| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Groupon Trojaner, die Hundertste...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2013, 23:00
| #1 |
 |  Groupon Trojaner, die Hundertste... Guten Abend, meine Mutter hat sich den o.g. Schädling eingefangen, indem sie den Anhang mit der angeblichen Rechnung versucht hat zu öffnen. Vorab: Es sind offensichtlich keine Dateien verschlüsselt worden und der Rechner lässt sich normal nutzen. Alle Dateien (Bilder, Filme, Office Dokumente, ...) sind auf einem externen Netzwerkspeicher und werden darüber hinaus täglich auf einer per USB daran angeschlossenen Festplatte gesichert. Den Spaß hab ich ihr nach dem letzten solchen Malheur eingerichtet. Bisheriges Prozedere: 1. "Desinfektion" mit Kaspersky Internet Security. Danach war der Plagegeist nicht mehr durch einen vollständigen Suchlauf (auch Netzwerkspeicher) mit Kaspersky zu finden. 2. Tags darauf Suchlauf mit Malwarebytes. Sowohl Malwarebytes als auch Kaspersky finden den Schädling wieder. => erneute "Desinfektion" mit Kaspersky 3. CCleaner laufen gelassen, eine Menge Müll gelöscht und das Programm in der Registry rumpfuschen lassen. Da eh alle Daten extern gespeichert sind, hab ich billigend in Kauf genommen irgendetwas zu zerschießen und Windows ggf. neu aufzusetzen. 4. Löschen des Prefetch Ordners in Windows ab dem Zeitpunkt des Downloads der "Rechnung". 5. Nochmalige komplette Suche mit Malwarebytes. Diesmal ohne Fund. 6. Scan mit OTL. Die Logs sind beigefügt. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.07.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Michael (Admin) :: **** [Administrator] 07.03.2013 21:32:37 MBAM-log-2013-03-07 (22-56-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 442390 Laufzeit: 1 Stunde(n), 13 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 c:\users\mama\appdata\local\temp\rpfegnsmor.pre (Trojan.Ransom.ED) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.08.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Michael (Admin) :: **** [Administrator] 08.03.2013 19:37:06 mbam-log-2013-03-08 (19-37-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 435119 Laufzeit: 1 Stunde(n), 8 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 3/8/2013 8:54:06 PM - Run 2 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.68% Memory free 5.98 Gb Paging File | 4.15 Gb Available in Paging File | 69.31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 704.62 Gb Free Space | 51.96% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS Computer Name: **** | User Name: Michael (Admin) | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files\FILEminimizer Pictures\FILEMShell.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe (Malwarebytes Corporation) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys File not found DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (InputFilter_Hid_FlexDef2b) -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys (Siliten) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys (SiSoftware) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes\{453456AD-2513-4DEE-BF59-9B11A8AF85E2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/ IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes,DefaultScope = {5D699F35-C133-45DA-B63E-388EF330146B} IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes\{5D699F35-C133-45DA-B63E-388EF330146B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.gmx.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 19:41:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/10 13:45:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 19:41:31 | 000,000,000 | ---D | M] [2011/10/13 19:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael (Admin)\AppData\Roaming\mozilla\Extensions [2012/09/11 17:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael (Admin)\AppData\Roaming\mozilla\Firefox\Profiles\5awd1a7g.default\extensions [2013/02/10 13:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/02/10 13:45:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll O1 HOSTS File: ([2012/09/21 13:51:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3271095012-286924583-1323677700-1003..\Run: [Validator] C:\Users\Mama\AppData\Roaming\Sun\{EF7D5DC7-0AB7-4A7D-83F8-B2D97B888680}\Validator.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/07 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\Michael (Admin)\AppData\Local\Programs [2013/02/21 11:59:13 | 000,000,000 | ---D | C] -- C:\Ryzhov [2013/02/21 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO [2013/02/14 22:16:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/02/14 22:16:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/02/14 22:16:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/02/14 22:16:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/02/14 22:16:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/02/14 22:16:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/02/14 22:16:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/02/14 22:16:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/02/14 08:54:41 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/02/14 08:53:42 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/14 08:53:41 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/14 08:53:00 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013/02/14 08:53:00 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/02/10 13:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/09 13:04:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/02/09 13:03:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/02/09 13:03:57 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/02/09 13:03:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/02/09 13:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013/03/08 20:12:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/08 19:12:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/08 18:29:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/08 18:29:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/08 18:22:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/08 18:22:33 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2013/03/06 13:13:54 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/21 11:37:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk [2013/02/18 05:36:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/02/18 05:36:03 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/18 05:36:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/02/18 05:36:03 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/18 05:27:58 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/18 05:27:58 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/02/15 19:32:17 | 000,346,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/02/09 13:03:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/02/09 13:03:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/02/09 13:03:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/02/09 13:03:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/02/09 13:03:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/02/09 13:03:52 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll ========== Files Created - No Company Name ========== [2012/09/21 13:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/21 13:45:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/21 13:45:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/21 13:45:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/21 13:45:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/02/24 13:56:47 | 011,304,960 | ---- | C] () -- C:\Users\Michael (Admin)\AppData\Roaming\Sandra.mdb [2011/12/20 12:08:33 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp [2011/10/13 19:39:14 | 000,266,579 | ---- | C] () -- C:\Windows\hpwins22.dat [2011/10/13 19:39:14 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/8/2013 8:54:06 PM - Run 2
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.68% Memory free
5.98 Gb Paging File | 4.15 Gb Available in Paging File | 69.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 704.62 Gb Free Space | 51.96% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
Computer Name: **** | User Name: Michael (Admin) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Mama\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BDD420-BEE3-4757-8B73-4400D3C2FF76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{081154FD-4BD6-4D3E-B4DD-034ABB245A9E}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C7BCED2-A274-479A-A820-7A9334BA3A8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F5EEAA4-B7BC-4E6F-AE28-766DA07ECEB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{137A422A-659E-40FB-BCBD-FC2EF588E32B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\wnt500x86\rpcsandrasrv.exe |
"{32FAFA57-191B-42D8-AA01-BB1DC32D1EE1}" = lport=139 | protocol=6 | dir=in | app=system |
"{35C6FF12-6E07-4D88-9DCC-347CE5A58A43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39787B2D-9344-4993-A819-149283233BDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{477735AE-6DE3-4E2E-A567-890B1C68A495}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56B0A882-D042-4E7A-A0A1-77B0E1A2BE3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83111EF6-3B5D-4585-8A88-1953CA8A095F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{885413BC-79E3-40EA-A4F6-C96B17E782E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95D4957E-3D46-4339-B786-238C7DE0557A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1113A94-CADA-4A52-9713-93D254EAF56B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A326B671-25D7-4652-9255-6B20A776B6C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AA90FDE1-E104-4E4E-B712-106FACA8E855}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADF31739-4261-4542-83DB-D0825F6915E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B11D7CA5-0E5B-4E17-A3B6-DA7A2CDD6476}" = lport=445 | protocol=6 | dir=in | app=system |
"{BBFC31C9-8B5E-427E-A54B-AFCFCC622551}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\rpcagentsrv.exe |
"{BFCBF6BA-EB46-4D9B-8092-A430B9AFFD49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C43A1297-239D-44C3-B766-3EE4BA209F66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6A82CAE-5CA6-4759-B3B4-F6024C378DC8}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFBDCDA6-31E1-4615-BD4D-A45FAB29932A}" = rport=137 | protocol=17 | dir=out | app=system |
"{D09EC676-4B88-4E9F-9F4F-5094ED0D345A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EC09FB01-A98E-4485-813A-9A3548AFF7CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F8963069-4C7C-4EA1-A6B3-699CB4099802}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA04E562-CF7D-4D52-829A-210D45CF101C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB8714EA-773B-4EBB-A0A5-0E472B6E4A1B}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025B4439-C8E6-4A9C-B1E3-698E6BC0587D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{05BBB873-E661-4782-9F90-796F1EA5B56A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{05BD0E42-0560-4F13-A1BD-E2419236439B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{09D6ACB4-5C2A-408B-820D-F55312E4B5BF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0BEEBAE9-A594-4B4C-B8FB-E38A1C512408}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{10FCA857-E15B-400F-A51F-233DB49601AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{126E07AC-F4B1-47F2-A105-16178F32ACCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3CDC7EF6-8B0D-4C9F-9235-112D29B7FB64}" = protocol=6 | dir=out | app=system |
