Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GUV Trojaner Win7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.01.2013, 22:26   #1
Poloman
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



Hallo Trojaner Team,
ich hab nach etwas googlen heraus gefunden das ich einen GUV Trojaner hab und bin dann auf euere Seite gestoßen.
Habe soweit ich das verstanden habe die ersten Schritte gemacht.

Als Hinweis, ich habe von Rechner nur soviel Ahnung das ich weis wie ich einen USB Stick anstecke und wie der Rechner angemacht wird
Ich bin eher Mechanisch veranlagt.

Habe die Daten mit angehangen!

Malwarebytes hat 45 min gescannt, hat 5 'sachen' gefunden aber ist dann immer eingefrohren.

Ich hoffe ich konnte soweit schon alles 'gut' vorbereiten.

MfG
Poloman
Angehängte Dateien
Dateityp: log defogger_disable.log (480 Bytes, 120x aufgerufen)
Dateityp: txt OTL.Txt (82,5 KB, 144x aufgerufen)
Dateityp: txt Extras.Txt (62,9 KB, 141x aufgerufen)
Dateityp: txt Gmer.txt (10,1 KB, 121x aufgerufen)

Alt 13.01.2013, 22:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 13.01.2013, 22:57   #3
Poloman
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



Hallo, ja puh, gelesen nicht. Das war im gesamten wirr warr heute und dem Erstellen dieses Post hier das einfachste und in dem moment das logischste (für mich als Anfänger). Sorry, das waren in den letzten Stunden soviele neue Sachen für mich das ich danach nicht genau geschaut habe wie man das einstellt. Anhand Deiner Beschreibung kann ich das morgen nur nochmal versuchen.
Grüße Poloman
__________________

Alt 13.01.2013, 23:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



Zitat:
Malwarebytes hat 45 min gescannt, hat 5 'sachen' gefunden aber ist dann immer eingefrohren.
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 07:43   #5
Poloman
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



Defogger_disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:40 on 13/01/2013 (Schnuffel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL txt

Code:
ATTFilter
OTL logfile created on: 13.01.2013 21:22:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schnuffel\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 51,87% Memory free
6,00 Gb Paging File | 4,44 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237,85 Gb Total Space | 126,46 Gb Free Space | 53,17% Space Free | Partition Type: NTFS
Drive I: | 227,81 Gb Total Space | 227,67 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: SCHNUFFEL-PC | User Name: Schnuffel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.13 21:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schnuffel\Downloads\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.26 20:20:26 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.29 10:36:24 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.25 12:42:02 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.06.08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2011.08.17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2011.08.17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.09.07 21:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 9D C2 E2 CF 88 CB 01  [binary data]
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\..\SearchScopes\{2476FDBD-FC38-4C67-9447-9401115E7B1F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=D79DBA29-AA99-4F74-AD81-B37ACFA8FEDA&apn_sauid=02A334B2-F993-4D54-A361-28886D7C61CF
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: content_blocker@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledAddons: online_banking@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.13
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.04 19:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.04 19:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.04 19:34:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.04 19:34:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.04 19:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.29 10:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.29 12:40:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.29 10:36:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.29 12:40:52 | 000,000,000 | ---D | M]
 
