| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Von Trojaner in Groupon Mail erwischt!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.03.2013, 02:27
| #1 |
 |  Von Trojaner in Groupon Mail erwischt! Hallo liebes Trojaner-Board, den Rechner der Schwiegermutter hat es leider mit dem Trojaner erwischt, der derzeit ueber gefaelsche Groupon-Mails verteilt wird. Der Trojaner ist ja derzeit hoch im Kurs, wie man an den zahlreichen Threads sehen kann Bevor die ganzen Logfiles kommen, moechte ich mich schon einmal vorab fuer eure (nicht selbstverstaendliche) Hilfe bedanken  Finde es toll, dass ihr den vielen Nutzern da draußen zur Seite steht!Dann fangen wir man mit den Logs an: Mamb habe ich einmal QuickScan gemacht und einmal Total Scan. MBAM #1 Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.14.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***VAIO [Administrator] 09.03.2013 10:32:48 mbam-log-2013-03-09 (10-32-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 196196 Laufzeit: 6 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Unzaiz (IPH.Trojan.Zbot.Rke) -> Daten: C:\Users\***\AppData\Roaming\Opxuxa\kyoq.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 8 C:\Users\***\AppData\Roaming\Opxuxa\kyoq.exe (IPH.Trojan.Zbot.Rke) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\dxftdxftdp.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\fxlaeplaep.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\hrlzpwmkpw.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\ojnqojnqoj.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\plaenjoqnj.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\rszlrwpkmw.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\urvguqnjoq.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) MBAM #2 Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.09.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***VAIO [Administrator] 09.03.2013 16:17:25 mbam-log-2013-03-09 (16-17-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 328382 Laufzeit: 1 Stunde(n), 32 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|logonsxplay (Trojan.FakeMS.PRGen) -> Daten: "C:\Users\***\AppData\Roaming\logonsxplay.exe" -autorun -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\***\AppData\Roaming\logonsxplay.exe (Trojan.FakeMS.PRGen) -> Löschen bei Neustart. C:\Users\***\AppData\Roaming\Qeevt\ikfo.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:32 on 09/03/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
[CODE]<OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.03.2013 22:33:45 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,22 Gb Available Physical*** Memory | 74,70% Memory free 5,93 Gb Paging File | 5,14 Gb Available in Paging File | 86,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 251,75 Gb Free Space | 84,48% Space Free | Partition Type: NTFS Computer Name: ***VAIO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.icq.com/search/results.php?q=www%20.my2peu&ch_id=rsrh&icid=rs_ra IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 24 6F E9 91 91 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_ptnrs=U3&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4&apn_dtid=OSJ000YYDE&&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.12.24 16:23:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.12.24 16:23:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.17 16:35:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.25 09:48:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.24 07:36:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M] [2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.25 09:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions [2010.09.16 14:26:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.12.25 09:59:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions\toolbar@ask.com [2012.12.25 09:59:05 | 000,002,308 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\askcom.xml [2010.10.10 09:56:59 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin-1.xml [2010.06.25 19:58:07 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin-2.xml [2010.05.13 09:01:56 | 000,000,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif [2010.05.13 09:01:56 | 000,000,618 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src [2010.05.03 07:40:34 | 000,000,955 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.xml [2012.12.25 09:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2012.12.25 09:48:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2010.01.10 02:41:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://start.icq.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [Ihitibuql] C:\Users\***\AppData\Roaming\Qeevt\ikfo.exe File not found O4 - HKCU..\Run: [logonsxplay] "C:\Users\***\AppData\Roaming\logonsxplay.exe" -autorun File not found O4 - HKCU..\Run: [yvbnuzyr] C:\Users\***\AppData\Roaming\Fzsrlmkpwmk\rlzsruzyr.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD24621-C4EB-44F2-A186-64C0C34F0CA6}: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00F7F23-CF56-4DE2-9F0B-64D90B5216B3}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ufuv [2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qeevt [2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ifeso [2013.03.09 15:43:22 | 000,103,680 | ---- | C] (GMER) -- C:\pwldrpow.sys [2013.03.09 10:33:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.09 10:32:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.09 10:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.09 10:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.09 10:32:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.09 10:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.09 10:31:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Pyinfa [2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opxuxa [2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Iqdeeg [2013.03.06 18:13:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Fzsrlmkpwmk [2013.02.28 07:01:14 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.28 07:00:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.28 07:00:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 07:00:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 07:00:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 07:00:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 07:00:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 07:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 07:00:52 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.28 07:00:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.28 07:00:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.28 07:00:52 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.28 07:00:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.28 07:00:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.28 07:00:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.28 07:00:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.28 07:00:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.28 07:00:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.28 07:00:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.28 07:00:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.28 07:00:50 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.24 10:50:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.15 11:41:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.15 11:41:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.15 11:41:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.15 11:41:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.15 11:41:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.15 11:41:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.15 11:41:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.15 11:41:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.14 06:57:47 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.14 06:57:46 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.14 06:57:39 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.14 06:57:37 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.14 06:57:35 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll ========== Files - Modified Within 30 Days ========== [2013.03.09 22:30:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.09 22:30:43 | 2389,991,424 | -HS- | M] () -- C:\hiberfil.sys [2013.03.09 22:27:16 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job [2013.03.09 17:23:06 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job [2013.03.09 16:21:30 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 16:21:30 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 15:58:49 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.09 15:58:49 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.09 15:58:49 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.09 15:58:49 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.09 15:54:11 | 277,580,427 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.09 15:43:22 | 000,103,680 | ---- | M] (GMER) -- C:\pwldrpow.sys [2013.03.09 15:41:54 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\62t7zc1d.exe [2013.03.09 10:50:03 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.03.09 10:32:20 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.15 14:34:51 | 000,285,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.09 15:42:48 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\62t7zc1d.exe [2013.03.09 10:50:03 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.03.09 10:49:29 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.03.09 10:32:20 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.24 10:50:06 | 277,580,427 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.12.24 16:10:49 | 000,233,428 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.06.25 07:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.07.23 20:10:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL-Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.03.2013 22:33:45 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 74,70% Memory free
5,93 Gb Paging File | 5,14 Gb Available in Paging File | 86,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 251,75 Gb Free Space | 84,48% Space Free | Partition Type: NTFS
Computer Name: ***VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094996CA-E65F-44C8-835F-1C367872391C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{136DDA6F-E8EF-4DDD-8A0C-CB6ACFCCA7FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23F99119-898B-4280-B9D0-F0BCEDD67985}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2EBD564A-BB12-4DAB-9CA3-EB227AE3FC9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37A3B365-793C-423E-8256-C5CE6952D0F6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3ECBE7EA-B7ED-4C26-B07A-3CB4ED69381D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4C2AA18A-C09C-4AA2-ABBF-A6C53DE6AEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52AACB24-71F4-4F18-9F2E-78A7CEE86F47}" = lport=137 | protocol=17 | dir=in | app=system |
"{58D1B7EC-E59B-411B-9581-58232AEE8E49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59BFBA95-E959-4740-9C93-10F2B78CC668}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C773D43-62C7-46C2-8C3D-732C94537034}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D6C1BB8-9656-449E-A4E8-5CE1E69B5A51}" = lport=445 | protocol=6 | dir=in | app=system |
"{60A080A5-9451-4975-B537-C92088D350C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{75BC0315-C35D-4F6C-B74D-8B132964B754}" = rport=445 | protocol=6 | dir=out | app=system |
"{820FD69A-E5E4-412A-8583-E82C91F85C13}" = rport=138 | protocol=17 | dir=out | app=system |
"{84183F74-09C6-4D51-9113-53E4E24AE2E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87ABC2F3-E4F3-424B-81C9-108E6FF907CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8FC87411-A396-475D-9DCB-98DE816286FC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{8FCDD4C6-756C-41D1-887C-D799AEA4BB72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{90B5C03C-A4BB-418F-A945-FC3C8A1E62B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4688F0-4AA6-4CE0-9029-3EF1F88A97C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B646A19B-DB53-4747-9972-63444F300E7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D14012FD-843B-458A-B70A-FE603B489546}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0E71539-6B6D-446B-9D2C-8539F9DDE526}" = lport=139 | protocol=6 | dir=in | app=system |
"{E226B3FE-D929-4B74-A9BB-77F63A33BCD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E73BE68A-D554-4FEF-B59B-3EB2188121EC}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{EAB9748B-E62B-46D2-A48E-C66A5B19FB69}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F627807C-D229-49A5-A56E-DE6B6C543FC1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ED89ED-6DB0-4E3F-A568-0DE5A4759125}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{02E59A63-8B64-4D17-95CF-57E7BE9E7F37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{088B899C-C32D-44B6-BF66-C6C253DFA2BC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{08D1FE0E-702A-412B-A063-267D34F17471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{0E679BDB-25EF-4DDA-BBEF-29C66500BA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EAFEF0B-6C81-4B7F-84C0-B51B41BC17EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21110A92-AF21-4086-8AF9-3A458028E0CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{225AC6B8-34BD-4933-A4D5-219CEDD057AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25D9DE28-7A74-4CEB-849E-67CA37A03BE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{358F7079-8C20-4C36-AA51-442BC76A2800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40F6A69E-D5F5-4B7F-9761-DDD1DCA574B4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{426C8F29-A45D-4E6A-A1C0-D4F69A6934E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{581544E0-82D7-47B4-91A6-D0B4C8413143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5B776B19-39D8-4EF6-B17F-799B70432865}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5CB671D1-D686-4D35-AB1E-B1638D72622F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5E0DF78D-4DBA-4F8D-9A9C-5A6F98893DD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60D7477D-641E-4D19-BB53-17880C444F28}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{67E89227-B7B9-41A8-A172-5141E1487191}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{80AF329B-E351-45FE-8882-61143EA0550D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{826F2BC6-1106-4DB1-A485-0132878A8C75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{82EDF5DD-A661-46A3-9E93-FDFB45650CC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{875782A3-DBE0-400E-AB13-79398CE8406B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{908EAF06-0CCD-4DAE-9240-053CCC04EE8D}" = dir=in | app=d:\setup\hpznui01.exe |
"{917F978C-9A19-4CDC-BEFD-A6CA35DBF06F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9825950B-032D-4F47-A5E4-05985E2BC4FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A22F3D72-576C-4485-9DB3-264922CC472D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A76C0F74-5ACF-4331-9729-4B60DEBAF778}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AA264C12-D44E-4BA6-AFCA-39B5F2E48A99}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2FBE510-8E94-460A-A9AC-64756BF5A2DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{B75FE7C3-B654-4F16-A109-EC53684875A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD4935B2-D217-4CE5-BF66-5E5F621CC329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C376CA4F-78AC-41BE-ADDC-C5BEF387CF31}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C9080702-6DC2-4B00-8D8B-1997835C9060}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD9B3420-7237-4229-92DB-677ADC966293}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{D9E9D88C-FE42-447A-B0E1-A9ACA3AECB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCAED501-CA75-484A-9920-99E3A2FDED5D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{EB718348-5EA9-4984-B6E6-8BCD23FA74E6}" = protocol=6 | dir=out | app=system |
"{EB9EC25B-9F4C-4341-B422-A08D91BEB16A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EEB12239-5200-4F0E-8752-74523DD036A3}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{FD5CD563-7FBE-40B1-BB17-166E003C8785}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{FEC4EA92-D755-4913-8526-D976E3F4FC35}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"TCP Query User{90588771-C430-49C5-9F4D-9BFD73DFDABD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{D00D5291-8C66-47A5-9BA8-0EC67DAA22B7}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{E384F343-898A-4B12-A569-57D4B6A46E5B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F671D4FA-5F6D-4FE3-A8B0-0055714CEF0A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{FBC7383F-8398-4F44-BAFB-490DB0B60FB4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{3C673A55-CD7B-4CF2-9E0A-FE83DD99B956}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{6A426BC9-A06E-4053-90B0-4D7B98A376A9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{802B94D4-0BCE-4580-A566-53D071E93AE5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DEE0ECEC-D4E7-464E-A39F-15B50893093B}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{E4DBD2E1-D827-4279-9683-4E5AD78B142D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.08.2011 03:45:53 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.08.2011 03:45:53 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.08.2011 09:01:19 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.08.2011 09:01:19 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.08.2011 10:15:25 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.08.2011 10:15:25 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.08.2011 11:47:48 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.08.2011 11:47:48 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.08.2011 12:08:10 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.08.2011 12:08:10 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Cisco AnyConnect VPN Client Events ]
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
[ System Events ]
Error - 09.03.2013 10:47:38 | Computer Name = ***Vaio | Source = BugCheck | ID = 1001
Description =
Error - 09.03.2013 10:47:25 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 09.03.2013 10:47:25 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.03.2013 10:54:18 | Computer Name = ***Vaio | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?03.?2013 um 15:53:16 unerwartet heruntergefahren.