"{402F2C71-6A03-4088-94B7-759890672A0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40699F8E-E818-492F-9588-E3ECAA8A29DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{434E95EF-7AE0-49A0-8E43-735568C6C61C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{435F4343-95EF-4E0C-8906-2F8DE14567DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{44245E84-3AC8-4605-8F69-BBC313354581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{462D52D5-8132-4189-AC0D-1058CD07EE3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F73A319-EDFB-49F1-A38E-22366D2F7764}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{55AA52AD-79A7-4E82-9881-0FFB7E454359}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6286C500-B42A-4A4E-A770-AD01C52F4969}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{6DA32599-D51D-4436-A15C-08EEBCF65D47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E0EBA9F-A16F-4EBD-BE27-F56F08F47EF7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7F166275-B998-4D67-A742-47CF0BF9D8F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{8E325D27-4762-4B64-BF13-BD363F32E255}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9387FF56-0DE7-4166-9EB3-47DBD191F0F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98DB6547-DDE7-458E-B8D4-03EF502FB92F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{ABCB539A-C10D-450F-AD29-991BD769A4EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{B159258D-673D-4DC2-B568-000A2621D7DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B3D78AC8-C0D1-418F-99FB-2C7C514B3F07}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{B4DEEBC0-F58D-4191-9074-61C6802A1B54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5F28D3F-EE11-4139-B5C7-4928D35CF22A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C2F3CEB8-9042-4A4A-AA8E-28431AAB362E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{C378AADD-C3E3-490B-B5F8-12E9A6FE8892}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C56237C2-FCFC-4719-BA38-BCF23A2A8253}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C95C480B-2FF3-481B-BBBA-4CB1D03225F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D3AB924B-33B2-4779-9DB8-0448BC8A517B}" = dir=in | app=c:\program files\hp\digital imaging\{f86d9734-d358-4c5b-bc2b-6d90557ff05b}\setup\hpznui01.exe |
"{D734EB0D-3C73-4B80-8677-6F355CA4D866}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D75DF847-7927-42CD-9C70-9426953ADD28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{DE173C8A-3FC4-4D6B-9C09-EBACEF1A62A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E64AF112-E418-4FF0-82F5-6F3EF47EAD66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F02E75B9-5648-4A69-9EE9-AFBFE0EFE3B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{F2A03B4B-AB0F-4854-A6C4-3139F653C99D}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{F54663A2-0757-42E7-9EE9-49E1A6241E35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F58CA0B3-DA16-42DE-8400-90FF6B026130}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F794D4E3-4B0E-4858-A8F4-67C7FF4AF7B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"TCP Query User{4362E10E-AD6D-455C-BA68-07D6CDB92176}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8A36537C-5743-450E-872D-6978F2785BF3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9AD7A9CF-628C-47D2-B68F-9A559548FDEA}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{EBA6CC89-B66F-441B-AA93-36285D4C231D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{0DAFEAD2-39CC-4156-905E-E6D93FCBA2AA}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{4D059C26-A92E-4A00-835C-F24292B78F51}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CC95DD6A-CAEA-4141-8212-4567CC330F3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E39241BF-8EAE-4F92-9537-8097765AD6EB}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.8.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP2
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MicroDicom" = MicroDicom 0.4.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PowerISO" = PowerISO
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freeciv-2.3.2-gtk2" = Freeciv 2.3.2 (GTK+ client)
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/27/2013 3:06:44 PM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 2/27/2013 3:08:08 PM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 3/4/2013 3:56:09 PM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 3/4/2013 3:57:45 PM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 3/5/2013 4:06:55 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 3/5/2013 4:08:26 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 3/6/2013 8:39:15 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 3/6/2013 8:42:00 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 3/6/2013 3:43:43 PM | Computer Name = **** | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description = Zertifikatdienstclient: der Anbieter pautoenr.dll konnte nicht geladen
werden. Fehlercode 5.
Error - 3/6/2013 3:43:43 PM | Computer Name = **** | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Zertifikatdienstclient: Die Anbieter konnten nicht als Antwort auf
Ereignis 512 aufgerufen werden. Fehlercode 2147942405.
[ System Events ]
Error - 3/4/2013 2:56:13 PM | Computer Name = **** | Source = DCOM | ID = 10016
Description =
Error - 3/5/2013 4:04:24 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/6/2013 3:48:43 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/6/2013 3:50:11 PM | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 3/6/2013 3:55:33 PM | Computer Name = **** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 3/6/2013 3:57:37 PM | Computer Name = **** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 3/6/2013 4:00:25 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/6/2013 4:03:39 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/6/2013 4:11:31 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/7/2013 4:23:17 PM | Computer Name = **** | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
< End of report >
|
|
10.03.2013, 20:41
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Groupon Trojaner, die Hundertste... Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
10.03.2013, 20:55
| #3 |
| | Groupon Trojaner, die Hundertste... Logs von Kaspersky in Textform gibt es leider keine. Da müsste ich Screenshots machen.
__________________Logs von heute Nachmittag von GMER und MBAR: GMER: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 14:11:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0 1397,27GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\MICHAE~1\AppData\Local\Temp\pwldqpog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x83FC6208]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x83F79FB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x83F7A300]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x83F7A746]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x83F6291E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x83F79C92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x83F62E96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x83F62D7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x83F7A164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x83FC9072]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x83F62FB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x83F8A130]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x83FC850A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x83FC874A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x83FC81AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x83F7A232]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x83FC8054]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x83F62962]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x83FC634A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x83FC5FB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x83F8A170]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x83F78422]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x83F62F2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x83F62E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x83FC7BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x83FC931E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x83F6304C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x83FC8266]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x83F8A140]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x83F630D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x83F78630]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x83FC8D20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x83F7A52A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x83F7A3B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x83F7A46E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x83F7A59A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x83FC8A4C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x83F79E20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x83FC8BA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x83F63178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x83FC60BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x83FC7D9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x83FC88F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x83F6318A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x83FC7EFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x83FC8406]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x83FC9486]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x83FC91B0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C569E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C901C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82C971EC 4 Bytes [08, 62, FC, 83]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C97214 8 Bytes [B8, 9F, F7, 83, 00, A3, F7, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82C97258 4 Bytes [46, A7, F7, 83]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82C97284 4 Bytes [1E, 29, F6, 83]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82C972A8 4 Bytes [92, 9C, F7, 83]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9280A000, 0x2FBAB4, 0xE8000020]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749024CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748E562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748E56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74902546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748F85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748F4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748F5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748F51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748F6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748F8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748F8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748F90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748FE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748F4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.10.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael (Admin) :: **** [administrator]
10.03.2013 14:34:07
mbar-log-2013-03-10 (14-34-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29167
Time elapsed: 6 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Extras.txt Code:
ATTFilter OTL Extras logfile created on: 3/10/2013 5:22:22 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.34% Memory free
5.98 Gb Paging File | 4.42 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 704.75 Gb Free Space | 51.97% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
Computer Name: **** | User Name: Michael (Admin) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Mama\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BDD420-BEE3-4757-8B73-4400D3C2FF76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{081154FD-4BD6-4D3E-B4DD-034ABB245A9E}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C7BCED2-A274-479A-A820-7A9334BA3A8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F5EEAA4-B7BC-4E6F-AE28-766DA07ECEB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{137A422A-659E-40FB-BCBD-FC2EF588E32B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\wnt500x86\rpcsandrasrv.exe |
"{32FAFA57-191B-42D8-AA01-BB1DC32D1EE1}" = lport=139 | protocol=6 | dir=in | app=system |
