	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 14:33 . 2013-03-29 14:33	361984	----a-w-	c:\windows\system32\html.iec
2013-03-29 14:33 . 2013-03-29 14:33	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 14:33 . 2013-03-29 14:33	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 14:33 . 2013-03-29 14:33	158720	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 14:33 . 2013-03-29 14:33	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 14:33 . 2013-03-29 14:33	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 14:33 . 2013-03-29 14:33	138752	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 14:33 . 2013-03-29 14:33	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 14:33 . 2013-03-29 14:33	12800	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 14:33 . 2013-03-29 14:33	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-28 21:04 . 2012-11-13 19:05	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-28 21:04 . 2012-11-13 19:05	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-28 21:04 . 2012-11-13 19:05	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-19 05:04 . 2013-04-10 14:01	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:01	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 14:01	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 14:01	69632	----a-w-	c:\windows\system32\smss.exe
2012-06-14 22:19 . 2012-06-23 16:26	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"GarminExpressTrayApp"="e:\program files\Garmin\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448]
.
c:\users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2010-12-22 1597440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;e:\program files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 77427003
*Deregistered* - 77427003
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 14:39]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\kn3gu7ao.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-dm-Fotowelt - h:\cewe\dm-Fotowelt\uninstall.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-01  13:56:03
ComboFix-quarantined-files.txt  2013-06-01 11:56
.
Vor Suchlauf: 7.257.378.816 Bytes frei
Nach Suchlauf: 7.466.840.064 Bytes frei
.
- - End Of File - - 98A8AE057C6E7359E3FED787290DD803
         


Alt 01.06.2013, 13:14   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



kurze Frage:

Wieviele Useraccounts gibt es an dem Rechner? Und warum machst Du die Scans von unterschiedlichen Accounts? einmal mit und einmal ohne Adminrechte?
__________________
--> Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.

Alt 01.06.2013, 13:37   #7
Sere
 
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Es gibt 2 User Accounts am Rechner. Den normalen Account von dem ich jetzt aus aktiv und einen zusätzlichen mit Adminrechten.

Zu Beginn, als ich mir den Thread "Für alle Hilfesuchenden..." durchgelesen habe, stand im Text, dass man das Programm Defogger + Gmer mit der Option "als Admin..." ausführen soll. Dies hatte ich beim OTR Scan auch noch zusätzlich gemacht.

Da wir hauptsächlich von dem normalen Account ohne Adminrechte arbeiten, ist mir leider nicht in den Sinn gekommen, mich als Admin einzuloggen. Falls dies nun zu Mehraufwand führt, bitte ich das zu entschuldigen.

Soll ich nun für die weitere Bearbeitung auf den Admin Account wechseln?

Alt 01.06.2013, 13:40   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Bitte FRST nochmal vom Adminacc ausführen, sowie Combofix auch bitte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2013, 13:43   #9
Sere
 
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Okay wird erledigt.

Kurzer Hinweis noch. Habe den Rechner nochmal neu gestartet. Nun ist der Desktop wieder okay. Alle Datein wieder da.

Hier die Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-06-2013 02
Ran by Raphael at 2013-06-01 14:50:12 Run:2
Running from C:\Users\Raphael\Desktop
Boot Mode: Normal

==============================================

HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Error setting value.
C:\$Recycle.Bin\S-1-5-21-2922866635-4134696533-2909763260-1005\$afcf15d234bede0f92267b187cb321f1 => File/Directory not found.