Error - 09.03.2013 10:54:26 | Computer Name = ***VAIO | Source = BugCheck | ID = 1001
Description =
Error - 09.03.2013 10:54:17 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 09.03.2013 10:54:17 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.03.2013 17:26:54 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.03.2013 17:30:52 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 09.03.2013 17:30:52 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
GMER Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 02:02:08
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9SA00 rev.FB4OC43C 298,09GB
Running: 62t7zc1d.exe; Driver: C:\Users\***\AppData\Local\Temp\pwldrpow.sys
---- System - GMER 2.1 ----
SSDT 90F088FE ZwCreateSection
SSDT 90F08908 ZwRequestWaitReplyPort
SSDT 90F08903 ZwSetContextThread
SSDT 90F0890D ZwSetSecurityObject
SSDT 90F08912 ZwSystemDebugControl
SSDT 90F0889F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A4B9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A851C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82A8C30C 4 Bytes [FE, 88, F0, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82A8C668 4 Bytes [08, 89, F0, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82A8C6AC 4 Bytes [03, 89, F0, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82A8C728 4 Bytes [0D, 89, F0, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82A8C77C 4 Bytes [12, 89, F0, 90]
.text ...
? System32\drivers\tvmmsbgh.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9161A000, 0x2D5378, 0xE8000020]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744624CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7444562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744456EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74462546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744585AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74454D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74455105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744551DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74456707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74458301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74458850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744590B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7445E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74454C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [744624CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [7444562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [744456EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74462546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [744585AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74454D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74455105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [744551DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74456707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74458301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74458850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [744590B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7445E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74454C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
---- EOF - GMER 2.1 ----
Vielen Dank fuer eure Mithilfe! Falls ich noch irgend etwas beisteuern kann, lasst es mich bitte wissen. Gerade hat Antivir noch 2 erkannt, welche nicht von MBAM erkannt wurden: Code:
ATTFilter TR/Yakes.cnls - \Users\***\AppData\Roaming\Fzsrlmkpwmk\rlzsruzyr.exe
TR/Jorik.Bublik.ca - \Users\***\AppData\Local\Temp\tmp4b6956ba\vv0603.wzw
Beste Grueße |
|
10.03.2013, 21:48
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Von Trojaner in Groupon Mail erwischt! Hallo und
__________________ Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
13.03.2013, 01:16
| #3 |
| | Von Trojaner in Groupon Mail erwischt! Hallo cosinus,
__________________danke, dass du dich meiner annimmst. Zuerst die Antwort auf deine Frage: Als Student bekommt man von der Uni Windows Professional Lizenzen (ich glaube bis zu 2 oder 3, kostenfrei). Genutzt wird der Laptop privat von den Schwiegereltern in spe. Ich habe nun alle Tests durchlaufen lassen. Hier die Logs: MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.12.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***VAIO [administrator]
12.03.2013 22:05:24
mbar-log-2013-03-12 (22-05-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28262
Time elapsed: 9 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-12 22:37:29
-----------------------------
22:37:29.673 OS Version: Windows 6.1.7601 Service Pack 1
22:37:29.673 Number of processors: 2 586 0xF0D
22:37:29.674 ComputerName: ANNAVAIO UserName: Anna
22:37:31.006 Initialize success
22:37:43.570 AVAST engine defs: 13031200
22:37:56.027 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:37:56.032 Disk 0 Vendor: Hitachi_HTS543232L9SA00 FB4OC43C Size: 305245MB BusType: 11
22:37:56.057 Disk 0 MBR read successfully
22:37:56.057 Disk 0 MBR scan
22:37:56.067 Disk 0 Windows 7 default MBR code
22:37:56.082 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:37:56.102 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
22:37:56.122 Disk 0 scanning sectors +625139712
22:37:56.222 Disk 0 scanning C:\Windows\system32\drivers
22:38:11.407 Service scanning
22:38:44.386 Modules scanning
22:38:57.348 Disk 0 trace - called modules:
22:38:57.388 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
22:38:57.398 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d62490]
22:38:57.403 3 CLASSPNP.SYS[8b00459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c91030]
22:38:58.613 AVAST engine scan C:\
00:46:22.616 Scan finished successfully
00:54:37.856 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
00:54:37.861 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR-00.54.txt"
Code:
ATTFilter 00:55:37.0139 3212 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:55:37.0379 3212 ============================================================
00:55:37.0379 3212 Current date / time: 2013/03/13 00:55:37.0379
00:55:37.0379 3212 SystemInfo:
00:55:37.0379 3212
00:55:37.0379 3212 OS Version: 6.1.7601 ServicePack: 1.0
00:55:37.0379 3212 Product type: Workstation
00:55:37.0379 3212 ComputerName: ANNAVAIO
00:55:37.0379 3212 UserName: Anna
00:55:37.0379 3212 Windows directory: C:\Windows
00:55:37.0379 3212 System windows directory: C:\Windows
00:55:37.0379 3212 Processor architecture: Intel x86
00:55:37.0379 3212 Number of processors: 2
00:55:37.0379 3212 Page size: 0x1000
00:55:37.0379 3212 Boot type: Normal boot
00:55:37.0379 3212 ============================================================
00:55:38.0971 3212 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:55:38.0976 3212 ============================================================
00:55:38.0976 3212 \Device\Harddisk0\DR0:
00:55:38.0976 3212 MBR partitions:
00:55:38.0976 3212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:55:38.0976 3212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
00:55:38.0976 3212 ============================================================
00:55:39.0086 3212 C: <-> \Device\Harddisk0\DR0\Partition2
00:55:39.0086 3212 ============================================================
00:55:39.0086 3212 Initialize success
00:55:39.0086 3212 ============================================================
00:56:26.0734 2120 ============================================================
00:56:26.0734 2120 Scan started
00:56:26.0734 2120 Mode: Manual; SigCheck; TDLFS;
00:56:26.0734 2120 ============================================================
00:56:27.0239 2120 ================ Scan system memory ========================
00:56:27.0239 2120 System memory - ok
00:56:27.0244 2120 ================ Scan services =============================
00:56:27.0476 2120 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:56:27.0591 2120 1394ohci - ok
00:56:27.0626 2120 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:56:27.0646 2120 ACPI - ok
00:56:27.0661 2120 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:56:27.0716 2120 AcpiPmi - ok
00:56:27.0806 2120 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:56:27.0821 2120 AdobeFlashPlayerUpdateSvc - ok
00:56:27.0876 2120 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:56:27.0926 2120 adp94xx - ok
00:56:27.0941 2120 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:56:27.0961 2120 adpahci - ok
00:56:27.0971 2120 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:56:27.0986 2120 adpu320 - ok
00:56:28.0026 2120 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:56:28.0076 2120 AeLookupSvc - ok
00:56:28.0121 2120 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
00:56:28.0176 2120 AFD - ok
00:56:28.0201 2120 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
00:56:28.0216 2120 agp440 - ok
00:56:28.0256 2120 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
00:56:28.0271 2120 aic78xx - ok
00:56:28.0326 2120 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
00:56:28.0361 2120 ALG - ok
00:56:28.0396 2120 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
00:56:28.0411 2120 aliide - ok
00:56:28.0446 2120 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:56:28.0501 2120 AMD External Events Utility - ok
00:56:28.0516 2120 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:56:28.0531 2120 amdagp - ok
00:56:28.0541 2120 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
00:56:28.0556 2120 amdide - ok
00:56:28.0591 2120 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:56:28.0641 2120 AmdK8 - ok
00:56:28.0651 2120 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:56:28.0679 2120 AmdPPM - ok
00:56:28.0713 2120 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:56:28.0728 2120 amdsata - ok
00:56:28.0738 2120 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:56:28.0758 2120 amdsbs - ok
00:56:28.0778 2120 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:56:28.0793 2120 amdxata - ok
00:56:28.0913 2120 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
00:56:28.0938 2120 AntiVirSchedulerService - ok
00:56:29.0003 2120 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
00:56:29.0018 2120 AntiVirService - ok
00:56:29.0058 2120 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
00:56:29.0188 2120 AppID - ok
00:56:29.0233 2120 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:56:29.0293 2120 AppIDSvc - ok
00:56:29.0333 2120 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
00:56:29.0368 2120 Appinfo - ok
00:56:29.0443 2120 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:56:29.0483 2120 Apple Mobile Device - ok
00:56:29.0528 2120 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
00:56:29.0563 2120 AppMgmt - ok
00:56:29.0598 2120 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
00:56:29.0618 2120 arc - ok
00:56:29.0628 2120 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:56:29.0643 2120 arcsas - ok
00:56:29.0668 2120 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:56:29.0778 2120 AsyncMac - ok
00:56:29.0813 2120 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
00:56:29.0828 2120 atapi - ok
00:56:29.0998 2120 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:56:30.0183 2120 atikmdag - ok
00:56:30.0253 2120 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:56:30.0298 2120 AudioEndpointBuilder - ok
00:56:30.0313 2120 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:56:30.0348 2120 Audiosrv - ok
00:56:30.0398 2120 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:56:30.0418 2120 avgntflt - ok
00:56:30.0468 2120 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:56:30.0483 2120 avipbb - ok
00:56:30.0523 2120 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:56:30.0538 2120 avkmgr - ok
00:56:30.0588 2120 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:56:30.0653 2120 AxInstSV - ok
00:56:30.0698 2120 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
00:56:30.0753 2120 b06bdrv - ok
00:56:30.0783 2120 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
00:56:30.0803 2120 b57nd60x - ok
00:56:30.0828 2120 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
00:56:30.0873 2120 BDESVC - ok
00:56:30.0898 2120 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
00:56:30.0928 2120 Beep - ok
00:56:30.0978 2120 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
00:56:31.0033 2120 BFE - ok
00:56:31.0083 2120 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
00:56:31.0143 2120 BITS - ok
00:56:31.0158 2120 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:56:31.0178 2120 blbdrive - ok
00:56:31.0293 2120 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:56:31.0308 2120 Bonjour Service - ok
00:56:31.0353 2120 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:56:31.0403 2120 bowser - ok
00:56:31.0433 2120 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:56:31.0473 2120 BrFiltLo - ok
00:56:31.0493 2120 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:56:31.0528 2120 BrFiltUp - ok
00:56:31.0583 2120 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
00:56:31.0638 2120 Browser - ok
00:56:31.0678 2120 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:56:31.0718 2120 Brserid - ok
00:56:31.0728 2120 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:56:31.0748 2120 BrSerWdm - ok
00:56:31.0763 2120 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:56:31.0798 2120 BrUsbMdm - ok
00:56:31.0813 2120 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:56:31.0838 2120 BrUsbSer - ok
00:56:31.0843 2120 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:56:31.0873 2120 BTHMODEM - ok
00:56:31.0913 2120 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
00:56:31.0963 2120 bthserv - ok
00:56:31.0993 2120 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:56:32.0033 2120 cdfs - ok
00:56:32.0093 2120 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:56:32.0133 2120 cdrom - ok
00:56:32.0183 2120 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
00:56:32.0233 2120 CertPropSvc - ok
00:56:32.0253 2120 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:56:32.0273 2120 circlass - ok
00:56:32.0308 2120 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
00:56:32.0333 2120 CLFS - ok
00:56:32.0408 2120 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:56:32.0433 2120 clr_optimization_v2.0.50727_32 - ok
00:56:32.0523 2120 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:56:32.0553 2120 clr_optimization_v4.0.30319_32 - ok