"{35C6FF12-6E07-4D88-9DCC-347CE5A58A43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39787B2D-9344-4993-A819-149283233BDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{477735AE-6DE3-4E2E-A567-890B1C68A495}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56B0A882-D042-4E7A-A0A1-77B0E1A2BE3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83111EF6-3B5D-4585-8A88-1953CA8A095F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{885413BC-79E3-40EA-A4F6-C96B17E782E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95D4957E-3D46-4339-B786-238C7DE0557A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1113A94-CADA-4A52-9713-93D254EAF56B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A326B671-25D7-4652-9255-6B20A776B6C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AA90FDE1-E104-4E4E-B712-106FACA8E855}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADF31739-4261-4542-83DB-D0825F6915E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B11D7CA5-0E5B-4E17-A3B6-DA7A2CDD6476}" = lport=445 | protocol=6 | dir=in | app=system |
"{BBFC31C9-8B5E-427E-A54B-AFCFCC622551}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\rpcagentsrv.exe |
"{BFCBF6BA-EB46-4D9B-8092-A430B9AFFD49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C43A1297-239D-44C3-B766-3EE4BA209F66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6A82CAE-5CA6-4759-B3B4-F6024C378DC8}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFBDCDA6-31E1-4615-BD4D-A45FAB29932A}" = rport=137 | protocol=17 | dir=out | app=system |
"{D09EC676-4B88-4E9F-9F4F-5094ED0D345A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EC09FB01-A98E-4485-813A-9A3548AFF7CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F8963069-4C7C-4EA1-A6B3-699CB4099802}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA04E562-CF7D-4D52-829A-210D45CF101C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB8714EA-773B-4EBB-A0A5-0E472B6E4A1B}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025B4439-C8E6-4A9C-B1E3-698E6BC0587D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{05BBB873-E661-4782-9F90-796F1EA5B56A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{05BD0E42-0560-4F13-A1BD-E2419236439B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{09D6ACB4-5C2A-408B-820D-F55312E4B5BF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0BEEBAE9-A594-4B4C-B8FB-E38A1C512408}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{10FCA857-E15B-400F-A51F-233DB49601AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{126E07AC-F4B1-47F2-A105-16178F32ACCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3CDC7EF6-8B0D-4C9F-9235-112D29B7FB64}" = protocol=6 | dir=out | app=system |
"{402F2C71-6A03-4088-94B7-759890672A0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40699F8E-E818-492F-9588-E3ECAA8A29DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{434E95EF-7AE0-49A0-8E43-735568C6C61C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{435F4343-95EF-4E0C-8906-2F8DE14567DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{44245E84-3AC8-4605-8F69-BBC313354581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{462D52D5-8132-4189-AC0D-1058CD07EE3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F73A319-EDFB-49F1-A38E-22366D2F7764}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{55AA52AD-79A7-4E82-9881-0FFB7E454359}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6286C500-B42A-4A4E-A770-AD01C52F4969}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{6DA32599-D51D-4436-A15C-08EEBCF65D47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E0EBA9F-A16F-4EBD-BE27-F56F08F47EF7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7F166275-B998-4D67-A742-47CF0BF9D8F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{8E325D27-4762-4B64-BF13-BD363F32E255}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9387FF56-0DE7-4166-9EB3-47DBD191F0F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98DB6547-DDE7-458E-B8D4-03EF502FB92F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{ABCB539A-C10D-450F-AD29-991BD769A4EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{B159258D-673D-4DC2-B568-000A2621D7DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B3D78AC8-C0D1-418F-99FB-2C7C514B3F07}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{B4DEEBC0-F58D-4191-9074-61C6802A1B54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5F28D3F-EE11-4139-B5C7-4928D35CF22A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C2F3CEB8-9042-4A4A-AA8E-28431AAB362E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{C378AADD-C3E3-490B-B5F8-12E9A6FE8892}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C56237C2-FCFC-4719-BA38-BCF23A2A8253}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C95C480B-2FF3-481B-BBBA-4CB1D03225F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D3AB924B-33B2-4779-9DB8-0448BC8A517B}" = dir=in | app=c:\program files\hp\digital imaging\{f86d9734-d358-4c5b-bc2b-6d90557ff05b}\setup\hpznui01.exe |
"{D734EB0D-3C73-4B80-8677-6F355CA4D866}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D75DF847-7927-42CD-9C70-9426953ADD28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{DE173C8A-3FC4-4D6B-9C09-EBACEF1A62A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E64AF112-E418-4FF0-82F5-6F3EF47EAD66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F02E75B9-5648-4A69-9EE9-AFBFE0EFE3B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{F2A03B4B-AB0F-4854-A6C4-3139F653C99D}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{F54663A2-0757-42E7-9EE9-49E1A6241E35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F58CA0B3-DA16-42DE-8400-90FF6B026130}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F794D4E3-4B0E-4858-A8F4-67C7FF4AF7B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"TCP Query User{4362E10E-AD6D-455C-BA68-07D6CDB92176}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8A36537C-5743-450E-872D-6978F2785BF3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9AD7A9CF-628C-47D2-B68F-9A559548FDEA}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{EBA6CC89-B66F-441B-AA93-36285D4C231D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{0DAFEAD2-39CC-4156-905E-E6D93FCBA2AA}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{4D059C26-A92E-4A00-835C-F24292B78F51}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CC95DD6A-CAEA-4141-8212-4567CC330F3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E39241BF-8EAE-4F92-9537-8097765AD6EB}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.8.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP2
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MicroDicom" = MicroDicom 0.4.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PowerISO" = PowerISO
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freeciv-2.3.2-gtk2" = Freeciv 2.3.2 (GTK+ client)
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/5/2013 4:06:55 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 3/5/2013 4:08:26 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 3/6/2013 8:39:15 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 3/6/2013 8:42:00 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 3/6/2013 3:43:43 PM | Computer Name = **** | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description = Zertifikatdienstclient: der Anbieter pautoenr.dll konnte nicht geladen
werden. Fehlercode 5.
Error - 3/6/2013 3:43:43 PM | Computer Name = **** | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Zertifikatdienstclient: Die Anbieter konnten nicht als Antwort auf
Ereignis 512 aufgerufen werden. Fehlercode 2147942405.
Error - 3/8/2013 4:12:15 PM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 3/8/2013 4:13:36 PM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 3/10/2013 10:24:55 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 3/10/2013 10:26:10 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 3/4/2013 2:56:13 PM | Computer Name = **** | Source = DCOM | ID = 10016
Description =
Error - 3/5/2013 4:04:24 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/6/2013 3:48:43 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/6/2013 3:50:11 PM | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 3/6/2013 3:55:33 PM | Computer Name = **** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 3/6/2013 3:57:37 PM | Computer Name = **** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 3/6/2013 4:00:25 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/6/2013 4:03:39 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/6/2013 4:11:31 PM | Computer Name = **** | Source = bowser | ID = 8003
Description =
Error - 3/7/2013 4:23:17 PM | Computer Name = **** | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
< End of report >
Code:
ATTFilter OTL logfile created on: 3/10/2013 5:22:22 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.34% Memory free 5.98 Gb Paging File | 4.42 Gb Available in Paging File | 73.97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 704.75 Gb Free Space | 51.97% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS Computer Name: **** | User Name: Michael (Admin) | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe (Malwarebytes Corporation) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys File not found DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (InputFilter_Hid_FlexDef2b) -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys (Siliten) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys (SiSoftware) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes\{453456AD-2513-4DEE-BF59-9B11A8AF85E2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/ IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes,DefaultScope = {5D699F35-C133-45DA-B63E-388EF330146B} IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes\{5D699F35-C133-45DA-B63E-388EF330146B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.gmx.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 19:41:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/10 13:45:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 19:41:31 | 000,000,000 | ---D | M] [2011/10/13 19:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael (Admin)\AppData\Roaming\mozilla\Extensions [2012/09/11 17:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael (Admin)\AppData\Roaming\mozilla\Firefox\Profiles\5awd1a7g.default\extensions [2013/02/10 13:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/02/10 13:45:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll O1 HOSTS File: ([2012/09/21 13:51:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3271095012-286924583-1323677700-1003..