==== End of Fixlog ====
         
ComboFix
Code:
ATTFilter
ComboFix 13-06-01.01 - Raphael 01.06.2013  14:55:52.2.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.2263 [GMT 2:00]
ausgeführt von:: c:\users\Raphael\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-01 bis 2013-06-01  ))))))))))))))))))))))))))))))
.
.
2013-06-01 12:59 . 2013-06-01 12:59	--------	d-----w-	c:\users\Jennifer\AppData\Local\temp
2013-06-01 12:59 . 2013-06-01 12:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-01 11:56 . 2013-06-01 12:59	--------	d-----w-	c:\users\Raphael\AppData\Local\temp
2013-06-01 11:18 . 2013-06-01 11:18	--------	d-----w-	C:\FRST
2013-06-01 08:06 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F91B13E-C376-4F81-92E8-C9BAD29F9B29}\mpengine.dll
2013-05-19 17:06 . 2013-05-19 17:06	--------	d-----w-	c:\users\Raphael\AppData\Local\Garmin
2013-05-19 17:01 . 2013-05-19 17:01	--------	d-----w-	c:\users\Raphael\Neuer Ordner
2013-05-19 16:55 . 2013-05-19 16:55	--------	d-----w-	c:\users\Jennifer\AppData\Local\Garmin
2013-05-19 16:54 . 2013-05-19 17:01	--------	d-----w-	c:\programdata\Garmin
2013-05-19 16:54 . 2013-05-19 16:54	--------	d-----w-	c:\programdata\Package Cache
2013-05-19 16:53 . 2013-05-19 16:53	--------	d-----w-	c:\program files\CCleaner
2013-05-16 07:12 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-16 07:12 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-16 07:12 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-16 07:11 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 07:11 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 07:11 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-16 07:11 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-16 07:11 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-10 07:57 . 2013-05-10 07:57	187456	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 14:39 . 2012-09-27 17:48	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 14:39 . 2012-09-27 17:48	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-02 08:36 . 2013-05-02 08:36	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-12-29 12:23	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-16 07:12	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:12	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 07:26	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-29 14:33 . 2013-03-29 14:33	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 14:33 . 2013-03-29 14:33	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 14:33 . 2013-03-29 14:33	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 14:33 . 2013-03-29 14:33	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-03-29 14:33 . 2013-03-29 14:33	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 14:33 . 2013-03-29 14:33	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-29 14:33 . 2013-03-29 14:33	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 14:33 . 2013-03-29 14:33	361984	----a-w-	c:\windows\system32\html.iec
2013-03-29 14:33 . 2013-03-29 14:33	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 14:33 . 2013-03-29 14:33	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 14:33 . 2013-03-29 14:33	158720	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 14:33 . 2013-03-29 14:33	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 14:33 . 2013-03-29 14:33	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 14:33 . 2013-03-29 14:33	138752	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 14:33 . 2013-03-29 14:33	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 14:33 . 2013-03-29 14:33	12800	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 14:33 . 2013-03-29 14:33	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-28 21:04 . 2012-11-13 19:05	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-28 21:04 . 2012-11-13 19:05	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-28 21:04 . 2012-11-13 19:05	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-19 05:04 . 2013-04-10 14:01	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:01	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 14:01	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 14:01	69632	----a-w-	c:\windows\system32\smss.exe
2012-06-14 22:19 . 2012-06-23 16:26	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"GarminExpressTrayApp"="e:\program files\Garmin\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
.
c:\users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2010-12-22 1597440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;e:\program files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 14:39]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\kn3gu7ao.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-01  15:01:03
ComboFix-quarantined-files.txt  2013-06-01 13:01
ComboFix2.txt  2013-06-01 11:56
.
Vor Suchlauf: 7.878.320.128 Bytes frei
Nach Suchlauf: 8.154.890.240 Bytes frei
.
- - End Of File - - FB6768E5D9D9BDC6E26235C38A99C78D
         

Geändert von Sere (01.06.2013 um 14:02 Uhr)

Alt 01.06.2013, 14:50   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Ok.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Und ein frisches OTL log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2013, 16:39   #11
Sere
 
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Hier Log von AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 01/06/2013 um 17:35:27 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Raphael - JENNIFER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Raphael\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Jennifer\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Raphael\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v13.0.1 (de)

Datei : C:\Users\Raphael\AppData\Roaming\Mozilla\Firefox\Profiles\kn3gu7ao.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\2c96gekm.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1237 octets] - [01/06/2013 17:35:27]

########## EOF - C:\AdwCleaner[S1].txt - [1297 octets] ##########
         
Junkware Removal Tool
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Raphael on 01.06.2013 at 17:42:46,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2013 at 17:43:32,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Weitere folgen...