00:56:32.0578 2120 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:56:32.0593 2120 CmBatt - ok
00:56:32.0628 2120 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:56:32.0658 2120 cmdide - ok
00:56:32.0708 2120 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
00:56:32.0748 2120 CNG - ok
00:56:32.0778 2120 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:56:32.0793 2120 Compbatt - ok
00:56:32.0833 2120 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:56:32.0868 2120 CompositeBus - ok
00:56:32.0888 2120 COMSysApp - ok
00:56:32.0908 2120 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:56:32.0923 2120 crcdisk - ok
00:56:32.0973 2120 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:56:33.0013 2120 CryptSvc - ok
00:56:33.0058 2120 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
00:56:33.0108 2120 CSC - ok
00:56:33.0138 2120 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
00:56:33.0188 2120 CscService - ok
00:56:33.0228 2120 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
00:56:33.0273 2120 DcomLaunch - ok
00:56:33.0313 2120 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
00:56:33.0358 2120 defragsvc - ok
00:56:33.0408 2120 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:56:33.0483 2120 DfsC - ok
00:56:33.0553 2120 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
00:56:33.0588 2120 Dhcp - ok
00:56:33.0613 2120 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
00:56:33.0663 2120 discache - ok
00:56:33.0693 2120 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:56:33.0708 2120 Disk - ok
00:56:33.0753 2120 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:56:33.0818 2120 Dnscache - ok
00:56:33.0868 2120 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
00:56:33.0913 2120 dot3svc - ok
00:56:33.0958 2120 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
00:56:34.0015 2120 DPS - ok
00:56:34.0045 2120 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:56:34.0065 2120 drmkaud - ok
00:56:34.0115 2120 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:56:34.0150 2120 DXGKrnl - ok
00:56:34.0185 2120 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
00:56:34.0225 2120 EapHost - ok
00:56:34.0330 2120 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
00:56:34.0520 2120 ebdrv - ok
00:56:34.0545 2120 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
00:56:34.0595 2120 EFS - ok
00:56:34.0645 2120 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:56:34.0710 2120 ehRecvr - ok
00:56:34.0735 2120 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
00:56:34.0765 2120 ehSched - ok
00:56:34.0810 2120 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:56:34.0840 2120 elxstor - ok
00:56:34.0910 2120 [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
00:56:34.0945 2120 EPSON_PM_RPCV4_01 - ok
00:56:34.0955 2120 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:56:34.0980 2120 ErrDev - ok
00:56:35.0030 2120 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
00:56:35.0075 2120 EventSystem - ok
00:56:35.0090 2120 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
00:56:35.0130 2120 exfat - ok
00:56:35.0150 2120 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:56:35.0195 2120 fastfat - ok
00:56:35.0255 2120 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
00:56:35.0300 2120 Fax - ok
00:56:35.0320 2120 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:56:35.0350 2120 fdc - ok
00:56:35.0375 2120 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
00:56:35.0425 2120 fdPHost - ok
00:56:35.0440 2120 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
00:56:35.0490 2120 FDResPub - ok
00:56:35.0505 2120 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:56:35.0520 2120 FileInfo - ok
00:56:35.0535 2120 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:56:35.0575 2120 Filetrace - ok
00:56:35.0595 2120 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:56:35.0615 2120 flpydisk - ok
00:56:35.0645 2120 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:56:35.0665 2120 FltMgr - ok
00:56:35.0740 2120 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
00:56:35.0800 2120 FontCache - ok
00:56:35.0865 2120 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:56:35.0895 2120 FontCache3.0.0.0 - ok
00:56:35.0910 2120 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:56:35.0925 2120 FsDepends - ok
00:56:35.0965 2120 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:56:35.0980 2120 Fs_Rec - ok
00:56:36.0040 2120 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:56:36.0060 2120 fvevol - ok
00:56:36.0090 2120 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:56:36.0105 2120 gagp30kx - ok
00:56:36.0140 2120 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:56:36.0150 2120 GEARAspiWDM - ok
00:56:36.0200 2120 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
00:56:36.0240 2120 gpsvc - ok
00:56:36.0265 2120 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:56:36.0310 2120 hcw85cir - ok
00:56:36.0375 2120 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:56:36.0405 2120 HdAudAddService - ok
00:56:36.0430 2120 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:56:36.0460 2120 HDAudBus - ok
00:56:36.0480 2120 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:56:36.0510 2120 HidBatt - ok
00:56:36.0520 2120 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:56:36.0550 2120 HidBth - ok
00:56:36.0565 2120 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:56:36.0585 2120 HidIr - ok
00:56:36.0615 2120 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
00:56:36.0675 2120 hidserv - ok
00:56:36.0720 2120 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
00:56:36.0745 2120 HidUsb - ok
00:56:36.0775 2120 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:56:36.0815 2120 hkmsvc - ok
00:56:36.0865 2120 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:56:36.0925 2120 HomeGroupListener - ok
00:56:36.0965 2120 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:56:37.0005 2120 HomeGroupProvider - ok
00:56:37.0140 2120 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:56:37.0160 2120 hpqcxs08 - ok
00:56:37.0170 2120 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:56:37.0180 2120 hpqddsvc - ok
00:56:37.0225 2120 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:56:37.0240 2120 HpSAMD - ok
00:56:37.0275 2120 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
00:56:37.0300 2120 HPSLPSVC - ok
00:56:37.0370 2120 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:56:37.0455 2120 HTTP - ok
00:56:37.0545 2120 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:56:37.0590 2120 hwpolicy - ok
00:56:37.0650 2120 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:56:37.0700 2120 i8042prt - ok
00:56:37.0730 2120 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:56:37.0750 2120 iaStorV - ok
00:56:37.0820 2120 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:56:37.0855 2120 idsvc - ok
00:56:37.0905 2120 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:56:37.0920 2120 iirsp - ok
00:56:37.0990 2120 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
00:56:38.0050 2120 IKEEXT - ok
00:56:38.0070 2120 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
00:56:38.0085 2120 intelide - ok
00:56:38.0120 2120 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:56:38.0140 2120 intelppm - ok
00:56:38.0155 2120 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:56:38.0205 2120 IPBusEnum - ok
00:56:38.0225 2120 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:56:38.0265 2120 IpFilterDriver - ok
00:56:38.0320 2120 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:56:38.0370 2120 iphlpsvc - ok
00:56:38.0405 2120 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:56:38.0430 2120 IPMIDRV - ok
00:56:38.0445 2120 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:56:38.0485 2120 IPNAT - ok
00:56:38.0540 2120 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:56:38.0565 2120 iPod Service - ok
00:56:38.0610 2120 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:56:38.0655 2120 IRENUM - ok
00:56:38.0675 2120 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:56:38.0690 2120 isapnp - ok
00:56:38.0725 2120 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:56:38.0745 2120 iScsiPrt - ok
00:56:38.0785 2120 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:56:38.0800 2120 kbdclass - ok
00:56:38.0820 2120 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:56:38.0850 2120 kbdhid - ok
00:56:38.0870 2120 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
00:56:38.0885 2120 KeyIso - ok
00:56:38.0920 2120 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:56:38.0935 2120 KSecDD - ok
00:56:38.0970 2120 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:56:38.0985 2120 KSecPkg - ok
00:56:39.0025 2120 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
00:56:39.0065 2120 KtmRm - ok
00:56:39.0115 2120 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
00:56:39.0155 2120 LanmanServer - ok
00:56:39.0180 2120 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:56:39.0225 2120 LanmanWorkstation - ok
00:56:39.0275 2120 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:56:39.0320 2120 lltdio - ok
00:56:39.0350 2120 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:56:39.0405 2120 lltdsvc - ok
00:56:39.0425 2120 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
00:56:39.0465 2120 lmhosts - ok
00:56:39.0505 2120 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:56:39.0520 2120 LSI_FC - ok
00:56:39.0530 2120 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:56:39.0545 2120 LSI_SAS - ok
00:56:39.0550 2120 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:56:39.0565 2120 LSI_SAS2 - ok
00:56:39.0575 2120 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:56:39.0590 2120 LSI_SCSI - ok
00:56:39.0610 2120 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
00:56:39.0640 2120 luafv - ok
00:56:39.0665 2120 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:56:39.0685 2120 Mcx2Svc - ok
00:56:39.0695 2120 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:56:39.0705 2120 megasas - ok
00:56:39.0715 2120 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:56:39.0740 2120 MegaSR - ok
00:56:39.0765 2120 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
00:56:39.0805 2120 MMCSS - ok
00:56:39.0825 2120 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
00:56:39.0870 2120 Modem - ok
00:56:39.0905 2120 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:56:39.0935 2120 monitor - ok
00:56:39.0990 2120 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
00:56:40.0005 2120 mouclass - ok
00:56:40.0035 2120 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:56:40.0055 2120 mouhid - ok
00:56:40.0095 2120 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:56:40.0110 2120 mountmgr - ok
00:56:40.0150 2120 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
00:56:40.0170 2120 mpio - ok
00:56:40.0200 2120 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:56:40.0245 2120 mpsdrv - ok
00:56:40.0300 2120 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:56:40.0360 2120 MpsSvc - ok
00:56:40.0385 2120 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:56:40.0405 2120 MRxDAV - ok
00:56:40.0455 2120 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:56:40.0500 2120 mrxsmb - ok
00:56:40.0545 2120 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:56:40.0570 2120 mrxsmb10 - ok
00:56:40.0590 2120 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:56:40.0620 2120 mrxsmb20 - ok
00:56:40.0665 2120 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
00:56:40.0700 2120 msahci - ok
00:56:40.0720 2120 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:56:40.0740 2120 msdsm - ok
00:56:40.0750 2120 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
00:56:40.0780 2120 MSDTC - ok
00:56:40.0815 2120 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:56:40.0845 2120 Msfs - ok
00:56:40.0860 2120 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:56:40.0895 2120 mshidkmdf - ok
00:56:40.0930 2120 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:56:40.0945 2120 msisadrv - ok
00:56:40.0980 2120 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:56:41.0020 2120 MSiSCSI - ok
00:56:41.0025 2120 msiserver - ok
00:56:41.0055 2120 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:56:41.0085 2120 MSKSSRV - ok
00:56:41.0100 2120 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:56:41.0140 2120 MSPCLOCK - ok
00:56:41.0145 2120 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:56:41.0180 2120 MSPQM - ok
00:56:41.0200 2120 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:56:41.0215 2120 MsRPC - ok
00:56:41.0265 2120 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:56:41.0280 2120 mssmbios - ok
00:56:41.0305 2120 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:56:41.0335 2120 MSTEE - ok
00:56:41.0345 2120 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:56:41.0365 2120 MTConfig - ok
00:56:41.0400 2120 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
00:56:41.0415 2120 Mup - ok
00:56:41.0460 2120 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
00:56:41.0510 2120 napagent - ok
00:56:41.0545 2120 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:56:41.0565 2120 NativeWifiP - ok
00:56:41.0615 2120 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:56:41.0645 2120 NDIS - ok
00:56:41.0680 2120 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:56:41.0720 2120 NdisCap - ok
00:56:41.0750 2120 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:56:41.0790 2120 NdisTapi - ok
00:56:41.0840 2120 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:56:41.0870 2120 Ndisuio - ok
00:56:41.0905 2120 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:56:41.0940 2120 NdisWan - ok
00:56:41.0955 2120 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:56:41.0995 2120 NDProxy - ok
00:56:42.0045 2120 [ 80B7A96F908DA13617E7E6832C5C6A64 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:56:42.0065 2120 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:56:42.0065 2120 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:56:42.0100 2120 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:56:42.0135 2120 NetBIOS - ok
00:56:42.0175 2120 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:56:42.0210 2120 NetBT - ok
00:56:42.0225 2120 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