[2010.11.20 20:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\Extensions
[2013.01.13 19:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\Firefox\Profiles\tsjva0ca.default\extensions
[2013.01.13 19:25:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\Firefox\Profiles\tsjva0ca.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.09 09:53:26 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\Firefox\Profiles\tsjva0ca.default\extensions\gutscheinmieze@synatix-gmbh.de
[2012.12.29 12:51:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\Firefox\Profiles\tsjva0ca.default\extensions\toolbar@ask.com
[2012.11.23 22:53:05 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\firefox\profiles\tsjva0ca.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.11 17:45:31 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\firefox\profiles\tsjva0ca.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.12.29 12:51:37 | 000,002,308 | ---- | M] () -- C:\Users\Schnuffel\AppData\Roaming\mozilla\firefox\profiles\tsjva0ca.default\searchplugins\askcom.xml
[2012.04.11 12:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.07 12:19:55 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.20 16:38:36 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.07.20 16:38:31 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.12.04 19:34:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012.12.04 19:34:26 | 000,000,000 | ---D | M] (Modul für das Blockieren gefährlicher Webseiten) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2012.12.04 19:34:30 | 000,000,000 | ---D | M] (Sicherer Zahlungsverkehr) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2012.09.29 10:36:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.06.07 13:44:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.29 10:36:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.07 13:44:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.09 09:53:26 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.06.07 13:44:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 13:44:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 13:44:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Click to call with Skype = C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
CHR - Extension: Anti-Banner = C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Schnuffel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Schnuffel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FILSHtray] C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000..\Run: [DIMUpdate wird heruntergeladen...1285781003180] "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Draw\DIM.exe" "c:\programdata\corel\downloads\540215253_410003\1285781003180\dim_params.xml" -Launch=3 -uibase="c:\users\schnuffel\appdata\roaming\corel\messages\540215253_410003\de\messagecache1\workflow" File not found
O4 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000..\Run: [iPhone PC Suite] C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start File not found
O4 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81451C78-77C7-47F0-BB6F-7BE1605380BC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000 Winlogon: Shell - (C:\Users\Schnuffel\AppData\Roaming\skype.dat) - C:\Users\Schnuffel\AppData\Roaming\skype.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\CheckID.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.13 20:29:43 | 000,000,000 | ---D | C] -- C:\Users\Schnuffel\AppData\Roaming\Malwarebytes
[2013.01.13 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.13 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.13 20:29:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.13 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.13 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\Schnuffel\AppData\Local\Programs
[2012.12.29 12:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.12.29 12:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.12.29 12:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.29 12:40:52 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.29 12:40:52 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.29 12:40:41 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.13 20:29:26 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.13 20:29:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 20:29:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 20:29:07 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.13 20:29:07 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.13 20:29:07 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.13 20:29:07 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.13 20:29:07 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.13 20:26:04 | 000,000,004 | ---- | M] () -- C:\Users\Schnuffel\AppData\Roaming\skype.ini
[2013.01.13 20:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.13 20:24:05 | 2415,312,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.13 19:22:15 | 000,058,880 | ---- | M] () -- C:\Users\Schnuffel\5016331.exe
[2012.12.29 12:40:31 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.29 12:40:30 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.29 12:40:30 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.29 12:40:29 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.29 12:40:29 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.29 12:40:29 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.12.20 07:46:00 | 000,006,489 | ---- | M] () -- C:\Users\Schnuffel\Desktop\Lebenslauf.pdf
 
========== Files Created - No Company Name ==========
 
[2013.01.13 20:29:26 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.13 19:22:25 | 000,000,004 | ---- | C] () -- C:\Users\Schnuffel\AppData\Roaming\skype.ini
[2013.01.13 19:22:15 | 000,058,880 | ---- | C] () -- C:\Users\Schnuffel\5016331.exe
[2012.12.20 07:45:59 | 000,006,489 | ---- | C] () -- C:\Users\Schnuffel\Desktop\Lebenslauf.pdf
[2012.05.24 19:44:52 | 000,004,063 | ---- | C] () -- C:\Users\Schnuffel\AppData\Local\recently-used.xbel
[2011.10.03 17:45:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.07.20 16:44:13 | 000,017,408 | ---- | C] () -- C:\Users\Schnuffel\AppData\Local\WebpageIcons.db
[2011.02.09 20:19:55 | 000,058,880 | ---- | C] () -- C:\Users\Schnuffel\AppData\Roaming\skype.dat
[2010.11.21 21:42:20 | 000,015,428 | ---- | C] () -- C:\Users\Schnuffel\RefEdit.exd
[2010.11.21 20:12:34 | 112,766,976 | ---- | C] () -- C:\Users\Schnuffel\kavkis.msi
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
extra