Geändert von Sere (01.06.2013 um 16:45 Uhr)

Alt 01.06.2013, 17:42   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2013, 18:37   #13
Sere
 
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Hier von ESET: 2 Funde...
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c8bd21ea0e879841b5547421d1b6d76f
# engine=13969
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-01 05:27:03
# local_time=2013-06-01 07:27:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 7009 235530913 0 0
# compatibility_mode=5893 16776573 100 94 6020 121738814 0 0
# scanned=193573
# found=2
# cleaned=0
# scan_time=5251
sh=99C1522A4BA1FF60EC6E5D87019285D144FCFC56 ft=0 fh=0000000000000000 vn="JS/Kryptik.AKT trojan" ac=I fn="F:\JENNIFER-PC\Backup Set 2013-03-24 194346\Backup Files 2013-05-19 190001\Backup files 1.zip"
sh=234AC30F8198A6F5FD5F5B874198146F01EF43B9 ft=0 fh=0000000000000000 vn="JS/Kryptik.AKT trojan" ac=I fn="F:\JENNIFER-PC\Backup Set 2013-03-24 194346\Backup Files 2013-05-19 190001\Backup files 3.zip"
         
Security Check:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 CCleaner     
 Java(TM) 6 Update 22  
 Java version out of Date! 
 Adobe Flash Player 	11.7.700.202  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 13.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Raphael Desktop avira_free3640_antivirus_de.exe  
 Raphael AppData Local Temp\RarSFX0\presetup.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
OTL:
Code:
ATTFilter
OTL logfile created on: 01.06.2013 19:52:07 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Raphael\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,62% Memory free
6,50 Gb Paging File | 5,02 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,56 Gb Free Space | 15,49% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
 
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.01 19:51:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
PRC - [2013.05.15 16:39:56 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Garmin\Express Tray\ExpressTray.exe
PRC - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.11.05 22:45:55 | 001,505,144 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe
PRC - [2009.11.05 22:35:26 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.03 18:10:12 | 001,597,440 | ---- | M] (Hama GmbH & Co KG) -- C:\Programme\Hama\Common\RaUI.exe
PRC - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe
PRC - [2007.08.24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 17:51:46 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\98e8641e2ca570f03352a91836b0b97a\System.ServiceModel.Routing.ni.dll
MOD - [2013.05.16 17:51:45 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0e5d2997438866de453e8b1401d84398\System.ServiceModel.Discovery.ni.dll
MOD - [2013.05.16 17:51:45 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a75004c8363a598f4997686c16ae55e\System.ServiceModel.Channels.ni.dll
MOD - [2013.05.16 17:51:44 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4dbbfceeddfc9180d5f621f0fc586e2c\System.ServiceModel.Activities.ni.dll
MOD - [2013.05.16 17:51:43 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll
MOD - [2013.05.16 17:51:29 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll
MOD - [2013.05.16 17:50:25 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.05.16 17:50:24 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013.05.16 17:50:22 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll
MOD - [2013.05.16 17:35:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 17:34:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.16 11:01:17 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013.05.16 11:01:06 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013.05.16 11:01:04 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013.05.16 11:01:01 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013.05.16 11:00:58 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013.05.16 11:00:56 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013.05.15 16:39:56 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013.02.14 09:45:54 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll
MOD - [2013.01.13 21:08:01 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013.01.13 21:07:54 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 20:37:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 20:36:44 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 20:36:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 20:36:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 20:36:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.09 22:28:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 22:28:39 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 22:28:37 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 22:28:35 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 22:28:30 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.08.25 22:44:50 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.04 16:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.06.29 11:31:12 | 000,652,800 | ---- | M] () -- E:\Programme\IZArc\IZArcCM.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 16:39:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- E:\Program Files\Garmin\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.05.13 00:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Hama\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007.08.24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Raphael\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.15 14:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.07.07 19:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2009.11.05 22:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E0 96 87 13 A2 CB 01  [binary data]
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 18:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.31 08:42:17 | 000,000,000 | ---D | M]
 