00:56:42.0240 2120 Netlogon - ok
00:56:42.0290 2120 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
00:56:42.0335 2120 Netman - ok
00:56:42.0365 2120 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
00:56:42.0410 2120 netprofm - ok
00:56:42.0445 2120 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:56:42.0460 2120 NetTcpPortSharing - ok
00:56:42.0600 2120 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
00:56:42.0770 2120 netw5v32 - ok
00:56:42.0805 2120 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:56:42.0820 2120 nfrd960 - ok
00:56:42.0860 2120 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
00:56:42.0895 2120 NlaSvc - ok
00:56:42.0910 2120 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:56:42.0940 2120 Npfs - ok
00:56:42.0975 2120 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
00:56:43.0010 2120 nsi - ok
00:56:43.0020 2120 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:56:43.0055 2120 nsiproxy - ok
00:56:43.0130 2120 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:56:43.0180 2120 Ntfs - ok
00:56:43.0200 2120 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
00:56:43.0245 2120 Null - ok
00:56:43.0255 2120 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:56:43.0275 2120 nvraid - ok
00:56:43.0310 2120 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:56:43.0330 2120 nvstor - ok
00:56:43.0340 2120 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:56:43.0355 2120 nv_agp - ok
00:56:43.0370 2120 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:56:43.0400 2120 ohci1394 - ok
00:56:43.0425 2120 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:56:43.0465 2120 p2pimsvc - ok
00:56:43.0500 2120 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
00:56:43.0545 2120 p2psvc - ok
00:56:43.0570 2120 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:56:43.0595 2120 Parport - ok
00:56:43.0635 2120 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:56:43.0670 2120 partmgr - ok
00:56:43.0680 2120 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
00:56:43.0700 2120 Parvdm - ok
00:56:43.0735 2120 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:56:43.0760 2120 PcaSvc - ok
00:56:43.0805 2120 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
00:56:43.0820 2120 pci - ok
00:56:43.0830 2120 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
00:56:43.0845 2120 pciide - ok
00:56:43.0880 2120 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:56:43.0895 2120 pcmcia - ok
00:56:43.0915 2120 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
00:56:43.0930 2120 pcw - ok
00:56:43.0965 2120 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:56:44.0005 2120 PEAUTH - ok
00:56:44.0055 2120 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:56:44.0100 2120 PeerDistSvc - ok
00:56:44.0185 2120 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
00:56:44.0260 2120 pla - ok
00:56:44.0305 2120 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:56:44.0350 2120 PlugPlay - ok
00:56:44.0430 2120 [ 0C155C5D8942B3CBCF9506A9D376B9AD ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:56:44.0435 2120 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:56:44.0435 2120 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:56:44.0460 2120 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:56:44.0485 2120 PNRPAutoReg - ok
00:56:44.0505 2120 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:56:44.0525 2120 PNRPsvc - ok
00:56:44.0570 2120 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:56:44.0630 2120 PolicyAgent - ok
00:56:44.0675 2120 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
00:56:44.0705 2120 Power - ok
00:56:44.0740 2120 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:56:44.0785 2120 PptpMiniport - ok
00:56:44.0800 2120 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:56:44.0820 2120 Processor - ok
00:56:44.0860 2120 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
00:56:44.0915 2120 ProfSvc - ok
00:56:44.0935 2120 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:56:44.0950 2120 ProtectedStorage - ok
00:56:44.0995 2120 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:56:45.0030 2120 Psched - ok
00:56:45.0085 2120 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:56:45.0130 2120 ql2300 - ok
00:56:45.0155 2120 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:56:45.0175 2120 ql40xx - ok
00:56:45.0210 2120 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
00:56:45.0245 2120 QWAVE - ok
00:56:45.0265 2120 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:56:45.0295 2120 QWAVEdrv - ok
00:56:45.0305 2120 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:56:45.0350 2120 RasAcd - ok
00:56:45.0375 2120 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:56:45.0405 2120 RasAgileVpn - ok
00:56:45.0435 2120 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
00:56:45.0470 2120 RasAuto - ok
00:56:45.0500 2120 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:56:45.0545 2120 Rasl2tp - ok
00:56:45.0595 2120 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
00:56:45.0650 2120 RasMan - ok
00:56:45.0660 2120 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:56:45.0700 2120 RasPppoe - ok
00:56:45.0715 2120 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:56:45.0750 2120 RasSstp - ok
00:56:45.0775 2120 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:56:45.0815 2120 rdbss - ok
00:56:45.0840 2120 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:56:45.0855 2120 rdpbus - ok
00:56:45.0890 2120 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:56:45.0955 2120 RDPCDD - ok
00:56:45.0995 2120 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:56:46.0035 2120 RDPDR - ok
00:56:46.0050 2120 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:56:46.0090 2120 RDPENCDD - ok
00:56:46.0105 2120 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:56:46.0135 2120 RDPREFMP - ok
00:56:46.0215 2120 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:56:46.0275 2120 RdpVideoMiniport - ok
00:56:46.0315 2120 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:56:46.0365 2120 RDPWD - ok
00:56:46.0405 2120 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:56:46.0425 2120 rdyboost - ok
00:56:46.0450 2120 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
00:56:46.0495 2120 RemoteAccess - ok
00:56:46.0520 2120 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:56:46.0675 2120 RemoteRegistry - ok
00:56:46.0730 2120 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
00:56:46.0785 2120 RimUsb - ok
00:56:46.0840 2120 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
00:56:46.0875 2120 RimVSerPort - ok
00:56:46.0915 2120 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
00:56:46.0965 2120 ROOTMODEM - ok
00:56:47.0000 2120 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:56:47.0049 2120 RpcEptMapper - ok
00:56:47.0081 2120 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
00:56:47.0137 2120 RpcLocator - ok
00:56:47.0192 2120 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
00:56:47.0232 2120 RpcSs - ok
00:56:47.0262 2120 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:56:47.0307 2120 rspndr - ok
00:56:47.0342 2120 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:56:47.0382 2120 s3cap - ok
00:56:47.0392 2120 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
00:56:47.0407 2120 SamSs - ok
00:56:47.0437 2120 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:56:47.0452 2120 sbp2port - ok
00:56:47.0477 2120 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:56:47.0512 2120 SCardSvr - ok
00:56:47.0532 2120 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:56:47.0567 2120 scfilter - ok
00:56:47.0622 2120 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
00:56:47.0687 2120 Schedule - ok
00:56:47.0707 2120 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:56:47.0737 2120 SCPolicySvc - ok
00:56:47.0857 2120 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
00:56:47.0882 2120 sdbus - ok
00:56:48.0032 2120 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:56:48.0202 2120 SDRSVC - ok
00:56:48.0277 2120 [ 0F656D23F7956E9385E0A03F945EE338 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:56:48.0302 2120 SeaPort - ok
00:56:48.0342 2120 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:56:48.0407 2120 secdrv - ok
00:56:48.0432 2120 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
00:56:48.0477 2120 seclogon - ok
00:56:48.0502 2120 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
00:56:48.0547 2120 SENS - ok
00:56:48.0572 2120 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:56:48.0612 2120 SensrSvc - ok
00:56:48.0642 2120 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:56:48.0662 2120 Serenum - ok
00:56:48.0682 2120 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:56:48.0707 2120 Serial - ok
00:56:48.0747 2120 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:56:48.0762 2120 sermouse - ok
00:56:48.0802 2120 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
00:56:48.0842 2120 SessionEnv - ok
00:56:48.0877 2120 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
00:56:48.0922 2120 SFEP - ok
00:56:48.0957 2120 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
00:56:48.0977 2120 sffdisk - ok
00:56:48.0992 2120 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:56:49.0012 2120 sffp_mmc - ok
00:56:49.0022 2120 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
00:56:49.0042 2120 sffp_sd - ok
00:56:49.0062 2120 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:56:49.0077 2120 sfloppy - ok
00:56:49.0117 2120 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:56:49.0162 2120 SharedAccess - ok
00:56:49.0207 2120 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:56:49.0262 2120 ShellHWDetection - ok
00:56:49.0297 2120 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:56:49.0312 2120 sisagp - ok
00:56:49.0352 2120 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:56:49.0367 2120 SiSRaid2 - ok
00:56:49.0387 2120 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:56:49.0402 2120 SiSRaid4 - ok
00:56:49.0432 2120 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:56:49.0467 2120 Smb - ok
00:56:49.0502 2120 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:56:49.0542 2120 SNMPTRAP - ok
00:56:49.0577 2120 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
00:56:49.0592 2120 spldr - ok
00:56:49.0652 2120 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
00:56:49.0682 2120 Spooler - ok
00:56:49.0792 2120 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
00:56:49.0917 2120 sppsvc - ok
00:56:49.0962 2120 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:56:50.0002 2120 sppuinotify - ok
00:56:50.0032 2120 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:56:50.0082 2120 srv - ok
00:56:50.0102 2120 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:56:50.0132 2120 srv2 - ok
00:56:50.0177 2120 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:56:50.0207 2120 SrvHsfHDA - ok
00:56:50.0237 2120 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:56:50.0272 2120 SrvHsfV92 - ok
00:56:50.0302 2120 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:56:50.0327 2120 SrvHsfWinac - ok
00:56:50.0342 2120 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:56:50.0357 2120 srvnet - ok
00:56:50.0382 2120 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:56:50.0427 2120 SSDPSRV - ok
00:56:50.0492 2120 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
00:56:50.0502 2120 ssmdrv - ok
00:56:50.0522 2120 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:56:50.0562 2120 SstpSvc - ok
00:56:50.0587 2120 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:56:50.0602 2120 stexstor - ok
00:56:50.0637 2120 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
00:56:50.0662 2120 StillCam - ok
00:56:50.0707 2120 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
00:56:50.0742 2120 StiSvc - ok
00:56:50.0787 2120 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:56:50.0802 2120 storflt - ok
00:56:50.0832 2120 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
00:56:50.0852 2120 StorSvc - ok
00:56:50.0882 2120 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:56:50.0897 2120 storvsc - ok
00:56:50.0917 2120 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
00:56:50.0932 2120 swenum - ok
00:56:50.0972 2120 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
00:56:51.0012 2120 swprv - ok
00:56:51.0082 2120 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
00:56:51.0157 2120 SysMain - ok
00:56:51.0192 2120 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:56:51.0232 2120 TabletInputService - ok
00:56:51.0287 2120 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
00:56:51.0343 2120 TapiSrv - ok
00:56:51.0389 2120 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
00:56:51.0434 2120 TBS - ok
00:56:51.0504 2120 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:56:51.0554 2120 Tcpip - ok
00:56:51.0604 2120 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:56:51.0644 2120 TCPIP6 - ok
00:56:51.0679 2120 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:56:51.0704 2120 tcpipreg - ok
00:56:51.0744 2120 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:56:51.0784 2120 TDPIPE - ok
00:56:51.0824 2120 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:56:51.0879 2120 TDTCP - ok
00:56:51.0924 2120 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:56:51.0964 2120 tdx - ok
00:56:52.0279 2120 [ 01CC3B9349B244C752CDD99EFDA080BB ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
00:56:52.0539 2120 TeamViewer8 - ok
00:56:52.0554 2120 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:56:52.0569 2120 TermDD - ok
00:56:52.0619 2120 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
00:56:52.0659 2120 TermService - ok
00:56:52.0689 2120 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
00:56:52.0724 2120 Themes - ok
00:56:52.0744 2120 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
00:56:52.0774 2120 THREADORDER - ok
00:56:52.0799 2120 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
00:56:52.0844 2120 TrkWks - ok
00:56:52.0899 2120 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:56:52.0944 2120 TrustedInstaller - ok
00:56:52.0964 2120 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:56:53.0004 2120 tssecsrv - ok
00:56:53.0044 2120 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:56:53.0099 2120 TsUsbFlt - ok