\Run: [Validator] C:\Users\Mama\AppData\Roaming\Sun\{EF7D5DC7-0AB7-4A7D-83F8-B2D97B888680}\Validator.exe File not found O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/07 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\Michael (Admin)\AppData\Local\Programs [2013/02/21 11:59:13 | 000,000,000 | ---D | C] -- C:\Ryzhov [2013/02/21 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO [2013/02/14 22:16:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/02/14 22:16:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/02/14 22:16:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/02/14 22:16:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/02/14 22:16:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/02/14 22:16:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/02/14 22:16:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/02/14 22:16:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/02/14 08:54:41 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/02/14 08:53:42 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/14 08:53:41 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/14 08:53:00 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013/02/14 08:53:00 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/02/10 13:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/09 13:04:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/02/09 13:03:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/02/09 13:03:57 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/02/09 13:03:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/02/09 13:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013/03/10 17:12:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/10 14:31:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 14:31:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 14:24:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/10 14:24:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/10 14:24:11 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2013/03/06 13:13:54 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/21 11:37:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk [2013/02/18 05:36:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/02/18 05:36:03 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/18 05:36:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/02/18 05:36:03 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/18 05:27:58 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/18 05:27:58 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/02/15 19:32:17 | 000,346,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/02/09 13:03:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/02/09 13:03:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/02/09 13:03:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/02/09 13:03:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/02/09 13:03:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/02/09 13:03:52 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll ========== Files Created - No Company Name ========== [2012/09/21 13:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/21 13:45:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/21 13:45:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/21 13:45:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/21 13:45:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/02/24 13:56:47 | 011,304,960 | ---- | C] () -- C:\Users\Michael (Admin)\AppData\Roaming\Sandra.mdb [2011/12/20 12:08:33 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp [2011/10/13 19:39:14 | 000,266,579 | ---- | C] () -- C:\Windows\hpwins22.dat [2011/10/13 19:39:14 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/12/15 23:17:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\.freeciv [2012/05/29 17:17:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ALDI_SUED_Mah_Jong [2012/01/17 13:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\avidemux [2012/09/14 22:58:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FILEminimizerPictures [2012/06/07 14:51:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Foxit Software [2012/03/17 22:50:18 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Garmin [2012/03/14 23:13:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Mobile Atlas Creator [2011/11/28 21:12:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenOffice.org [2012/09/03 09:27:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PowerISO [2012/03/18 23:26:57 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TeamViewer [2011/10/24 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ALDI_SUED_Mah_Jong [2011/10/13 21:42:56 | 000,000,000 | ---D | M] -- C:\Users\Michael (Admin)\AppData\Roaming\ALDI_SUED_Mah_Jong [2012/01/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Users\Michael (Admin)\AppData\Roaming\avidemux [2012/09/11 17:33:27 | 000,000,000 | ---D | M] -- C:\Users\Michael (Admin)\AppData\Roaming\ESET [2012/05/26 18:52:50 | 000,000,000 | ---D | M] -- C:\Users\Michael (Admin)\AppData\Roaming\Garmin ========== Purity Check ========== < End of report > |
|
10.03.2013, 20:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner, die Hundertste... Dann bitte notieren was Kaspersky wo genau gefunden hat und dann hier posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.03.2013, 21:02
| #5 |
| | Groupon Trojaner, die Hundertste... als Anhang |
|
10.03.2013, 22:00
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner, die Hundertste... aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Groupon Trojaner, die Hundertste... |
|
10.03.2013, 23:31
| #7 |
| | Groupon Trojaner, die Hundertste... TDSSKiller Code:
ATTFilter 17:35:26.0242 6372 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:35:26.0305 6372 ============================================================
17:35:26.0305 6372 Current date / time: 2013/03/10 17:35:26.0305
17:35:26.0305 6372 SystemInfo:
17:35:26.0305 6372
17:35:26.0305 6372 OS Version: 6.1.7601 ServicePack: 1.0
17:35:26.0305 6372 Product type: Workstation
17:35:26.0305 6372 ComputerName: ****
17:35:26.0305 6372 UserName: Michael (Admin)
17:35:26.0305 6372 Windows directory: C:\Windows
17:35:26.0305 6372 System windows directory: C:\Windows
17:35:26.0305 6372 Processor architecture: Intel x86
17:35:26.0305 6372 Number of processors: 4
17:35:26.0305 6372 Page size: 0x1000
17:35:26.0305 6372 Boot type: Normal boot
17:35:26.0305 6372 ============================================================
17:35:31.0203 6372 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:35:31.0203 6372 ============================================================
17:35:31.0203 6372 \Device\Harddisk0\DR0:
17:35:31.0203 6372 MBR partitions:
17:35:31.0203 6372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:35:31.0203 6372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800
17:35:31.0203 6372 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000
17:35:31.0203 6372 ============================================================
17:35:31.0219 6372 C: <-> \Device\Harddisk0\DR0\Partition2
17:35:31.0265 6372 D: <-> \Device\Harddisk0\DR0\Partition3
17:35:31.0265 6372 ============================================================
17:35:31.0281 6372 Initialize success
17:35:31.0281 6372 ============================================================
17:35:45.0430 3248 ============================================================
17:35:45.0430 3248 Scan started
17:35:45.0430 3248 Mode: Manual; SigCheck; TDLFS;
17:35:45.0430 3248 ============================================================
17:35:45.0758 3248 ================ Scan system memory ========================
17:35:45.0758 3248 System memory - ok
17:35:45.0758 3248 ================ Scan services =============================
17:35:45.0820 3248 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:35:45.0883 3248 !SASCORE - ok
17:35:46.0054 3248 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:35:46.0101 3248 1394ohci - ok
17:35:46.0148 3248 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:35:46.0179 3248 ACPI - ok
17:35:46.0195 3248 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:35:46.0273 3248 AcpiPmi - ok
17:35:46.0366 3248 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:35:46.0398 3248 AdobeARMservice - ok
17:35:46.0429 3248 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:35:46.0460 3248 adp94xx - ok
17:35:46.0491 3248 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:35:46.0507 3248 adpahci - ok
17:35:46.0538 3248 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:35:46.0569 3248 adpu320 - ok
17:35:46.0585 3248 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:35:46.0616 3248 AeLookupSvc - ok
17:35:46.0663 3248 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:35:46.0710 3248 AFD - ok
17:35:46.0725 3248 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:35:46.0741 3248 agp440 - ok
17:35:46.0756 3248 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:35:46.0772 3248 aic78xx - ok
17:35:46.0788 3248 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:35:46.0834 3248 ALG - ok
17:35:46.0834 3248 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:35:46.0850 3248 aliide - ok
17:35:46.0881 3248 [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:35:46.0912 3248 AMD External Events Utility - ok
17:35:46.0944 3248 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:35:46.0959 3248 amdagp - ok
17:35:46.0975 3248 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:35:46.0990 3248 amdide - ok
17:35:46.0990 3248 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:35:47.0037 3248 AmdK8 - ok
17:35:47.0178 3248 [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:35:47.0271 3248 amdkmdag - ok
17:35:47.0302 3248 [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:35:47.0334 3248 amdkmdap - ok
17:35:47.0365 3248 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:35:47.0412 3248 AmdPPM - ok
17:35:47.0443 3248 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:35:47.0474 3248 amdsata - ok
17:35:47.0490 3248 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:35:47.0521 3248 amdsbs - ok
17:35:47.0536 3248 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:35:47.0536 3248 amdxata - ok
17:35:47.0583 3248 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:35:47.0646 3248 AppID - ok
17:35:47.0646 3248 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:35:47.0661 3248 AppIDSvc - ok
17:35:47.0692 3248 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:35:47.0739 3248 Appinfo - ok
17:35:47.0786 3248 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:35:47.0802 3248 arc - ok
17:35:47.0817 3248 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:35:47.0833 3248 arcsas - ok
17:35:47.0864 3248 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:35:47.0973 3248 AsyncMac - ok
17:35:48.0082 3248 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:35:48.0098 3248 atapi - ok
17:35:48.0145 3248 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:35:48.0348 3248 AtiHdmiService - ok
17:35:48.0426 3248 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:35:48.0488 3248 AudioEndpointBuilder - ok
17:35:48.0488 3248 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:35:48.0519 3248 Audiosrv - ok
17:35:48.0566 3248 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
17:35:48.0613 3248 AVP - ok
17:35:48.0644 3248 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:35:48.0706 3248 AxInstSV - ok
17:35:48.0722 3248 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:35:48.0753 3248 b06bdrv - ok
17:35:48.0784 3248 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:35:48.0816 3248 b57nd60x - ok
17:35:48.0831 3248 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:35:48.0862 3248 BDESVC - ok
17:35:48.0909 3248 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:35:48.0956 3248 Beep - ok
17:35:48.0987 3248 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:35:49.0065 3248 BFE - ok
17:35:49.0096 3248 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
17:35:49.0143 3248 BITS - ok
17:35:49.0159 3248 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:35:49.0174 3248 blbdrive - ok
17:35:49.0206 3248 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:35:49.0221 3248 bowser - ok
17:35:49.0237 3248 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:35:49.0284 3248 BrFiltLo - ok
17:35:49.0299 3248 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:35:49.0330 3248 BrFiltUp - ok
17:35:49.0362 3248 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:35:49.0408 3248 BridgeMP - ok
17:35:49.0440 3248 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:35:49.0471 3248 Browser - ok
17:35:49.0486 3248 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:35:49.0518 3248 Brserid - ok
17:35:49.0533 3248 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:35:49.0564 3248 BrSerWdm - ok
17:35:49.0580 3248 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:35:49.0596 3248 BrUsbMdm - ok
17:35:49.0642 3248 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:35:49.0674 3248 BrUsbSer - ok
17:35:49.0705 3248 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:35:49.0736 3248 BTHMODEM - ok
17:35:49.0767 3248 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:35:49.0814 3248 bthserv - ok