[2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Extensions
[2010.12.29 15:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\Profiles\kn3gu7ao.default\extensions
[2012.06.23 18:26:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.24 09:44:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.15 19:03:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.06.01 13:53:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [GarminExpressTrayApp] E:\Program Files\Garmin\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6020D34-9C42-44B9-89C9-5210E7F997A0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.23 12:49:28 | 000,000,077 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.11.01 16:25:14 | 000,000,000 | ---D | M] - F:\Autoralley -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.01 19:51:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2013.06.01 19:50:29 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Avira
[2013.06.01 19:47:02 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.01 19:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.01 19:45:03 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.01 19:45:03 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.06.01 19:45:03 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.01 19:45:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.01 19:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.01 19:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.06.01 17:48:04 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Raphael\Desktop\esetsmartinstaller_enu.exe
[2013.06.01 17:42:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.01 17:42:40 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.01 17:41:19 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Raphael\Desktop\JRT.exe
[2013.06.01 15:00:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.01 14:59:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.01 14:51:50 | 005,076,199 | R--- | C] (Swearware) -- C:\Users\Raphael\Desktop\ComboFix.exe
[2013.06.01 14:47:34 | 001,355,657 | ---- | C] (Farbar) -- C:\Users\Raphael\Desktop\FRST.exe
[2013.06.01 13:56:05 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\temp
[2013.06.01 13:48:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.01 13:48:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.01 13:48:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.01 13:47:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.01 13:47:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.01 13:18:52 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.19 19:06:17 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\Garmin
[2013.05.19 19:01:14 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Neuer Ordner
[2013.05.19 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2013.05.19 18:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.05.19 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.16 11:01:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 11:01:29 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 11:01:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 11:01:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 11:01:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 11:01:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 11:01:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 11:01:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 11:01:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.16 11:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 09:12:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.16 09:12:01 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.16 09:11:58 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.16 09:11:55 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.16 09:11:55 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.01 19:51:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2013.06.01 19:50:52 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 19:50:52 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 19:46:50 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.01 19:45:11 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.01 19:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.01 19:43:28 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.01 19:39:58 | 000,890,839 | ---- | M] () -- C:\Users\Raphael\Desktop\SecurityCheck.exe
[2013.06.01 19:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 18:00:34 | 102,323,272 | ---- | M] () -- C:\Users\Raphael\Desktop\avira_free3640_antivirus_de.exe
[2013.06.01 17:48:10 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Raphael\Desktop\esetsmartinstaller_enu.exe
[2013.06.01 17:41:24 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Raphael\Desktop\JRT.exe
[2013.06.01 17:32:44 | 000,632,031 | ---- | M] () -- C:\Users\Raphael\Desktop\adwcleaner.exe
[2013.06.01 14:52:16 | 005,076,199 | R--- | M] (Swearware) -- C:\Users\Raphael\Desktop\ComboFix.exe
[2013.06.01 14:47:48 | 001,355,657 | ---- | M] (Farbar) -- C:\Users\Raphael\Desktop\FRST.exe
[2013.06.01 13:53:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.01 10:24:43 | 000,000,000 | ---- | M] () -- C:\Users\Raphael\defogger_reenable
[2013.05.19 18:55:05 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2013.05.19 10:57:39 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.19 10:57:39 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.19 10:57:39 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.19 10:57:39 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 17:34:10 | 000,439,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:39:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 16:39:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.13 19:32:43 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Gameforge Live.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.01 19:45:11 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.01 19:39:53 | 000,890,839 | ---- | C] () -- C:\Users\Raphael\Desktop\SecurityCheck.exe
[2013.06.01 17:53:52 | 102,323,272 | ---- | C] () -- C:\Users\Raphael\Desktop\avira_free3640_antivirus_de.exe
[2013.06.01 17:32:39 | 000,632,031 | ---- | C] () -- C:\Users\Raphael\Desktop\adwcleaner.exe
[2013.06.01 13:48:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.01 13:48:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.01 13:48:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.01 13:48:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.01 13:48:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.01 10:24:43 | 000,000,000 | ---- | C] () -- C:\Users\Raphael\defogger_reenable
[2013.05.19 18:55:05 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2011.03.17 21:46:31 | 000,000,680 | RHS- | C] () -- C:\Users\Raphael\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Extra OTL:
Code:
ATTFilter
OTL Extras logfile created on: 01.06.2013 19:52:07 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Raphael\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 62,62% Memory free
6,50 Gb Paging File | 5,02 Gb Available in Paging File | 77,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,56 Gb Free Space | 15,49% Space Free | Partition Type: NTFS
Drive D: | 238,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 195,31 Gb Total Space | 166,51 Gb Free Space | 85,25% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 3,97 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive H: | 29,67 Gb Total Space | 13,59 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
 