00:56:53.0179 2120 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:56:53.0254 2120 tunnel - ok
00:56:53.0276 2120 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:56:53.0296 2120 uagp35 - ok
00:56:53.0336 2120 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:56:53.0386 2120 udfs - ok
00:56:53.0416 2120 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:56:53.0441 2120 UI0Detect - ok
00:56:53.0471 2120 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:56:53.0486 2120 uliagpkx - ok
00:56:53.0536 2120 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
00:56:53.0571 2120 umbus - ok
00:56:53.0591 2120 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:56:53.0621 2120 UmPass - ok
00:56:53.0666 2120 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
00:56:53.0696 2120 UmRdpService - ok
00:56:53.0721 2120 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
00:56:53.0771 2120 upnphost - ok
00:56:53.0811 2120 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:56:53.0856 2120 usbccgp - ok
00:56:53.0891 2120 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:56:53.0921 2120 usbcir - ok
00:56:53.0936 2120 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:56:53.0951 2120 usbehci - ok
00:56:54.0001 2120 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:56:54.0016 2120 usbhub - ok
00:56:54.0036 2120 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:56:54.0056 2120 usbohci - ok
00:56:54.0096 2120 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:56:54.0116 2120 usbprint - ok
00:56:54.0146 2120 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:56:54.0181 2120 usbscan - ok
00:56:54.0196 2120 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:56:54.0231 2120 USBSTOR - ok
00:56:54.0276 2120 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:56:54.0286 2120 usbuhci - ok
00:56:54.0321 2120 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:56:54.0341 2120 usbvideo - ok
00:56:54.0366 2120 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
00:56:54.0396 2120 UxSms - ok
00:56:54.0416 2120 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
00:56:54.0431 2120 VaultSvc - ok
00:56:54.0476 2120 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:56:54.0491 2120 vdrvroot - ok
00:56:54.0541 2120 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
00:56:54.0586 2120 vds - ok
00:56:54.0621 2120 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:56:54.0636 2120 vga - ok
00:56:54.0656 2120 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
00:56:54.0701 2120 VgaSave - ok
00:56:54.0741 2120 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:56:54.0761 2120 vhdmp - ok
00:56:54.0796 2120 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:56:54.0811 2120 viaagp - ok
00:56:54.0836 2120 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
00:56:54.0861 2120 ViaC7 - ok
00:56:54.0876 2120 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
00:56:54.0891 2120 viaide - ok
00:56:54.0911 2120 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:56:54.0926 2120 vmbus - ok
00:56:54.0946 2120 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:56:54.0976 2120 VMBusHID - ok
00:56:54.0991 2120 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:56:55.0006 2120 volmgr - ok
00:56:55.0026 2120 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:56:55.0046 2120 volmgrx - ok
00:56:55.0071 2120 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:56:55.0091 2120 volsnap - ok
00:56:55.0151 2120 [ E4D2305EBB9DE0871A1E13294D0F349B ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
00:56:55.0176 2120 vpnagent - ok
00:56:55.0196 2120 [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
00:56:55.0206 2120 vpnva - ok
00:56:55.0246 2120 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:56:55.0261 2120 vsmraid - ok
00:56:55.0311 2120 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
00:56:55.0371 2120 VSS - ok
00:56:55.0391 2120 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:56:55.0416 2120 vwifibus - ok
00:56:55.0451 2120 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
00:56:55.0496 2120 W32Time - ok
00:56:55.0521 2120 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:56:55.0551 2120 WacomPen - ok
00:56:55.0601 2120 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:56:55.0646 2120 WANARP - ok
00:56:55.0651 2120 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:56:55.0681 2120 Wanarpv6 - ok
00:56:55.0746 2120 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
00:56:55.0811 2120 wbengine - ok
00:56:55.0846 2120 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:56:55.0886 2120 WbioSrvc - ok
00:56:55.0921 2120 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:56:55.0961 2120 wcncsvc - ok
00:56:55.0971 2120 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:56:56.0011 2120 WcsPlugInService - ok
00:56:56.0046 2120 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:56:56.0061 2120 Wd - ok
00:56:56.0121 2120 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:56:56.0166 2120 Wdf01000 - ok
00:56:56.0201 2120 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:56:56.0266 2120 WdiServiceHost - ok
00:56:56.0271 2120 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:56:56.0291 2120 WdiSystemHost - ok
00:56:56.0331 2120 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
00:56:56.0361 2120 WebClient - ok
00:56:56.0406 2120 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:56:56.0446 2120 Wecsvc - ok
00:56:56.0456 2120 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:56:56.0496 2120 wercplsupport - ok
00:56:56.0521 2120 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
00:56:56.0566 2120 WerSvc - ok
00:56:56.0596 2120 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:56:56.0626 2120 WfpLwf - ok
00:56:56.0651 2120 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:56:56.0666 2120 WIMMount - ok
00:56:56.0741 2120 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:56:56.0786 2120 WinDefend - ok
00:56:56.0791 2120 WinHttpAutoProxySvc - ok
00:56:56.0831 2120 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:56:56.0861 2120 Winmgmt - ok
00:56:56.0931 2120 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
00:56:56.0996 2120 WinRM - ok
00:56:57.0061 2120 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:56:57.0096 2120 WinUsb - ok
00:56:57.0146 2120 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:56:57.0181 2120 Wlansvc - ok
00:56:57.0291 2120 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:56:57.0341 2120 wlidsvc - ok
00:56:57.0371 2120 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:56:57.0386 2120 WmiAcpi - ok
00:56:57.0421 2120 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:56:57.0451 2120 wmiApSrv - ok
00:56:57.0531 2120 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:56:57.0611 2120 WMPNetworkSvc - ok
00:56:57.0646 2120 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:56:57.0691 2120 WPCSvc - ok
00:56:57.0726 2120 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:56:57.0756 2120 WPDBusEnum - ok
00:56:57.0776 2120 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:56:57.0816 2120 ws2ifsl - ok
00:56:57.0851 2120 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
00:56:57.0886 2120 wscsvc - ok
00:56:57.0896 2120 WSearch - ok
00:56:57.0981 2120 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
00:56:58.0046 2120 wuauserv - ok
00:56:58.0081 2120 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:56:58.0106 2120 WudfPf - ok
00:56:58.0136 2120 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:56:58.0156 2120 WUDFRd - ok
00:56:58.0186 2120 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:56:58.0211 2120 wudfsvc - ok
00:56:58.0261 2120 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
00:56:58.0326 2120 WwanSvc - ok
00:56:58.0401 2120 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
00:56:58.0451 2120 yukonw7 - ok
00:56:58.0461 2120 ================ Scan global ===============================
00:56:58.0516 2120 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
00:56:58.0556 2120 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
00:56:58.0581 2120 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
00:56:58.0613 2120 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
00:56:58.0648 2120 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
00:56:58.0658 2120 [Global] - ok
00:56:58.0658 2120 ================ Scan MBR ==================================
00:56:58.0673 2120 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:56:59.0013 2120 \Device\Harddisk0\DR0 - ok
00:56:59.0013 2120 ================ Scan VBR ==================================
00:56:59.0018 2120 [ 33B5BF4C184339DC90B2E5A847C68AAC ] \Device\Harddisk0\DR0\Partition1
00:56:59.0023 2120 \Device\Harddisk0\DR0\Partition1 - ok
00:56:59.0053 2120 [ EB382E755A7BBB3EB547F75D26D2F37E ] \Device\Harddisk0\DR0\Partition2
00:56:59.0053 2120 \Device\Harddisk0\DR0\Partition2 - ok
00:56:59.0058 2120 ============================================================
00:56:59.0058 2120 Scan finished
00:56:59.0058 2120 ============================================================
00:56:59.0068 6024 Detected object count: 2
00:56:59.0068 6024 Actual detected object count: 2
01:02:22.0800 6024 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:22.0800 6024 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:02:22.0800 6024 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:22.0800 6024 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Falls du Fragen hast oder du noch etwas brauchst, lass es mich einfach wissen Vielen Dank noch einmal, dass du mir/uns hilfst!  |
|
13.03.2013, 09:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Von Trojaner in Groupon Mail erwischt! Ok, danke für die Erklärung  Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 15:51
| #5 |
| | Von Trojaner in Groupon Mail erwischt! Hallo cosinus Hier der Combofix-Log: Code:
ATTFilter ComboFix 13-03-12.02 - *** 13.03.2013 14:53:46.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3039.1847 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-13 bis 2013-03-13 ))))))))))))))))))))))))))))))
.
.
2013-03-13 14:01 . 2013-03-13 14:02 -------- d-----w- c:\users\***\AppData\Local\temp
2013-03-13 14:01 . 2013-03-13 14:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-13 14:00 . 2013-03-13 14:00 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C622075-BBB5-40B9-8028-E862E2828923}\offreg.dll
2013-03-13 13:43 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C622075-BBB5-40B9-8028-E862E2828923}\mpengine.dll
2013-03-10 08:25 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-03-10 08:24 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-03-10 08:24 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-10 08:24 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-03-10 08:24 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-10 08:24 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-10 08:21 . 2013-03-12 21:45 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 08:21 . 2013-03-12 21:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-10 08:20 . 2013-03-10 08:20 -------- d-----w- c:\program files\Common Files\Java
2013-03-10 08:19 . 2013-03-10 08:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 15:26 . 2013-03-09 21:29 -------- d-----w- c:\users\***\AppData\Roaming\Qeevt
2013-03-09 15:26 . 2013-03-09 15:26 -------- d-----w- c:\users\***\AppData\Roaming\Ifeso
2013-03-09 15:26 . 2013-03-09 15:26 -------- d-----w- c:\users\***\AppData\Roaming\Ufuv
2013-03-09 14:43 . 2013-03-09 14:43 103680 ----a-w- C:\pwldrpow.sys
2013-03-09 09:32 . 2013-03-09 09:32 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-03-09 09:32 . 2013-03-09 09:32 -------- d-----w- c:\programdata\Malwarebytes
2013-03-09 09:32 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-09 09:32 . 2013-03-09 09:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-09 09:31 . 2013-03-09 09:31 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-03-06 17:13 . 2013-03-09 09:45 -------- d-----w- c:\users\***\AppData\Roaming\Opxuxa
2013-03-06 17:13 . 2013-03-06 17:17 -------- d-----w- c:\users\***\AppData\Roaming\Pyinfa
2013-03-06 17:13 . 2013-03-06 17:13 -------- d-----w- c:\users\***\AppData\Roaming\Iqdeeg
2013-03-06 17:13 . 2013-03-10 08:43 -------- d-----w- c:\users\***\AppData\Roaming\Fzsrlmkpwmk
2013-02-28 06:01 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-15 18:58 . 2013-02-15 18:58 106088 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 18:58 . 2013-02-15 18:58 106088 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 05:57 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-14 05:57 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 05:57 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 05:57 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 05:57 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 05:57 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-10 08:18 . 2012-12-25 08:48 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 08:18 . 2010-09-16 13:19 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2010-01-10 01:15 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-21 12:20 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:20 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-10 1573576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series]
2006-09-22 02:01 139264 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 10:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-11-16 08:27 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-01 16:47 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-10 21:45]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 10:14]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 10:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.icq.com/search/results.php?q=www%20.my2peu&ch_id=rsrh&icid=rs_ra
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 83.169.184.225
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_ptnrs=U3&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4&apn_dtid=OSJ000YYDE&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Ihitibuql - c:\users\***\AppData\Roaming\Qeevt\ikfo.exe
HKCU-Run-logonsxplay - c:\users\***\AppData\Roaming\logonsxplay.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*®*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*®*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-13 15:07:47
ComboFix-quarantined-files.txt 2013-03-13 14:07
.