17:35:49.0908 3248 catchme - ok
17:35:49.0923 3248 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:35:49.0986 3248 cdfs - ok
17:35:50.0017 3248 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:35:50.0064 3248 cdrom - ok
17:35:50.0110 3248 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:35:50.0173 3248 CertPropSvc - ok
17:35:50.0204 3248 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:35:50.0220 3248 circlass - ok
17:35:50.0235 3248 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:35:50.0251 3248 CLFS - ok
17:35:50.0313 3248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:50.0344 3248 clr_optimization_v2.0.50727_32 - ok
17:35:50.0391 3248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:35:50.0422 3248 clr_optimization_v4.0.30319_32 - ok
17:35:50.0422 3248 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:35:50.0438 3248 CmBatt - ok
17:35:50.0454 3248 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:35:50.0469 3248 cmdide - ok
17:35:50.0485 3248 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
17:35:50.0500 3248 CNG - ok
17:35:50.0516 3248 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:35:50.0532 3248 Compbatt - ok
17:35:50.0547 3248 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:35:50.0578 3248 CompositeBus - ok
17:35:50.0578 3248 COMSysApp - ok
17:35:50.0594 3248 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:35:50.0594 3248 crcdisk - ok
17:35:50.0625 3248 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:35:50.0641 3248 CryptSvc - ok
17:35:50.0688 3248 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:35:50.0750 3248 DcomLaunch - ok
17:35:50.0797 3248 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:35:50.0859 3248 defragsvc - ok
17:35:50.0890 3248 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:35:50.0953 3248 DfsC - ok
17:35:51.0000 3248 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:35:51.0046 3248 Dhcp - ok
17:35:51.0062 3248 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:35:51.0093 3248 discache - ok
17:35:51.0109 3248 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:35:51.0124 3248 Disk - ok
17:35:51.0156 3248 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:35:51.0187 3248 Dnscache - ok
17:35:51.0218 3248 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:35:51.0265 3248 dot3svc - ok
17:35:51.0296 3248 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:35:51.0343 3248 DPS - ok
17:35:51.0374 3248 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:35:51.0405 3248 drmkaud - ok
17:35:51.0436 3248 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:35:51.0468 3248 DXGKrnl - ok
17:35:51.0468 3248 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:35:51.0514 3248 EapHost - ok
17:35:51.0608 3248 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:35:51.0733 3248 ebdrv - ok
17:35:51.0748 3248 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:35:51.0780 3248 EFS - ok
17:35:51.0811 3248 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:35:51.0858 3248 ehRecvr - ok
17:35:51.0889 3248 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:35:51.0904 3248 ehSched - ok
17:35:51.0936 3248 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:35:51.0967 3248 elxstor - ok
17:35:51.0982 3248 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:35:52.0014 3248 ErrDev - ok
17:35:52.0029 3248 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:35:52.0076 3248 EventSystem - ok
17:35:52.0092 3248 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:35:52.0123 3248 exfat - ok
17:35:52.0138 3248 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:35:52.0185 3248 fastfat - ok
17:35:52.0232 3248 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:35:52.0279 3248 Fax - ok
17:35:52.0294 3248 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:35:52.0310 3248 fdc - ok
17:35:52.0326 3248 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:35:52.0357 3248 fdPHost - ok
17:35:52.0372 3248 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:35:52.0388 3248 FDResPub - ok
17:35:52.0404 3248 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:35:52.0419 3248 FileInfo - ok
17:35:52.0419 3248 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:35:52.0450 3248 Filetrace - ok
17:35:52.0497 3248 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:35:52.0513 3248 flpydisk - ok
17:35:52.0528 3248 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:35:52.0544 3248 FltMgr - ok
17:35:52.0591 3248 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
17:35:52.0684 3248 FontCache - ok
17:35:52.0716 3248 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:35:52.0731 3248 FontCache3.0.0.0 - ok
17:35:52.0747 3248 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:35:52.0762 3248 FsDepends - ok
17:35:52.0778 3248 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:35:52.0794 3248 Fs_Rec - ok
17:35:52.0809 3248 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:35:52.0840 3248 fvevol - ok
17:35:52.0856 3248 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:35:52.0872 3248 gagp30kx - ok
17:35:52.0918 3248 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:35:52.0965 3248 gpsvc - ok
17:35:53.0012 3248 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:35:53.0043 3248 gupdate - ok
17:35:53.0043 3248 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:35:53.0059 3248 gupdatem - ok
17:35:53.0074 3248 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:35:53.0090 3248 hcw85cir - ok
17:35:53.0121 3248 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:35:53.0152 3248 HdAudAddService - ok
17:35:53.0168 3248 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:35:53.0184 3248 HDAudBus - ok
17:35:53.0199 3248 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:35:53.0230 3248 HidBatt - ok
17:35:53.0262 3248 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:35:53.0277 3248 HidBth - ok
17:35:53.0293 3248 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:35:53.0324 3248 HidIr - ok
17:35:53.0340 3248 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
17:35:53.0386 3248 hidserv - ok
17:35:53.0402 3248 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:35:53.0449 3248 HidUsb - ok
17:35:53.0496 3248 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:35:53.0558 3248 hkmsvc - ok
17:35:53.0605 3248 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:35:53.0636 3248 HomeGroupListener - ok
17:35:53.0714 3248 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:35:53.0761 3248 HomeGroupProvider - ok
17:35:53.0839 3248 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:35:53.0870 3248 hpqcxs08 - ok
17:35:53.0932 3248 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:35:53.0948 3248 hpqddsvc - ok
17:35:53.0979 3248 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:35:53.0995 3248 HpSAMD - ok
17:35:54.0026 3248 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:35:54.0042 3248 HPSLPSVC - ok
17:35:54.0104 3248 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:35:54.0166 3248 HTTP - ok
17:35:54.0182 3248 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:35:54.0198 3248 hwpolicy - ok
17:35:54.0229 3248 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:35:54.0244 3248 i8042prt - ok
17:35:54.0276 3248 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:35:54.0291 3248 iaStor - ok
17:35:54.0338 3248 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:35:54.0354 3248 IAStorDataMgrSvc - ok
17:35:54.0369 3248 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:35:54.0385 3248 iaStorV - ok
17:35:54.0447 3248 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:35:54.0494 3248 idsvc - ok
17:35:54.0510 3248 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:35:54.0525 3248 iirsp - ok
17:35:54.0556 3248 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:35:54.0588 3248 IKEEXT - ok
17:35:54.0634 3248 [ D6782400E92C62ED2BF3AF8ED4753738 ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
17:35:54.0666 3248 InputFilter_Hid_FlexDef2b - ok
17:35:54.0759 3248 [ 4BE85CF5831A41104C2DDED55FBC3565 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:35:54.0822 3248 IntcAzAudAddService - ok
17:35:54.0837 3248 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:35:54.0853 3248 intelide - ok
17:35:54.0884 3248 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:35:54.0931 3248 intelppm - ok
17:35:54.0946 3248 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:35:54.0993 3248 IPBusEnum - ok
17:35:55.0009 3248 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:35:55.0040 3248 IpFilterDriver - ok
17:35:55.0056 3248 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:35:55.0149 3248 iphlpsvc - ok
17:35:55.0165 3248 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:35:55.0196 3248 IPMIDRV - ok
17:35:55.0212 3248 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:35:55.0274 3248 IPNAT - ok
17:35:55.0305 3248 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:35:55.0336 3248 IRENUM - ok
17:35:55.0368 3248 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:35:55.0383 3248 isapnp - ok
17:35:55.0399 3248 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:35:55.0399 3248 iScsiPrt - ok
17:35:55.0414 3248 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:35:55.0430 3248 kbdclass - ok
17:35:55.0461 3248 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:35:55.0477 3248 kbdhid - ok
17:35:55.0477 3248 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:35:55.0492 3248 KeyIso - ok
17:35:55.0539 3248 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
17:35:55.0570 3248 kl1 - ok
17:35:55.0633 3248 [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
17:35:55.0664 3248 KLIF - ok
17:35:55.0711 3248 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
17:35:55.0711 3248 KLIM6 - ok
17:35:55.0726 3248 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
17:35:55.0742 3248 klkbdflt - ok
17:35:55.0742 3248 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
17:35:55.0758 3248 klmouflt - ok
17:35:55.0758 3248 [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
17:35:55.0773 3248 kltdi - ok
17:35:55.0804 3248 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
17:35:55.0820 3248 kneps - ok
17:35:55.0851 3248 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:35:55.0867 3248 KSecDD - ok
17:35:55.0882 3248 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:35:55.0898 3248 KSecPkg - ok
17:35:55.0960 3248 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:35:56.0070 3248 KtmRm - ok
17:35:56.0085 3248 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
17:35:56.0132 3248 LanmanServer - ok
17:35:56.0179 3248 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:35:56.0257 3248 LanmanWorkstation - ok
17:35:56.0257 3248 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:35:56.0319 3248 lltdio - ok
17:35:56.0335 3248 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:35:56.0366 3248 lltdsvc - ok
17:35:56.0366 3248 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:35:56.0397 3248 lmhosts - ok
17:35:56.0413 3248 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:35:56.0428 3248 LSI_FC - ok
17:35:56.0460 3248 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:35:56.0460 3248 LSI_SAS - ok
17:35:56.0475 3248 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:35:56.0491 3248 LSI_SAS2 - ok
17:35:56.0506 3248 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:35:56.0522 3248 LSI_SCSI - ok
17:35:56.0538 3248 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:35:56.0569 3248 luafv - ok
17:35:56.0647 3248 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:35:56.0662 3248 MBAMProtector - ok
17:35:56.0725 3248 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe
17:35:56.0756 3248 MBAMScheduler - ok
17:35:56.0772 3248 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe
17:35:56.0787 3248 MBAMService - ok
17:35:56.0834 3248 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:35:56.0865 3248 Mcx2Svc - ok