Computer Name: JENNIFER-PC | User Name: Raphael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "H:\Cewe\dm-Fotowelt\dm-Fotowelt.exe" "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Foto Paradies] -- "F:\cewe\dm\dm-Fotowelt\Foto Paradies.exe" "%1" ()
Directory [Mein CEWE FOTOBUCH] -- "E:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2B414A-3D8B-40BA-9359-3C33226577AC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1D1939E5-B494-4359-AB9B-9E9E93EA5977}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2C63C50C-7713-418F-B076-4845B9FBC55A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3041C936-470B-46D9-8A1B-3F5CBBDE787D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{432ED99F-DF16-41CE-BBDA-72E22C30DE92}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{47B5CE20-8D1B-4AB6-B798-C3B5BB30A681}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{5429D7EE-F395-466B-B3A8-BE06E1C406B0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{62E05942-54F7-4EBF-B337-7544EF52AC97}" = lport=139 | protocol=6 | dir=in | app=system | 
"{638E6196-DF8D-468A-AE6C-493A33F0877E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71AE9208-60B3-4B97-B639-43D681446DE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7ECFAD41-01FC-4703-94A0-0A7EF4D7DF90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9268442A-E994-4DE0-9581-300C3F5D5CFB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93E1C0FF-A251-420C-AB0A-F37F305F1CC5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{95C0894C-3A40-458E-8C46-F2E5587CCD69}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9B2C5559-05D6-4983-A10D-78EF2ABF8504}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A35D4A88-7CFE-44A7-9E23-C21EB32AA79D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3E080BC-ED8F-4540-9B0F-825C91D1C66C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C3D2B7B9-406F-4F46-9449-9F0A496BC8C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DEEFA361-8A7E-4C57-82DA-67AA60741CFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E2F073BE-AFAD-403B-A9DE-E4A5DDC9CFCB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F198FB6B-2701-4C0B-878D-EA875CC32168}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FBDE392B-69A4-41A3-824D-D16F5ED9722B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050F3611-BF59-4F16-8567-3464B7E80D78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14288556-9311-45B5-9096-3E916551D52B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1A84EF6B-ADB5-4E79-B507-D2195690AB82}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{26AD5F6E-C6F5-4BCD-BA63-1E40CACA8E04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{520E672D-4167-4D75-95FD-AE1041A18C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8270593D-8A4A-49E7-81BE-D4C2D7EF9951}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{87C4DE77-60FE-403E-A2A9-2C9EC48B6D14}" = protocol=6 | dir=out | app=system | 
"{8AD696AD-E23C-4C35-BD54-81ED0CCC3D80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D48E281-ED96-4006-B9DF-A646470C2FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9906632A-D70C-4D8B-A265-FBEEBA585A5D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A1EE4A09-9552-4D75-B301-F7DE27A6F45D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A49342C5-C84A-4310-A88C-9C457FADD0CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B85C07E4-DD81-427A-BAF3-789B17CBCEF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BFED79BE-E46E-4DCB-8C05-CDA058A4CB55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C2ED17D4-F836-43AE-B6F9-8C0377FE6642}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CDD03498-7A8F-428B-B4D7-589A46DCD8DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CFDA44FA-510F-4ADF-BA43-ABF5FEFBDC18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E80B11D0-1013-4DA2-B91C-3AF81AFB1914}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F69A80A9-3329-4975-A1BF-0FCEB1EB05C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA513E17-7362-44AF-8BB9-FD06675EA418}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF148A5A-D34C-45CA-86C0-682D764DA95C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{8A7455F9-85C1-4A75-B6C2-EAE44775E499}E:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\program files\runes of magic\client.exe | 