Vor Suchlauf: 6 Verzeichnis(se), 269.691.387.904 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 271.447.113.728 Bytes frei
.
- - End Of File - - 9C2A4090E53825E05D8FC547A22B8E20
EDIT: mir ist gerade im Log aufgefallen, dass der Windows Defender nicht deaktiviert war. Ich habe ihn nun (hoffentlich) korrekt deaktiviert und lasse noch einmal Combofix laufen. Den Log haenge ich dann einfach hier an (falls noch moeglich) Geändert von tubtub (13.03.2013 um 15:56 Uhr) Grund: Aufgefallen, dass Windows-Defender nicht deaktiviert |
|
13.03.2013, 16:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Von Trojaner in Groupon Mail erwischt! JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Von Trojaner in Groupon Mail erwischt! |
|
13.03.2013, 18:57
| #7 |
| | Von Trojaner in Groupon Mail erwischt! Du bist ja echt auf zack! ;-) Hier der Log vom zweiten ComboFix mit deaktiviertem Windows Defender: Code:
ATTFilter ComboFix 13-03-12.02 - *** 13.03.2013 15:54:42.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3039.1647 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-13 bis 2013-03-13 ))))))))))))))))))))))))))))))
.
.
2013-03-13 15:02 . 2013-03-13 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-13 13:43 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C622075-BBB5-40B9-8028-E862E2828923}\mpengine.dll
2013-03-10 08:25 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-03-10 08:24 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-03-10 08:24 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-10 08:24 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-03-10 08:24 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-10 08:24 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-10 08:21 . 2013-03-12 21:45 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 08:21 . 2013-03-12 21:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-10 08:20 . 2013-03-10 08:20 -------- d-----w- c:\program files\Common Files\Java
2013-03-10 08:19 . 2013-03-10 08:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 15:26 . 2013-03-09 21:29 -------- d-----w- c:\users\***\AppData\Roaming\Qeevt
2013-03-09 15:26 . 2013-03-09 15:26 -------- d-----w- c:\users\***\AppData\Roaming\Ifeso
2013-03-09 15:26 . 2013-03-09 15:26 -------- d-----w- c:\users\***\AppData\Roaming\Ufuv
2013-03-09 14:43 . 2013-03-09 14:43 103680 ----a-w- C:\pwldrpow.sys
2013-03-09 09:32 . 2013-03-09 09:32 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-03-09 09:32 . 2013-03-09 09:32 -------- d-----w- c:\programdata\Malwarebytes
2013-03-09 09:32 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-09 09:32 . 2013-03-09 09:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-09 09:31 . 2013-03-09 09:31 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-03-06 17:13 . 2013-03-09 09:45 -------- d-----w- c:\users\***\AppData\Roaming\Opxuxa
2013-03-06 17:13 . 2013-03-06 17:17 -------- d-----w- c:\users\***\AppData\Roaming\Pyinfa
2013-03-06 17:13 . 2013-03-06 17:13 -------- d-----w- c:\users\***\AppData\Roaming\Iqdeeg
2013-03-06 17:13 . 2013-03-10 08:43 -------- d-----w- c:\users\***\AppData\Roaming\Fzsrlmkpwmk
2013-02-28 06:01 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-15 18:58 . 2013-02-15 18:58 106088 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 18:58 . 2013-02-15 18:58 106088 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 05:57 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-14 05:57 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 05:57 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 05:57 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 05:57 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 05:57 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-10 08:18 . 2012-12-25 08:48 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 08:18 . 2010-09-16 13:19 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2010-01-10 01:15 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-21 12:20 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:20 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-10 1573576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series]
2006-09-22 02:01 139264 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 10:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-11-16 08:27 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-01 16:47 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-10 21:45]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 10:14]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 10:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.icq.com/search/results.php?q=www%20.my2peu&ch_id=rsrh&icid=rs_ra
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 83.169.184.225
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_ptnrs=U3&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4&apn_dtid=OSJ000YYDE&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*®*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*®*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-13 16:07:50
ComboFix-quarantined-files.txt 2013-03-13 15:07
.
Vor Suchlauf: 9 Verzeichnis(se), 270.941.921.280 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 270.902.153.216 Bytes frei
.
- - End Of File - - 8E2FC879EFD967978BFC7A3645357268
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Professional x86
Ran by *** on 13.03.2013 at 17:11:23,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2974786000-2785407337-354256279-1001\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
~~~ FireFox
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\user.js
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\prefs.js
user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_ptnrs=U3&apn_sauid=5EB70DA8-B5E
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=");
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 17:14:15,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.114 - Datei am 13/03/2013 um 17:20:43 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - ***VAIO
# Bootmodus : Normal
# Ausgef¸hrt unter : C:\Users\***\Desktop\Downloads\adwcleaner.exe
# Option [Lˆschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelˆscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\searchplugins\icqplugin.xml
Datei Gelˆscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\searchplugins\icqplugin-1.xml
Datei Gelˆscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\searchplugins\icqplugin-2.xml
Ordner Gelˆscht : C:\Program Files\Ask.com
Ordner Gelˆscht : C:\ProgramData\Ask
Ordner Gelˆscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelˆscht : C:\Users\***\AppData\Local\APN
Ordner Gelˆscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelˆscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schl¸ssel Gelˆscht : HKCU\Software\APN
Schl¸ssel Gelˆscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schl¸ssel Gelˆscht : HKCU\Software\Ask.com
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schl¸ssel Gelˆscht : HKLM\Software\APN
Schl¸ssel Gelˆscht : HKLM\Software\AskToolbar
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelˆscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v3.5.10 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\prefs.js
Gelˆscht : user_pref("browser.startup.homepage", "hxxp://start.icq.com/");
Gelˆscht : user_pref("icqtoolbar.allowSendURL", false);
Gelˆscht : user_pref("icqtoolbar.engineVerified", false);
Gelˆscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelˆscht : user_pref("icqtoolbar.history", "salamander||shopsalamnder||i%20love%20sex%20and%20the%20city%20shir[...]
Gelˆscht : user_pref("icqtoolbar.installTime", "1284643745");
Gelˆscht : user_pref("icqtoolbar.itbsitescount", 0);
Gelˆscht : user_pref("icqtoolbar.newtab_state", "1");
Gelˆscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelˆscht : user_pref("icqtoolbar.previousFFVersion", "3.5.10");
Gelˆscht : user_pref("icqtoolbar.removedsitescount", 52);
Gelˆscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelˆscht : user_pref("icqtoolbar.suggestions", false);
Gelˆscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelˆscht : user_pref("icqtoolbar.uniqueID", "126660359312666035931266677200690");
Gelˆscht : user_pref("icqtoolbar.usageStatstTimestamp", 1286700450);
Gelˆscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelˆscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelˆscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelˆscht : user_pref("icqtoolbar.voucherWasShown", 2);
Gelˆscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelˆscht : user_pref("icqtoolbar.xmlLanguage", "de");
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelˆscht [l.1892] : homepage = "hxxp://start.icq.com/",
*************************
AdwCleaner[S1].txt - [8003 octets] - [13/03/2013 17:20:43]
########## EOF - C:\AdwCleaner[S1].txt - [8063 octets] ##########
OTL: Code:
ATTFilter OTL logfile created on: 13.03.2013 18:44:16 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 71,37% Memory free 5,93 Gb Paging File | 4,85 Gb Available in Paging File | 81,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 251,69 Gb Free Space | 84,46% Space Free | Partition Type: NTFS Computer Name: ***VAIO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Users\***\Desktop\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 24 6F E9 91 91 CA 01 [binary data] IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4 IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.12.24 16:23:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.12.24 16:23:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.17 16:35:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.10 09:25:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.24 07:36:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M] [2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.13 17:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions [2010.09.16 14:26:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.13 09:01:56 | 000,000,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif [2010.05.13 09:01:56 | 000,000,618 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src [2012.12.25 09:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.01.10 02:41:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.03.13 15:02:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD24621-C4EB-44F2-A186-64C0C34F0CA6}: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00F7F23-CF56-4DE2-9F0B-64D90B5216B3}: DhcpNameServer = 192.168.1.1 83.169.184.225 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.13 17:11:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.13 17:11:00 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.13 16:07:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.13 15:07:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013.03.13 14:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.13 14:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.13 14:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.13 14:51:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.13 14:51:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.10 09:25:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2013.03.10 09:25:49 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2013.03.10 09:25:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2013.03.10 09:25:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2013.03.10 09:25:45 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2013.03.10 09:25:39 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2013.03.10 09:25:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.03.10 09:25:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2013.03.10 09:25:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2013.03.10 09:25:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2013.03.10 09:25:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2013.03.10 09:25:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.03.10 09:25:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2013.03.10 09:25:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2013.03.10 09:25:38 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2013.03.10 09:24:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2013.03.10 09:21:17 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.10 09:21:17 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.10 09:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.03.10 09:19:29 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.10 09:19:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.10 09:19:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.10 09:19:18 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ufuv [2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qeevt [2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ifeso [2013.03.09 15:43:22 | 000,103,680 | ---- | C] (GMER) -- C:\pwldrpow.sys [2013.03.09 10:32:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.09 10:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.09 10:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.09 10:32:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.09 10:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.09 10:31:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Pyinfa [2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opxuxa [2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Iqdeeg [2013.03.06 18:13:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Fzsrlmkpwmk [2013.02.28 07:01:14 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.28 07:00:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.28 07:00:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 07:00:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 07:00:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 07:00:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 07:00:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 07:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 07:00:52 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.28 07:00:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.28 07:00:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.28 07:00:52 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.28 07:00:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.28 07:00:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.28 07:00:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.28 07:00:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.28 