17:35:56.0865 3248 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:35:56.0881 3248 megasas - ok
17:35:56.0912 3248 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:35:56.0928 3248 MegaSR - ok
17:35:56.0943 3248 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:35:56.0974 3248 MMCSS - ok
17:35:56.0990 3248 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:35:57.0037 3248 Modem - ok
17:35:57.0052 3248 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:35:57.0068 3248 monitor - ok
17:35:57.0068 3248 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:35:57.0084 3248 mouclass - ok
17:35:57.0099 3248 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:35:57.0130 3248 mouhid - ok
17:35:57.0146 3248 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:35:57.0162 3248 mountmgr - ok
17:35:57.0224 3248 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:35:57.0255 3248 MozillaMaintenance - ok
17:35:57.0271 3248 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:35:57.0302 3248 mpio - ok
17:35:57.0318 3248 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:35:57.0364 3248 mpsdrv - ok
17:35:57.0396 3248 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:35:57.0442 3248 MpsSvc - ok
17:35:57.0458 3248 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:35:57.0474 3248 MRxDAV - ok
17:35:57.0520 3248 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:35:57.0552 3248 mrxsmb - ok
17:35:57.0598 3248 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:35:57.0630 3248 mrxsmb10 - ok
17:35:57.0645 3248 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:35:57.0692 3248 mrxsmb20 - ok
17:35:57.0708 3248 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:35:57.0739 3248 msahci - ok
17:35:57.0786 3248 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:35:57.0801 3248 msdsm - ok
17:35:57.0832 3248 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:35:57.0864 3248 MSDTC - ok
17:35:57.0879 3248 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:35:57.0910 3248 Msfs - ok
17:35:57.0926 3248 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:35:57.0957 3248 mshidkmdf - ok
17:35:57.0973 3248 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:35:57.0988 3248 msisadrv - ok
17:35:58.0004 3248 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:35:58.0035 3248 MSiSCSI - ok
17:35:58.0035 3248 msiserver - ok
17:35:58.0066 3248 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:35:58.0098 3248 MSKSSRV - ok
17:35:58.0144 3248 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:35:58.0176 3248 MSPCLOCK - ok
17:35:58.0191 3248 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:35:58.0207 3248 MSPQM - ok
17:35:58.0238 3248 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:35:58.0238 3248 MsRPC - ok
17:35:58.0254 3248 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:35:58.0269 3248 mssmbios - ok
17:35:58.0269 3248 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:35:58.0300 3248 MSTEE - ok
17:35:58.0316 3248 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:35:58.0332 3248 MTConfig - ok
17:35:58.0347 3248 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:35:58.0363 3248 Mup - ok
17:35:58.0394 3248 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:35:58.0425 3248 napagent - ok
17:35:58.0472 3248 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:35:58.0503 3248 NativeWifiP - ok
17:35:58.0534 3248 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:35:58.0566 3248 NDIS - ok
17:35:58.0581 3248 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:35:58.0612 3248 NdisCap - ok
17:35:58.0628 3248 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:35:58.0659 3248 NdisTapi - ok
17:35:58.0690 3248 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:35:58.0722 3248 Ndisuio - ok
17:35:58.0768 3248 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:35:58.0815 3248 NdisWan - ok
17:35:58.0862 3248 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:35:58.0893 3248 NDProxy - ok
17:35:58.0956 3248 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:35:58.0971 3248 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:35:58.0971 3248 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:35:58.0987 3248 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:35:59.0049 3248 NetBIOS - ok
17:35:59.0065 3248 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:35:59.0096 3248 NetBT - ok
17:35:59.0096 3248 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:35:59.0112 3248 Netlogon - ok
17:35:59.0143 3248 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:35:59.0190 3248 Netman - ok
17:35:59.0205 3248 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:35:59.0252 3248 netprofm - ok
17:35:59.0268 3248 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:35:59.0268 3248 NetTcpPortSharing - ok
17:35:59.0299 3248 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:35:59.0299 3248 nfrd960 - ok
17:35:59.0330 3248 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:35:59.0346 3248 NlaSvc - ok
17:35:59.0346 3248 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:35:59.0377 3248 Npfs - ok
17:35:59.0392 3248 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:35:59.0424 3248 nsi - ok
17:35:59.0424 3248 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:35:59.0455 3248 nsiproxy - ok
17:35:59.0502 3248 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:35:59.0564 3248 Ntfs - ok
17:35:59.0595 3248 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:35:59.0626 3248 Null - ok
17:35:59.0642 3248 [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
17:35:59.0658 3248 nusb3hub - ok
17:35:59.0689 3248 [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:35:59.0720 3248 nusb3xhc - ok
17:35:59.0736 3248 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:35:59.0751 3248 nvraid - ok
17:35:59.0767 3248 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:35:59.0782 3248 nvstor - ok
17:35:59.0814 3248 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:35:59.0829 3248 nv_agp - ok
17:35:59.0892 3248 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:35:59.0923 3248 odserv - ok
17:35:59.0954 3248 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:35:59.0985 3248 ohci1394 - ok
17:36:00.0016 3248 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:00.0032 3248 ose - ok
17:36:00.0048 3248 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:36:00.0079 3248 p2pimsvc - ok
17:36:00.0126 3248 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:36:00.0157 3248 p2psvc - ok
17:36:00.0172 3248 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:36:00.0204 3248 Parport - ok
17:36:00.0219 3248 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:36:00.0235 3248 partmgr - ok
17:36:00.0250 3248 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:36:00.0282 3248 Parvdm - ok
17:36:00.0282 3248 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:36:00.0313 3248 PcaSvc - ok
17:36:00.0344 3248 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:36:00.0360 3248 pci - ok
17:36:00.0375 3248 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:36:00.0391 3248 pciide - ok
17:36:00.0406 3248 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:36:00.0422 3248 pcmcia - ok
17:36:00.0422 3248 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:36:00.0438 3248 pcw - ok
17:36:00.0469 3248 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:36:00.0500 3248 PEAUTH - ok
17:36:00.0547 3248 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:36:00.0609 3248 pla - ok
17:36:00.0640 3248 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:36:00.0656 3248 PlugPlay - ok
17:36:00.0687 3248 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:36:00.0703 3248 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:36:00.0703 3248 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:36:00.0718 3248 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:36:00.0750 3248 PNRPAutoReg - ok
17:36:00.0765 3248 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:36:00.0781 3248 PNRPsvc - ok
17:36:00.0812 3248 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:36:00.0843 3248 PolicyAgent - ok
17:36:00.0874 3248 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:36:00.0952 3248 Power - ok
17:36:00.0984 3248 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:36:01.0030 3248 PptpMiniport - ok
17:36:01.0046 3248 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:36:01.0077 3248 Processor - ok
17:36:01.0108 3248 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:36:01.0124 3248 ProfSvc - ok
17:36:01.0140 3248 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:36:01.0155 3248 ProtectedStorage - ok
17:36:01.0186 3248 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:36:01.0218 3248 Psched - ok
17:36:01.0249 3248 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:36:01.0264 3248 PSI_SVC_2 - ok
17:36:01.0311 3248 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:36:01.0358 3248 ql2300 - ok
17:36:01.0389 3248 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:36:01.0405 3248 ql40xx - ok
17:36:01.0405 3248 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:36:01.0452 3248 QWAVE - ok
17:36:01.0467 3248 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:36:01.0498 3248 QWAVEdrv - ok
17:36:01.0514 3248 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:36:01.0545 3248 RasAcd - ok
17:36:01.0545 3248 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:36:01.0592 3248 RasAgileVpn - ok
17:36:01.0608 3248 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:36:01.0639 3248 RasAuto - ok
17:36:01.0639 3248 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:01.0686 3248 Rasl2tp - ok
17:36:01.0701 3248 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:36:01.0748 3248 RasMan - ok
17:36:01.0764 3248 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:01.0795 3248 RasPppoe - ok
17:36:01.0810 3248 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:36:01.0842 3248 RasSstp - ok
17:36:01.0888 3248 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:36:01.0935 3248 rdbss - ok
17:36:01.0951 3248 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:36:01.0982 3248 rdpbus - ok
17:36:02.0013 3248 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:02.0060 3248 RDPCDD - ok
17:36:02.0076 3248 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:36:02.0107 3248 RDPENCDD - ok
17:36:02.0122 3248 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:36:02.0154 3248 RDPREFMP - ok
17:36:02.0185 3248 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:36:02.0200 3248 RdpVideoMiniport - ok
17:36:02.0216 3248 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:36:02.0247 3248 RDPWD - ok
17:36:02.0278 3248 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:36:02.0294 3248 rdyboost - ok
17:36:02.0310 3248 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:36:02.0341 3248 RemoteAccess - ok
17:36:02.0356 3248 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:36:02.0388 3248 RemoteRegistry - ok
17:36:02.0403 3248 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:36:02.0434 3248 RpcEptMapper - ok
17:36:02.0450 3248 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:36:02.0466 3248 RpcLocator - ok
17:36:02.0497 3248 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:36:02.0528 3248 RpcSs - ok
17:36:02.0528 3248 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:36:02.0559 3248 rspndr - ok
17:36:02.0606 3248 [ 0516998076AD894AE7E362C3110AA071 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
17:36:02.0637 3248 RTL8167 - ok
17:36:02.0668 3248 [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
17:36:02.0684 3248 RTL8192su - ok
17:36:02.0700 3248 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:36:02.0715 3248 SamSs - ok
17:36:02.0793 3248 [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys
17:36:02.0809 3248 SANDRA - ok
17:36:02.0840 3248 [ 28D22B00901EE48BB98899ABAD5DA11E ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe
17:36:02.0856 3248 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
17:36:02.0856 3248 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
17:36:02.0902 3248 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:36:02.0918 3248 SASDIFSV - ok
17:36:02.0949 3248 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:36:02.0965 3248 SASKUTIL - ok
17:36:02.0996 3248 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:36:03.0012 3248 sbp2port - ok
17:36:03.0027 3248 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:36:03.0058 3248 SCardSvr - ok
17:36:03.0090 3248 [ B08CC192330FDE1510F28CF284F80026 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:36:03.0090 3248 SCDEmu - ok
17:36:03.0105 3248 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:36:03.0136 3248 scfilter - ok
17:36:03.0183 3248 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:36:03.0246 3248 Schedule - ok
17:36:03.0277 3248 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:36:03.0324 3248 SCPolicySvc - ok
17:36:03.0355 3248 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:36:03.0370 3248 SDRSVC - ok
17:36:03.0386 3248 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:36:03.0433 3248 secdrv - ok
17:36:03.0433 3248 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:36:03.0526 3248 seclogon - ok
17:36:03.0558 3248 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
17:36:03.0589 3248 SENS - ok
17:36:03.0636 3248 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:36:03.0667 3248 SensrSvc - ok
17:36:03.0698 3248 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:36:03.0729 3248 Serenum - ok
17:36:03.0745 3248 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:36:03.0760 3248 Serial - ok
17:36:03.0776 3248 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:36:03.0792 3248 sermouse - ok
17:36:03.0823 3248 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:36:03.0870 3248 SessionEnv - ok
17:36:03.0885 3248 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:36:03.0916 3248 sffdisk - ok
17:36:03.0932 3248 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:36:03.0948 3248 sffp_mmc - ok
17:36:03.0963 3248 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:36:03.0994 3248 sffp_sd - ok
17:36:04.0010 3248 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:36:04.0010 3248 sfloppy - ok
17:36:04.0057 3248 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:36:04.0119 3248 SharedAccess - ok
17:36:04.0150 3248 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:36:04.0197 3248 ShellHWDetection - ok
17:36:04.0228 3248 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:36:04.0244 3248 sisagp - ok
17:36:04.0260 3248 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:36:04.0275 3248 SiSRaid2 - ok
17:36:04.0306 3248 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:36:04.0322 3248 SiSRaid4 - ok
17:36:04.0353 3248 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:36:04.0400 3248 Smb - ok
17:36:04.0416 3248 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:36:04.0431 3248 SNMPTRAP - ok
17:36:04.0431 3248 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:36:04.0447 3248 spldr - ok
17:36:04.0478 3248 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:36:04.0494 3248 Spooler - ok
17:36:04.0587 3248 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:36:04.0650 3248 sppsvc - ok
17:36:04.0681 3248 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:36:04.0696 3248 sppuinotify - ok
17:36:04.0728 3248 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:36:04.0743 3248 srv - ok
17:36:04.0759 3248 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:36:04.0774 3248 srv2 - ok
17:36:04.0821 3248 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:36:04.0852 3248 srvnet - ok
17:36:04.0868 3248 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:36:04.0915 3248 SSDPSRV - ok
17:36:04.0930 3248 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:36:04.0962 3248 SstpSvc - ok
17:36:04.0977 3248 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:36:04.0993 3248 stexstor - ok
17:36:05.0024 3248 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:36:05.0055 3248 StillCam - ok
17:36:05.0086 3248 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:36:05.0118 3248 StiSvc - ok
17:36:05.0118 3248 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:36:05.0133 3248 swenum - ok
17:36:05.0149 3248 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:36:05.0180 3248 swprv - ok
17:36:05.0258 3248 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:36:05.0336 3248 SysMain - ok
17:36:05.0352 3248 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:36:05.0367 3248 TabletInputService - ok
17:36:05.0383 3248 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:36:05.0430 3248 TapiSrv - ok
17:36:05.0445 3248 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:36:05.0476 3248 TBS - ok
17:36:05.0539 3248 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:36:05.0586 3248 Tcpip - ok
17:36:05.0617 3248 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:36:05.0648 3248 TCPIP6 - ok
17:36:05.0679 3248 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:36:05.0695 3248 tcpipreg - ok
17:36:05.0726 3248 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:36:05.0742 3248 TDPIPE - ok
17:36:05.0773 3248 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:36:05.0788 3248 TDTCP - ok
17:36:05.0820 3248 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:36:05.0866 3248 tdx - ok
17:36:05.0882 3248 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:36:05.0898 3248 TermDD - ok
17:36:05.0929 3248 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:36:05.0960 3248 TermService - ok
17:36:05.0976 3248 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:36:05.0991 3248 Themes - ok
17:36:05.0991 3248 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:36:06.0022 3248 THREADORDER - ok
17:36:06.0038 3248 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:36:06.0069 3248 TrkWks - ok
17:36:06.0116 3248 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:36:06.0132 3248 TrustedInstaller - ok
17:36:06.0147 3248 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:36:06.0178 3248 tssecsrv - ok
17:36:06.0210 3248 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:36:06.0210 3248 TsUsbFlt - ok
17:36:06.0241 3248 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:36:06.0288 3248 tunnel - ok
17:36:06.0288 3248 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:36:06.0303 3248 uagp35 - ok
17:36:06.0319 3248 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:36:06.0350 3248 udfs - ok
17:36:06.0366 3248 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:36:06.0397 3248 UI0Detect - ok
17:36:06.0412 3248 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:36:06.0428 3248 uliagpkx - ok
17:36:06.0475 3248 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
17:36:06.0490 3248 umbus - ok
17:36:06.0506 3248 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:36:06.0537 3248 UmPass - ok
17:36:06.0553 3248 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:36:06.0584 3248 upnphost - ok
17:36:06.0584 3248 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:36:06.0615 3248 usbccgp - ok
17:36:06.0646 3248 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:36:06.0678 3248 usbcir - ok
17:36:06.0693 3248 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:36:06.0709 3248 usbehci - ok
17:36:06.0724 3248 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:36:06.0756 3248 usbhub - ok
17:36:06.0756 3248 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:36:06.0787 3248 usbohci - ok
17:36:06.0802 3248 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:36:06.0834 3248 usbprint - ok
17:36:06.0834 3248 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:36:06.0865 3248 USBSTOR - ok
17:36:06.0880 3248 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:36:06.0912 3248 usbuhci - ok
17:36:06.0912 3248 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:36:06.0943 3248 UxSms - ok
17:36:06.0958 3248 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:36:06.0974 3248 VaultSvc - ok
17:36:06.0990 3248 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:36:06.0990 3248 vdrvroot - ok
17:36:07.0021 3248 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:36:07.0083 3248 vds - ok
17:36:07.0099 3248 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:36:07.0099 3248 vga - ok
17:36:07.0114 3248 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:36:07.0146 3248 VgaSave - ok
17:36:07.0161 3248 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:36:07.0177 3248 vhdmp - ok
17:36:07.0192 3248 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:36:07.0208 3248 viaagp - ok
17:36:07.0208 3248 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:36:07.0224 3248 ViaC7 - ok
17:36:07.0224 3248 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:36:07.0239 3248 viaide - ok
17:36:07.0255 3248 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:36:07.0270 3248 volmgr - ok
17:36:07.0286 3248 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:36:07.0302 3248 volmgrx - ok
17:36:07.0317 3248 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:36:07.0333 3248 volsnap - ok
17:36:07.0348 3248 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:36:07.0364 3248 vsmraid - ok
17:36:07.0411 3248 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:36:07.0442 3248 VSS - ok
17:36:07.0442 3248 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:36:07.0458 3248 vwifibus - ok
17:36:07.0489 3248 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:36:07.0504 3248 vwififlt - ok
17:36:07.0504 3248 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:36:07.0551 3248 W32Time - ok
17:36:07.0567 3248 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:36:07.0582 3248 WacomPen - ok
17:36:07.0645 3248 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:36:07.0676 3248 WANARP - ok
17:36:07.0692 3248 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:36:07.0723 3248 Wanarpv6 - ok
17:36:07.0816 3248 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:36:07.0879 3248 WatAdminSvc - ok
17:36:07.0910 3248 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:36:07.0957 3248 wbengine - ok
17:36:07.0972 3248 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:36:08.0004 3248 WbioSrvc - ok
17:36:08.0050 3248 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:36:08.0097 3248 wcncsvc - ok
17:36:08.0113 3248 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:36:08.0144 3248 WcsPlugInService - ok
17:36:08.0160 3248 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:36:08.0175 3248 Wd - ok
17:36:08.0191 3248 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:36:08.0222 3248 Wdf01000 - ok
17:36:08.0238 3248 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:36:08.0269 3248 WdiServiceHost - ok
17:36:08.0269 3248 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:36:08.0284 3248 WdiSystemHost - ok
17:36:08.0331 3248 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:36:08.0362 3248 WebClient - ok
17:36:08.0362 3248 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:36:08.0409 3248 Wecsvc - ok
17:36:08.0409 3248 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:36:08.0440 3248 wercplsupport - ok
17:36:08.0472 3248 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:36:08.0518 3248 WerSvc - ok
17:36:08.0550 3248 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:36:08.0581 3248 WfpLwf - ok
17:36:08.0596 3248 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:36:08.0612 3248 WIMMount - ok
17:36:08.0659 3248 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:36:08.0706 3248 WinDefend - ok
17:36:08.0706 3248 WinHttpAutoProxySvc - ok
17:36:08.0737 3248 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:36:08.0784 3248 Winmgmt - ok
17:36:08.0830 3248 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:36:08.0893 3248 WinRM - ok