"TCP Query User{9B131DDB-C3B2-40A4-AEA6-204BD12B76AD}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe | 
"TCP Query User{B7BB0A1C-8E91-4CC3-A67F-6B6CC34EA13A}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=6 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe | 
"UDP Query User{5A10F57B-746F-4096-89BA-AAC9970FD063}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim(1).exe | 
"UDP Query User{C464BDB6-7DE6-485D-80DA-D35E25B518EC}E:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\program files\runes of magic\client.exe | 
"UDP Query User{F2864DC7-95BF-4853-AEF0-6CED531A48FF}C:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe" = protocol=17 | dir=in | app=c:\users\jennifer\downloads\runes_of_magic_5_0_0_2535_slim.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{06092909-8851-C581-F990-7195076FDAEF}" = CCC Help Czech
"{0CA04779-346C-30FD-EB9B-8EEA2CE094B3}" = CCC Help Thai
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{1B3B5C60-70B8-F022-5497-03FD2772586C}" = CCC Help Greek
"{1C160168-BF5B-72FE-BAFA-6DD5F737404C}" = CCC Help Chinese Standard
"{1ED3EBF6-A130-4B3B-B01A-C29B067798B3}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{278AD90C-D27D-AA89-58DF-AD13852D51CA}" = CCC Help Spanish
"{2CDBFF1A-6433-E94D-CA25-831FDB9775E9}" = CCC Help Italian
"{31DED885-1124-0E58-97FB-73E4EF692E8D}" = CCC Help Hungarian
"{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static
"{38D65ABC-A00B-6E13-2EF3-826CFC8CFC14}" = CCC Help French
"{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEBD42E-4DC7-A874-645B-28B63907E930}" = ATI AVIVO Codecs
"{3F8B39A4-B7CE-B036-941C-A8DB57676B04}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF9BBA-E137-7309-7BF9-567ADAB6B4E6}" = CCC Help Turkish
"{51AD839D-CE11-B9E3-227D-03BC89F227C8}" = CCC Help Danish
"{55043DDE-D718-C7F7-9B4C-2B3D818D8A1F}" = Catalyst Control Center InstallProxy
"{5774B4C1-8579-D5D9-8D38-A0CE32B6736C}" = CCC Help German
"{5D19BB0D-9B04-5B85-9295-4E11BCB1C2C3}" = CCC Help Polish
"{5D8A076D-F75E-A149-10D8-87338721AA3A}" = ATI Catalyst Install Manager
"{60341104-FC8E-EF26-12CB-93B17DF55976}" = CCC Help Japanese
"{62161867-51F1-9FB8-0E6E-FE49D89CBB71}" = CCC Help Dutch
"{6494E146-418F-85E1-142E-D2F122C75274}" = ccc-utility
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{6A7E9B60-4698-F505-CAD3-05F8AB22FB61}" = CCC Help Russian
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common
"{7CE47764-9A8F-380D-FB9E-FCFC37B9F727}" = CCC Help Korean
"{85D27E0C-6185-58BC-94B6-E5EED97962D8}" = AMD Drag and Drop Transcoding
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9ED77550-AF66-2B7E-97E1-34B3BFDEAC6D}" = CCC Help Swedish
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E6252F-8DC2-B508-D412-1C427CDB3448}" = CCC Help Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCB6F9DC-A0FF-621E-DE53-877E63864DD1}" = CCC Help Chinese Traditional
"{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Ceville" = Ceville 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foto Paradies" = Foto Paradies
"Jack Keane" = Jack Keane
"Jewels of Atlantis/DE-German_is1" = Jewels of Atlantis
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2922866635-4134696533-2909763260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 02.07.2011 16:14:35 | Computer Name = Jennifer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2773
 seconds with 1920 seconds of active time.  This session ended with a crash.
 