07:00:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.28 07:00:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.28 07:00:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.28 07:00:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.28 07:00:50 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.24 10:50:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.15 11:41:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.15 11:41:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.15 11:41:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.15 11:41:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.15 11:41:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.15 11:41:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.15 11:41:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.15 11:41:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.14 06:57:47 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.14 06:57:46 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.14 06:57:39 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.14 06:57:37 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.14 06:57:35 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll ========== Files - Modified Within 30 Days ========== [2013.03.13 18:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.13 18:23:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job [2013.03.13 17:58:05 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 17:58:05 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 17:50:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.13 17:50:12 | 2389,991,424 | -HS- | M] () -- C:\hiberfil.sys [2013.03.13 17:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job [2013.03.13 15:02:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.12 22:45:11 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.12 22:45:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.10 09:28:37 | 000,286,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.10 09:19:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.10 09:18:59 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.03.10 09:18:59 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.10 09:18:59 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.10 09:18:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.10 09:18:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.10 09:13:27 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.10 02:05:39 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.10 02:05:39 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.10 02:05:39 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.10 02:05:39 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.09 15:54:11 | 277,580,427 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.09 15:43:22 | 000,103,680 | ---- | M] (GMER) -- C:\pwldrpow.sys ========== Files Created - No Company Name ========== [2013.03.13 14:51:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.13 14:51:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.13 14:51:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.13 14:51:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.13 14:51:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.10 09:21:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.10 09:13:27 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.03.10 09:13:27 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.02.24 10:50:06 | 277,580,427 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.12.24 16:10:49 | 000,233,428 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.06.25 07:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.07.23 20:10:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.03.2013 18:44:16 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 71,37% Memory free
5,93 Gb Paging File | 4,85 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 251,69 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
Computer Name: ***VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094996CA-E65F-44C8-835F-1C367872391C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{136DDA6F-E8EF-4DDD-8A0C-CB6ACFCCA7FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23F99119-898B-4280-B9D0-F0BCEDD67985}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2EBD564A-BB12-4DAB-9CA3-EB227AE3FC9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37A3B365-793C-423E-8256-C5CE6952D0F6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3ECBE7EA-B7ED-4C26-B07A-3CB4ED69381D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4C2AA18A-C09C-4AA2-ABBF-A6C53DE6AEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52AACB24-71F4-4F18-9F2E-78A7CEE86F47}" = lport=137 | protocol=17 | dir=in | app=system |
"{58D1B7EC-E59B-411B-9581-58232AEE8E49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59BFBA95-E959-4740-9C93-10F2B78CC668}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C773D43-62C7-46C2-8C3D-732C94537034}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D6C1BB8-9656-449E-A4E8-5CE1E69B5A51}" = lport=445 | protocol=6 | dir=in | app=system |
"{60A080A5-9451-4975-B537-C92088D350C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{75BC0315-C35D-4F6C-B74D-8B132964B754}" = rport=445 | protocol=6 | dir=out | app=system |
"{820FD69A-E5E4-412A-8583-E82C91F85C13}" = rport=138 | protocol=17 | dir=out | app=system |
"{84183F74-09C6-4D51-9113-53E4E24AE2E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87ABC2F3-E4F3-424B-81C9-108E6FF907CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8FC87411-A396-475D-9DCB-98DE816286FC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{8FCDD4C6-756C-41D1-887C-D799AEA4BB72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{90B5C03C-A4BB-418F-A945-FC3C8A1E62B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4688F0-4AA6-4CE0-9029-3EF1F88A97C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B646A19B-DB53-4747-9972-63444F300E7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D14012FD-843B-458A-B70A-FE603B489546}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0E71539-6B6D-446B-9D2C-8539F9DDE526}" = lport=139 | protocol=6 | dir=in | app=system |
"{E226B3FE-D929-4B74-A9BB-77F63A33BCD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E73BE68A-D554-4FEF-B59B-3EB2188121EC}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{EAB9748B-E62B-46D2-A48E-C66A5B19FB69}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F627807C-D229-49A5-A56E-DE6B6C543FC1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ED89ED-6DB0-4E3F-A568-0DE5A4759125}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{02E59A63-8B64-4D17-95CF-57E7BE9E7F37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{088B899C-C32D-44B6-BF66-C6C253DFA2BC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{08D1FE0E-702A-412B-A063-267D34F17471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{0E679BDB-25EF-4DDA-BBEF-29C66500BA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EAFEF0B-6C81-4B7F-84C0-B51B41BC17EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21110A92-AF21-4086-8AF9-3A458028E0CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{225AC6B8-34BD-4933-A4D5-219CEDD057AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25D9DE28-7A74-4CEB-849E-67CA37A03BE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{358F7079-8C20-4C36-AA51-442BC76A2800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40F6A69E-D5F5-4B7F-9761-DDD1DCA574B4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{426C8F29-A45D-4E6A-A1C0-D4F69A6934E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{581544E0-82D7-47B4-91A6-D0B4C8413143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5B776B19-39D8-4EF6-B17F-799B70432865}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5CB671D1-D686-4D35-AB1E-B1638D72622F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5E0DF78D-4DBA-4F8D-9A9C-5A6F98893DD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67E89227-B7B9-41A8-A172-5141E1487191}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{80AF329B-E351-45FE-8882-61143EA0550D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{826F2BC6-1106-4DB1-A485-0132878A8C75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{82EDF5DD-A661-46A3-9E93-FDFB45650CC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{875782A3-DBE0-400E-AB13-79398CE8406B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{908EAF06-0CCD-4DAE-9240-053CCC04EE8D}" = dir=in | app=d:\setup\hpznui01.exe |
"{917F978C-9A19-4CDC-BEFD-A6CA35DBF06F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9825950B-032D-4F47-A5E4-05985E2BC4FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A22F3D72-576C-4485-9DB3-264922CC472D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A30508AC-AE40-4C44-ADD2-83AE99368595}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{A76C0F74-5ACF-4331-9729-4B60DEBAF778}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AA264C12-D44E-4BA6-AFCA-39B5F2E48A99}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB30FA70-36E4-4D08-829F-E191572A6E54}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{B122B6F6-83F6-4A2D-A0B4-B9EB17DC6A2B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{B2FBE510-8E94-460A-A9AC-64756BF5A2DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{B75FE7C3-B654-4F16-A109-EC53684875A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD4935B2-D217-4CE5-BF66-5E5F621CC329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C376CA4F-78AC-41BE-ADDC-C5BEF387CF31}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C9080702-6DC2-4B00-8D8B-1997835C9060}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD823D72-85CB-45C4-BB48-306AB57C6BAC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{CD9B3420-7237-4229-92DB-677ADC966293}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{D9E9D88C-FE42-447A-B0E1-A9ACA3AECB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB718348-5EA9-4984-B6E6-8BCD23FA74E6}" = protocol=6 | dir=out | app=system |
"{EB9EC25B-9F4C-4341-B422-A08D91BEB16A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EEB12239-5200-4F0E-8752-74523DD036A3}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{FD5CD563-7FBE-40B1-BB17-166E003C8785}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{FEC4EA92-D755-4913-8526-D976E3F4FC35}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"TCP Query User{90588771-C430-49C5-9F4D-9BFD73DFDABD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{D00D5291-8C66-47A5-9BA8-0EC67DAA22B7}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{E384F343-898A-4B12-A569-57D4B6A46E5B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F671D4FA-5F6D-4FE3-A8B0-0055714CEF0A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{FBC7383F-8398-4F44-BAFB-490DB0B60FB4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{3C673A55-CD7B-4CF2-9E0A-FE83DD99B956}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{6A426BC9-A06E-4053-90B0-4D7B98A376A9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{802B94D4-0BCE-4580-A566-53D071E93AE5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DEE0ECEC-D4E7-464E-A39F-15B50893093B}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{E4DBD2E1-D827-4279-9683-4E5AD78B142D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.0.3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Cisco AnyConnect VPN Client Events ]
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
[ System Events ]
Error - 13.03.2013 12:50:20 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 13.03.2013 12:50:20 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
noch einmal |
|
14.03.2013, 10:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Von Trojaner in Groupon Mail erwischt!Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4
FF - user.js - File not found
[2010.05.13 09:01:56 | 000,000,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif
[2010.05.13 09:01:56 | 000,000,618 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src
:Files
C:\Users\***\AppData\Roaming\Ufuv
C:\Users\***\AppData\Roaming\Qeevt
C:\Users\***\AppData\Roaming\Ifeso
C:\Users\***\AppData\Roaming\Pyinfa
C:\Users\***\AppData\Roaming\Opxuxa
C:\Users\***\AppData\Roaming\Iqdeeg
C:\Users\***\AppData\Roaming\Fzsrlmkpwmk
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2013, 18:56
| #9 |
| | Von Trojaner in Groupon Mail erwischt! Habe beim 1. Fix dummerweise vergessen den User-Namen einzutragen - deswegen nun 2 Logs OTL-Fix-Log #1 Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Internet Explorer\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}\ not found.
File C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif not found.
File C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src not found.
========== FILES ==========
File\Folder C:\Users\***\AppData\Roaming\Ufuv not found.
File\Folder C:\Users\***\AppData\Roaming\Qeevt not found.
File\Folder C:\Users\***\AppData\Roaming\Ifeso not found.
File\Folder C:\Users\***\AppData\Roaming\Pyinfa not found.
File\Folder C:\Users\***\AppData\Roaming\Opxuxa not found.
File\Folder C:\Users\***\AppData\Roaming\Iqdeeg not found.
File\Folder C:\Users\***\AppData\Roaming\Fzsrlmkpwmk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Anna\Desktop\Downloads\Trojaner Fix\cmd.bat deleted successfully.
C:\Users\Anna\Desktop\Downloads\Trojaner Fix\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Anna
->Temp folder emptied: 42627 bytes
->Temporary Internet Files folder emptied: 481672581 bytes
->Java cache emptied: 42711961 bytes
->FireFox cache emptied: 64973826 bytes
->Google Chrome cache emptied: 412006075 bytes
->Flash cache emptied: 691 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55276 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 955,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 03142013_154324
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Internet Explorer\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}\ not found.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src moved successfully.
========== FILES ==========
C:\Users\***\AppData\Roaming\Ufuv folder moved successfully.
C:\Users\***\AppData\Roaming\Qeevt folder moved successfully.
C:\Users\***\AppData\Roaming\Ifeso folder moved successfully.
C:\Users\***\AppData\Roaming\Pyinfa folder moved successfully.
C:\Users\***\AppData\Roaming\Opxuxa folder moved successfully.
C:\Users\***\AppData\Roaming\Iqdeeg folder moved successfully.
C:\Users\***\AppData\Roaming\Fzsrlmkpwmk folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\Downloads\Trojaner Fix\cmd.bat deleted successfully.