17:36:08.0940 3248 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:36:08.0955 3248 WinUsb - ok
17:36:08.0971 3248 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:36:09.0002 3248 Wlansvc - ok
17:36:09.0080 3248 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:36:09.0127 3248 wlidsvc - ok
17:36:09.0142 3248 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:36:09.0174 3248 WmiAcpi - ok
17:36:09.0189 3248 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:36:09.0205 3248 wmiApSrv - ok
17:36:09.0236 3248 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:36:09.0267 3248 WMPNetworkSvc - ok
17:36:09.0283 3248 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:36:09.0298 3248 WPCSvc - ok
17:36:09.0314 3248 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:36:09.0330 3248 WPDBusEnum - ok
17:36:09.0361 3248 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:36:09.0392 3248 ws2ifsl - ok
17:36:09.0392 3248 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
17:36:09.0423 3248 wscsvc - ok
17:36:09.0423 3248 WSearch - ok
17:36:09.0470 3248 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:36:09.0517 3248 wuauserv - ok
17:36:09.0532 3248 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:36:09.0548 3248 WudfPf - ok
17:36:09.0548 3248 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:36:09.0564 3248 WUDFRd - ok
17:36:09.0626 3248 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:36:09.0673 3248 wudfsvc - ok
17:36:09.0688 3248 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:36:09.0735 3248 WwanSvc - ok
17:36:09.0766 3248 ================ Scan global ===============================
17:36:09.0782 3248 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:36:09.0813 3248 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:36:09.0829 3248 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:36:09.0860 3248 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:36:09.0876 3248 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:36:09.0891 3248 [Global] - ok
17:36:09.0891 3248 ================ Scan MBR ==================================
17:36:09.0907 3248 [ AF00FC1920E1CF861B39B90A4375EDF3 ] \Device\Harddisk0\DR0
17:36:10.0983 3248 \Device\Harddisk0\DR0 - ok
17:36:10.0983 3248 ================ Scan VBR ==================================
17:36:10.0983 3248 [ D6C9AA1F982E43EF3694E2C514B6D894 ] \Device\Harddisk0\DR0\Partition1
17:36:10.0983 3248 \Device\Harddisk0\DR0\Partition1 - ok
17:36:11.0014 3248 [ 6906C902F0E51AF117D14BDF3646A777 ] \Device\Harddisk0\DR0\Partition2
17:36:11.0014 3248 \Device\Harddisk0\DR0\Partition2 - ok
17:36:11.0046 3248 [ 4A6508FACEA94B9FCABE01BDC850863E ] \Device\Harddisk0\DR0\Partition3
17:36:11.0046 3248 \Device\Harddisk0\DR0\Partition3 - ok
17:36:11.0046 3248 ============================================================
17:36:11.0046 3248 Scan finished
17:36:11.0046 3248 ============================================================
17:36:11.0061 6164 Detected object count: 3
17:36:11.0061 6164 Actual detected object count: 3
17:39:15.0207 6164 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:15.0207 6164 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:15.0207 6164 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:15.0207 6164 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:15.0207 6164 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:15.0207 6164 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 23:13:43
-----------------------------
23:13:43.376 OS Version: Windows 6.1.7601 Service Pack 1
23:13:43.376 Number of processors: 4 586 0x2505
23:13:43.376 ComputerName: **** UserName:
23:13:45.763 Initialize success
23:14:48.315 AVAST engine defs: 13031001
23:15:11.949 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:15:11.965 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
23:15:11.996 Disk 0 MBR read successfully
23:15:11.996 Disk 0 MBR scan
23:15:11.996 Disk 0 Windows 7 default MBR code
23:15:12.012 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:15:12.012 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1388713 MB offset 206848
23:15:12.043 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 2844291072
23:15:12.074 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 2928177152
23:15:12.074 Disk 0 scanning sectors +2930275120
23:15:12.137 Disk 0 scanning C:\Windows\system32\drivers
23:15:19.905 Service scanning
23:15:25.693 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
23:15:26.301 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
23:15:26.317 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
23:15:26.348 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
23:15:26.364 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
23:15:26.395 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
23:15:35.677 Modules scanning
23:15:41.496 Disk 0 trace - called modules:
23:15:41.527 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
23:15:41.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8862b030]
23:15:41.543 3 CLASSPNP.SYS[8c45259e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86adb028]
23:15:44.600 AVAST engine scan C:\Windows
23:15:47.845 AVAST engine scan C:\Windows\system32
23:18:02.863 AVAST engine scan C:\Windows\system32\drivers
23:18:14.470 AVAST engine scan C:\Users\Michael (Admin)
23:18:32.706 AVAST engine scan C:\ProgramData
23:19:52.095 Scan finished successfully
23:21:09.939 Disk 0 MBR has been saved successfully to "C:\xx 12.10.2011\sonstiges\Logdateien\aswMBR\MBR.dat"
23:21:09.939 The log file has been saved successfully to "C:\xx 12.10.2011\sonstiges\Logdateien\aswMBR\aswMBR.txt"
Code:
ATTFilter # AdwCleaner v2.114 - Datei am 10/03/2013 um 19:33:38 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Michael (Admin) - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mama\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\pwjbvhe7.default\searchplugins\11-suche.xml
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Michael (Admin)\AppData\Roaming\Mozilla\Firefox\Profiles\5awd1a7g.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\pwjbvhe7.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\zuqhyg52.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\Michael (Admin)\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1462 octets] - [15/09/2012 19:02:25]
AdwCleaner[R2].txt - [1489 octets] - [17/09/2012 10:04:44]
AdwCleaner[R3].txt - [1385 octets] - [10/03/2013 19:33:38]
AdwCleaner[S1].txt - [2203 octets] - [16/09/2012 16:37:29]
########## EOF - \AdwCleaner[R3].txt - [1505 octets] ##########
Geändert von windchill (10.03.2013 um 23:38 Uhr) |
|
11.03.2013, 09:40
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner, die Hundertste... Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2013, 20:33
| #9 |
| | Groupon Trojaner, die Hundertste...Code:
ATTFilter ComboFix 13-03-11.01 - Michael (Admin) 11.03.2013 20:18:32.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3063.1788 [GMT 1:00]
ausgeführt von:: c:\users\Mama\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-11 bis 2013-03-11 ))))))))))))))))))))))))))))))
.
.
2013-03-11 19:22 . 2013-03-11 19:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-11 19:22 . 2013-03-11 19:22 -------- d-----w- c:\users\Michael\AppData\Local\temp
2013-03-11 19:22 . 2013-03-11 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-08 17:28 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E24E6C-E531-4261-B533-E70610712608}\mpengine.dll
2013-03-07 20:22 . 2013-03-07 20:22 -------- d-----w- c:\users\Michael (Admin)\AppData\Local\Programs
2013-02-21 10:59 . 2013-02-21 11:01 -------- d-----w- C:\Ryzhov
2013-02-14 07:54 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 07:53 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-14 07:53 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 07:53 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 07:53 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 07:53 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 04:27 . 2012-04-05 17:55 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-18 04:27 . 2011-10-31 08:10 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 12:03 . 2013-02-09 12:03 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-09 12:03 . 2012-06-17 21:42 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-09 12:03 . 2010-08-30 10:05 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-27 13:35 . 2013-01-27 13:35 113608 ----a-w- c:\windows\system32\drivers\scdemu.sys
2013-01-17 00:28 . 2010-08-30 16:46 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-06 17:48 . 2012-06-08 10:38 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-12-16 14:13 . 2012-12-21 10:07 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 10:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 15:49 . 2012-09-10 16:50 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-10 12:45 . 2013-02-10 12:45 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-06 356376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Mama\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" [2013-02-16 1363016]
.
c:\users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 21:21 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-12-14 15:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware nochmal\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-07-30 08:56 162408 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2013-01-27 13:36 337432 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-06 20:05 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 12:12 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-12 19:27]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-12 19:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-11 20:24:27
ComboFix-quarantined-files.txt 2013-03-11 19:24
ComboFix2.txt 2012-09-21 12:53
.
Vor Suchlauf: 15 Verzeichnis(se), 767.219.314.688 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 767.019.126.784 Bytes frei
.
- - End Of File - - E67143A2A5C7D928EFBF1903047BD6CE
|
|
11.03.2013, 22:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner, die Hundertste... Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2013, 20:53
| #11 |
| | Groupon Trojaner, die Hundertste... Als Archiv im Anhang. |
|
12.03.2013, 23:48
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner, die Hundertste...Zitat:
 Sagt dir der Ordner c:\ryzhov\ ietwas? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 10:41
| #13 |
| | Groupon Trojaner, die Hundertste... Der Ordner sollte harmlos sein. Den habe ich erstellt. Das war eine ISO-Datei von einer MRT-CD, die meine Mutter von einem Bekannten aus Russland zugeschickt bekam (bzw. Download via Link) mit der Bitte, einen entsprechenden Facharzt zu suchen und ihm vorzulegen. => DICOM ist das universelle Format für Aufnahmen in der Medizin. Der Hauptfehler in dem Ordner ist, dass die Software zur Betrachtung der Bilder nicht mit dabei war. In dem Fall: Ordnername=Name ; Eigentlich wäre es mir lieber, wenn der ganze Ordner extern liegen würde. Nur ist da der Dateipfad zu lang für Windows. |
|
13.03.2013, 12:16
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Groupon Trojaner, die Hundertste... Ok, dann hab ich das falsch interpretiert, da ich DICOM nicht kannte  JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 12:24
| #15 |
| | Groupon Trojaner, die Hundertste... Das mache ich am Wochenende, da ich es bis dahin nicht schaffe, bei meinen Eltern vorbeizukommen. |
|
| Themen zu Groupon Trojaner, die Hundertste... |
| 32 bit, 7-zip, adobe reader xi, application/pdf:, bho, desktop, ebanking, error, eset smart security, fehler, fehlercode 2, fehlercode 21, festplatte, firefox, flash player, format, groupon, home, internet, internet security 2013, kaspersky, kaspersky internet security 2013, logfile, nodrives, office 2007, officejet, plug-in, prefetch, programm, realtek, registry, richtlinie, rundll, scan, schädling, senden, svchost.exe, taskhost.exe, tastatur, trojaner, udp, usb, windows |
Linear-Darstellung