 
< End of report >
         

Geändert von Sere (01.06.2013 um 19:00 Uhr)

Alt 01.06.2013, 19:06   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Das von ESET angemeckerte backup würd ich löschen.

java, Adobe und Firefox aktualisieren.

Noch Probleme mit dem Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2013, 19:56   #15
Sere
 
Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Standard

Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.



Hallo Schrauber,

erst mal vielen Dank dafür, dass du mir bei meinem Problem geholfen hast. Danke!

Wie vorgeschlagen: Back-up Datei habe ich gelöscht. Adobe, Firefox und Java sind nun aktualisiert.

Zitat:
Noch Probleme mit dem Rechner?
Wenn Avira nicht mehr meckert, hoffe ich ist alles i.O. Ich lasse das Programm gerade nochmal laufen.

Eine Frage hätte ich aber noch: Ist dir bekannt, welche Funktion die Trojaner haben? (z.B. Daten ausspähen)

Nochmals vielen Dank für deine Hilfe.

Grüße aus dem Ruhrpott nach München.
Sere

Antwort

Themen zu Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.
adobe, antivir, avg, avira, beseitigung, bho, branding, defender, error, explorer, fehler, firefox, flash player, format, home, install.exe, logfile, mozilla, opera, richtlinie, rundll, safer networking, scan, security, senden, software, svchost.exe, udp, windows



Ähnliche Themen: Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten.


  1. Trojaner tr/atraps.gen2 und tr/sirefef.abx befall
    Log-Analyse und Auswertung - 09.10.2013 (3)
  2. XP Sirefef Befall - Datenrettung
    Plagegeister aller Art und deren Bekämpfung - 27.01.2013 (3)
  3. Nach Befall von Exploit.Drop.GS und Trojan.PWS - Pc trotz angeblicher erfolgreicher Bereinigung immer noch langsam
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (32)
  4. doppelt: Sirefef.AG.35, ATRAPS.GEN2 u. Small.FI Befall
    Mülltonne - 17.06.2012 (0)
  5. TR/Sirefef.AG.35 & TR/ATRAPS.Gen2 & TR/Kazy.74224.jh
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (2)
  6. TR/Sirefef BV 2 Befall auf .dll Dateien im System
    Log-Analyse und Auswertung - 24.04.2012 (13)
  7. Trojanische Pferd TR/Drop.Sirefef.but in Qurantäne gesetzt kann ich mein laptop wieder nutzen?
    Log-Analyse und Auswertung - 18.04.2012 (21)
  8. tr/sirefef.bv.2 Befall
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (40)
  9. Befall von Trojaner sirefef.k +.d +.e Was tun?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (11)
  10. Befall von Trojaner sirefef.k +.d +.e
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (11)
  11. Sirefef.D + Sirefef.E +Sirefef.K Befall
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (1)
  12. Trojaner-Befall durch Trojan:Win64/Sirefef.k .d .e
    Log-Analyse und Auswertung - 03.01.2012 (1)
  13. TR/Drop.Fignotok.24 Befall
    Log-Analyse und Auswertung - 28.11.2011 (1)
  14. TR/Kazy.mekml.1 - Befall
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (29)
  15. TR/kazy.mekml.1 Befall
    Log-Analyse und Auswertung - 16.05.2011 (46)
  16. Tr/Kazy.mehml Befall
    Log-Analyse und Auswertung - 06.05.2011 (1)
  17. Troja Befall? (TR/Spy.Ardamax.H.5 + KIT/Drop.Ag.2015003)
    Log-Analyse und Auswertung - 18.06.2007 (2)

Zum Thema Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. - Guten Tag, mein Antivir hat gestern den Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7 gemeldet. Beide wurden in die Quarantäne von Antivir verschoben. Ich benötige Unterstützung bei der Beseitigung der Schädlinge. Gemäß - Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten....
Archiv
Du betrachtest: Befall mit TR/Drop.Sirefef.G.25 und TR/Kazy.173253.7. Unterstützung bei der Bereinigung erbeten. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.