C:\Users\***\Desktop\Downloads\Trojaner Fix\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ***
->Temp folder emptied: 842 bytes
->Temporary Internet Files folder emptied: 52279 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6608729 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18203 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 03142013_180636
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Danke |
|
14.03.2013, 23:52
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Von Trojaner in Groupon Mail erwischt! Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2013, 19:00
| #11 |
| | Von Trojaner in Groupon Mail erwischt! Hallo cosinus, entschuldige bitte die spaete Antwort. Das ist die letzten Tage leider unter gegangen. Hier die Logs OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.03.2013 17:53:01 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Downloads\Trojaner Fix Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 72,24% Memory free 5,93 Gb Paging File | 4,89 Gb Available in Paging File | 82,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 251,67 Gb Free Space | 84,46% Space Free | Partition Type: NTFS Computer Name: ***VAIO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - c:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Users\***\Desktop\Downloads\Trojaner Fix\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 24 6F E9 91 91 CA 01 [binary data] IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.12.24 16:23:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.12.24 16:23:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.17 16:35:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.10 09:25:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.24 07:36:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M] [2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.13 17:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions [2010.09.16 14:26:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.12.25 09:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.01.10 02:41:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.03.13 15:02:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD24621-C4EB-44F2-A186-64C0C34F0CA6}: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00F7F23-CF56-4DE2-9F0B-64D90B5216B3}: DhcpNameServer = 192.168.1.1 83.169.184.225 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.15 05:09:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.14 20:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\mahjongg3d [2013.03.14 18:32:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013.03.14 18:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.14 18:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.03.14 18:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Schach [2013.03.14 18:28:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.03.14 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MahJongg Solitaire 3D [2013.03.14 18:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahJongg Solitaire 3D [2013.03.14 18:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\MahJongg Solitaire 3D [2013.03.14 18:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.14 18:22:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.14 18:22:54 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.14 18:22:54 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.14 18:22:54 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.14 18:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.14 18:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.03.14 15:43:24 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.13 19:36:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 19:36:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 19:36:17 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 19:36:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 19:36:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 19:36:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 19:36:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 19:36:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 17:11:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.13 17:11:00 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.13 16:07:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.13 15:07:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013.03.13 14:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.13 14:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.13 14:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.13 14:51:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.13 14:51:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.10 09:25:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2013.03.10 09:25:49 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2013.03.10 09:25:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2013.03.10 09:25:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2013.03.10 09:25:45 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2013.03.10 09:25:39 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2013.03.10 09:25:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.03.10 09:25:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2013.03.10 09:25:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2013.03.10 09:25:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2013.03.10 09:25:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2013.03.10 09:25:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.03.10 09:25:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2013.03.10 09:25:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2013.03.10 09:25:38 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2013.03.10 09:24:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2013.03.10 09:21:17 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.10 09:21:17 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.10 09:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.03.10 09:19:29 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.10 09:19:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.10 09:19:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.10 09:19:18 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.09 15:43:22 | 000,103,680 | ---- | C] (GMER) -- C:\pwldrpow.sys [2013.03.09 10:32:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.09 10:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.09 10:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.09 10:32:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.09 10:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.09 10:31:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.02.28 07:01:14 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.28 07:00:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.28 07:00:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 07:00:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 07:00:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 07:00:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 07:00:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 07:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 07:00:52 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.28 07:00:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.28 07:00:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.28 07:00:52 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.28 07:00:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.28 07:00:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.28 07:00:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.28 07:00:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.28 07:00:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.28 07:00:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.28 07:00:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.28 07:00:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.28 07:00:50 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.24 10:50:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump ========== Files - Modified Within 30 Days ========== [2013.03.17 17:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.17 17:23:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job [2013.03.17 17:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job [2013.03.17 13:40:38 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 13:40:38 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 13:33:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.17 13:32:50 | 2389,991,424 | -HS- | M] () -- C:\hiberfil.sys [2013.03.14 18:32:38 | 000,001,927 | ---- | M] () -- C:\Users\***\Desktop\Skype.lnk [2013.03.14 18:30:07 | 000,000,937 | ---- | M] () -- C:\Users\***\Desktop\Schach.lnk [2013.03.14 18:28:40 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\MahJongg Solitaire 3D.lnk [2013.03.14 18:15:13 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.14 18:15:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.14 18:15:13 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.14 18:15:12 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.13 15:02:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.12 22:45:11 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.12 22:45:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.10 09:28:37 | 000,286,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.10 09:19:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.10 09:18:59 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.03.10 09:18:59 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.10 09:18:59 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.10 09:18:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.10 09:18:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.10 09:13:27 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.10 02:05:39 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.10 02:05:39 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.10 02:05:39 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.10 02:05:39 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.09 15:54:11 | 277,580,427 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.09 15:43:22 | 000,103,680 | ---- | M] (GMER) -- C:\pwldrpow.sys ========== Files Created - No Company Name ========== [2013.03.14 18:32:38 | 000,001,927 | ---- | C] () -- C:\Users\***\Desktop\Skype.lnk [2013.03.14 18:30:07 | 000,000,937 | ---- | C] () -- C:\Users\***\Desktop\Schach.lnk [2013.03.14 18:28:40 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\MahJongg Solitaire 3D.lnk [2013.03.13 14:51:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.13 14:51:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.13 14:51:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.13 14:51:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.13 14:51:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.10 09:21:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.10 09:13:27 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.03.10 09:13:27 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.02.24 10:50:06 | 277,580,427 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.12.24 16:10:49 | 000,233,428 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.06.25 07:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.07.23 20:10:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/CODE] OTL-Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.03.2013 17:53:01 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Downloads\Trojaner Fix
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 72,24% Memory free
5,93 Gb Paging File | 4,89 Gb Available in Paging File | 82,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 251,67 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
Computer Name: ***VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094996CA-E65F-44C8-835F-1C367872391C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{136DDA6F-E8EF-4DDD-8A0C-CB6ACFCCA7FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23F99119-898B-4280-B9D0-F0BCEDD67985}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2EBD564A-BB12-4DAB-9CA3-EB227AE3FC9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37A3B365-793C-423E-8256-C5CE6952D0F6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3ECBE7EA-B7ED-4C26-B07A-3CB4ED69381D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4C2AA18A-C09C-4AA2-ABBF-A6C53DE6AEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52AACB24-71F4-4F18-9F2E-78A7CEE86F47}" = lport=137 | protocol=17 | dir=in | app=system |
"{58D1B7EC-E59B-411B-9581-58232AEE8E49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59BFBA95-E959-4740-9C93-10F2B78CC668}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C773D43-62C7-46C2-8C3D-732C94537034}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D6C1BB8-9656-449E-A4E8-5CE1E69B5A51}" = lport=445 | protocol=6 | dir=in | app=system |
"{60A080A5-9451-4975-B537-C92088D350C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{75BC0315-C35D-4F6C-B74D-8B132964B754}" = rport=445 | protocol=6 | dir=out | app=system |
"{820FD69A-E5E4-412A-8583-E82C91F85C13}" = rport=138 | protocol=17 | dir=out | app=system |
"{84183F74-09C6-4D51-9113-53E4E24AE2E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87ABC2F3-E4F3-424B-81C9-108E6FF907CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8FC87411-A396-475D-9DCB-98DE816286FC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{8FCDD4C6-756C-41D1-887C-D799AEA4BB72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{90B5C03C-A4BB-418F-A945-FC3C8A1E62B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4688F0-4AA6-4CE0-9029-3EF1F88A97C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B646A19B-DB53-4747-9972-63444F300E7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D14012FD-843B-458A-B70A-FE603B489546}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0E71539-6B6D-446B-9D2C-8539F9DDE526}" = lport=139 | protocol=6 | dir=in | app=system |
"{E226B3FE-D929-4B74-A9BB-77F63A33BCD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E73BE68A-D554-4FEF-B59B-3EB2188121EC}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{EAB9748B-E62B-46D2-A48E-C66A5B19FB69}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F627807C-D229-49A5-A56E-DE6B6C543FC1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ED89ED-6DB0-4E3F-A568-0DE5A4759125}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{02E59A63-8B64-4D17-95CF-57E7BE9E7F37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{088B899C-C32D-44B6-BF66-C6C253DFA2BC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{08D1FE0E-702A-412B-A063-267D34F17471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{0E679BDB-25EF-4DDA-BBEF-29C66500BA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EAFEF0B-6C81-4B7F-84C0-B51B41BC17EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21110A92-AF21-4086-8AF9-3A458028E0CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{225AC6B8-34BD-4933-A4D5-219CEDD057AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25D9DE28-7A74-4CEB-849E-67CA37A03BE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{358F7079-8C20-4C36-AA51-442BC76A2800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40F6A69E-D5F5-4B7F-9761-DDD1DCA574B4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{426C8F29-A45D-4E6A-A1C0-D4F69A6934E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{581544E0-82D7-47B4-91A6-D0B4C8413143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5B776B19-39D8-4EF6-B17F-799B70432865}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5CB671D1-D686-4D35-AB1E-B1638D72622F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5E0DF78D-4DBA-4F8D-9A9C-5A6F98893DD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67E89227-B7B9-41A8-A172-5141E1487191}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{80AF329B-E351-45FE-8882-61143EA0550D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{826F2BC6-1106-4DB1-A485-0132878A8C75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{82EDF5DD-A661-46A3-9E93-FDFB45650CC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{875782A3-DBE0-400E-AB13-79398CE8406B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{908EAF06-0CCD-4DAE-9240-053CCC04EE8D}" = dir=in | app=d:\setup\hpznui01.exe |
"{917F978C-9A19-4CDC-BEFD-A6CA35DBF06F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9825950B-032D-4F47-A5E4-05985E2BC4FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A22F3D72-576C-4485-9DB3-264922CC472D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A30508AC-AE40-4C44-ADD2-83AE99368595}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{A76C0F74-5ACF-4331-9729-4B60DEBAF778}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AA264C12-D44E-4BA6-AFCA-39B5F2E48A99}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB30FA70-36E4-4D08-829F-E191572A6E54}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{B122B6F6-83F6-4A2D-A0B4-B9EB17DC6A2B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{B2FBE510-8E94-460A-A9AC-64756BF5A2DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{B75FE7C3-B654-4F16-A109-EC53684875A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD4935B2-D217-4CE5-BF66-5E5F621CC329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C376CA4F-78AC-41BE-ADDC-C5BEF387CF31}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C9080702-6DC2-4B00-8D8B-1997835C9060}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD823D72-85CB-45C4-BB48-306AB57C6BAC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{CD9B3420-7237-4229-92DB-677ADC966293}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{D9E9D88C-FE42-447A-B0E1-A9ACA3AECB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB718348-5EA9-4984-B6E6-8BCD23FA74E6}" = protocol=6 | dir=out | app=system |
"{EB9EC25B-9F4C-4341-B422-A08D91BEB16A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EEB12239-5200-4F0E-8752-74523DD036A3}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{FD5CD563-7FBE-40B1-BB17-166E003C8785}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{FEC4EA92-D755-4913-8526-D976E3F4FC35}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"TCP Query User{90588771-C430-49C5-9F4D-9BFD73DFDABD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{D00D5291-8C66-47A5-9BA8-0EC67DAA22B7}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{E384F343-898A-4B12-A569-57D4B6A46E5B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F671D4FA-5F6D-4FE3-A8B0-0055714CEF0A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{FBC7383F-8398-4F44-BAFB-490DB0B60FB4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{3C673A55-CD7B-4CF2-9E0A-FE83DD99B956}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{6A426BC9-A06E-4053-90B0-4D7B98A376A9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{802B94D4-0BCE-4580-A566-53D071E93AE5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DEE0ECEC-D4E7-464E-A39F-15B50893093B}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{E4DBD2E1-D827-4279-9683-4E5AD78B142D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"MahJongg Solitaire 3D" = MahJongg Solitaire 3D
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.0.3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.03.2013 11:14:12 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Die abhängige Assemblierung
"Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.03.2013 11:14:22 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Die abhängige Assemblierung
"Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.03.2013 11:15:13 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 16.03.2013 03:02:54 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Die abhängige Assemblierung
"Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.03.2013 03:03:05 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Die abhängige Assemblierung
"Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.03.2013 03:04:03 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 17.03.2013 04:10:06 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Die abhängige Assemblierung
"Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.03.2013 04:10:17 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Die abhängige Assemblierung
"Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.03.2013 04:11:11 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
[ Cisco AnyConnect VPN Client Events ]
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
[ System Events ]
Error - 16.03.2013 14:22:56 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.03.2013 03:07:39 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.03.2013 03:07:39 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.03.2013 04:33:13 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.03.2013 05:08:31 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.03.2013 07:34:36 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.03.2013 07:54:59 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.03.2013 08:15:40 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.03.2013 08:33:00 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.03.2013 08:33:00 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
[/CODE] Tausend dank. |
|
17.03.2013, 19:34
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Von Trojaner in Groupon Mail erwischt! Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 18:57
| #13 |
| | Von Trojaner in Groupon Mail erwischt! Hi, schaut alles ganz gut aus soweit. Hier der ESET-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=42557eaa7d197b47b317dde8ae7ecb9b
# engine=13429
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-19 05:47:17
# local_time=2013-03-19 06:47:17 (+0100, Mitteleurop‰ische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 13769 134382942 6539 0
# compatibility_mode=5893 16776574 100 94 528051 115346428 0 0
# scanned=123030
# found=0
# cleaned=0
# scan_time=2119
Ich habe schon eine kleine Spende vereinbart und werde diese die Tage in Auftrag geben. Finde toll, dass ihr euch um die vielen User kuemmert ;-) Vielen Dank noch einmal fuer deine tolle Hilfe |
|
20.03.2013, 10:37
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Von Trojaner in Groupon Mail erwischt! Danke, aber was ist denn mit dem aanderen Log?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 10:39
| #15 |
| | Von Trojaner in Groupon Mail erwischt! Meinst du den Log von MBAM? Kann ich nachmittags raussuchen, da der Laptop gerade nicht erreichbar ist. |
|
| Themen zu Von Trojaner in Groupon Mail erwischt! |
| 32 bit, adblock, administrator, antivir, avg, avira, bho, bonjour, defender, error, explorer, fatal error, fehler, firefox, flash player, format, groupon, helper, install.exe, object, opera, plug-in, registry, rundll, security, software, svchost.exe, taskhost.exe, temp, trojan.downloader.gen, trojan.fakems.prgen, trojan.ransom.ed, trojaner, trojaner-board, udp |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