Code:
ATTFilter
OTL Extras logfile created on: 13.01.2013 21:22:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schnuffel\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 51,87% Memory free
6,00 Gb Paging File | 4,44 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237,85 Gb Total Space | 126,46 Gb Free Space | 53,17% Space Free | Partition Type: NTFS
Drive I: | 227,81 Gb Total Space | 227,67 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: SCHNUFFEL-PC | User Name: Schnuffel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1379074756-265788372-1856989295-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm paradies foto\dm FOTO Paradies + CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm FOTO Paradies + CEWE FOTOBUCH] -- "C:\Program Files (x86)\dm paradies foto\dm FOTO Paradies + CEWE FOTOBUCH\dm FOTO Paradies + CEWE FOTOBUCH.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm paradies foto\dm FOTO Paradies + CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm FOTO Paradies + CEWE FOTOBUCH] -- "C:\Program Files (x86)\dm paradies foto\dm FOTO Paradies + CEWE FOTOBUCH\dm FOTO Paradies + CEWE FOTOBUCH.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Users\Schnuffel\Desktop\fotobuch.de\Designer 2.0\Designer.exe" = C:\Users\Schnuffel\Desktop\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Users\Schnuffel\Desktop\fotobuch.de\Designer 2.0\Designer.exe" = C:\Users\Schnuffel\Desktop\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21A8E308-4CF6-41A2-8B84-D757DF54BE1F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E10903B-00A5-4FA7-9228-C90F9223D2F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34E3C1D2-3834-441D-866C-F9216AC3867A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{35EC6885-F7C9-4A17-8EDD-3E82614B2CF7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B80473D-C386-4667-B268-A16F1CE9334E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{43E20507-3C18-4763-92BF-F95671D7FF13}" = rport=138 | protocol=17 | dir=out | app=system | 
"{45048CB8-96A2-4260-9905-806EB0C9BCCD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4564F575-70BC-4D03-A98E-8DCADD08CED0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4766A523-92DC-4181-9001-3390A3E4FF60}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{521E15FA-3903-49C9-9D8D-4E01D3BF757C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{677F0DF5-44FC-4585-AAC8-061F83A14041}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{77A8A666-E035-4AFF-8AA7-ECE4576D0007}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7DBDF639-6091-4B56-BE71-FD1BDBA2FBAB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7FB2489A-B64D-45E2-BCD1-678AE8B7CBBE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8566ACF5-0469-4EFB-8D2A-C6752272D839}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8C395251-67EF-42A4-8166-CE997DED60AE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8D0B134D-4FB5-4D1F-849B-D9F961A2FCC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9D1168A-511C-44EE-A44D-F72E080962B5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C4D880DE-563B-40C4-8723-DF9E108CB33A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CC4F2009-6D90-4C08-BF17-A292363E38BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D9E9B9B4-7C7F-400F-B393-A30341A03A31}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DA5B4711-39F3-49C3-B949-F0573A25FC3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F153F0F9-944A-480C-97E9-CBFA2DD102C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F762F74D-BA17-46D9-BE06-60DA64B339FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{104276DB-5D5D-4930-BE63-37866435EBD9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21D6A96C-E417-4CE4-8175-A91FC05A32FD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{26A1E761-A7AF-401D-A0D2-CE2D7224740F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{30FA5585-F6F7-4E37-8387-78D4D076D175}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C998C8B-9155-4BF7-8B25-7F39689C7285}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{47AB7574-94A8-4F89-960F-C44330780E67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{516E61AB-8F34-4334-8600-E4FD818190AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{542D416B-BC91-48E1-9466-2B7386D64D77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5AE5F0E0-FE12-4F29-BD70-B739ADF28692}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5B052235-41ED-452F-A1FF-1F532F890FAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{62967F5F-5FF0-409A-AC7A-E9B655A9941C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{634DA5E8-A9E2-4B8B-97B4-59A23B16F0B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{63FA5F4E-0F9C-4130-96A5-204C843491AE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{66B72763-99CD-4482-9234-83AFDA1E0917}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
"{68470707-700B-4937-9BCF-8327CD87A084}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{77777C35-4DD5-4660-8E90-42E4B6CB6FC9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{77EE29ED-BFE9-497D-89E7-7194B501F610}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7AA9875C-919C-4F40-97CA-97E5F692EBC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{7AF35C0B-2D77-4B43-94A4-ECAEAB1605CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AF8BC11-290A-4300-A768-79C61EA686B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C7F2A24-B07B-4F79-A517-ACE3AC54F938}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9E06FC41-5F93-4F27-9021-AF0F99A794D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A4ACCF1A-B053-4EB6-BE2C-F1A98EF1F852}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{A66637D9-A805-4708-AFC3-E456DDAAF20D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{ADEDC631-6F65-4C79-B773-055F0ABEF5D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ADEDCF4C-F273-44CA-AAC0-215050410F10}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B9BA4979-3857-4931-955B-1AB510D013EC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BA11D933-6362-49CB-8C70-522E7913EE3D}" = protocol=6 | dir=out | app=system | 
"{BE5D7D61-2991-404C-9401-63334F37E06F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
"{C389B009-FBD7-409C-AE1A-E9D1988EF4C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C5BD3C2A-F847-4D2D-AF6B-A9D51229743A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C95F24D3-91B7-46C4-8A48-CFCDA922C2AB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D1C749A3-E5FB-4A28-B216-BB7CC06FF18F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D92136EE-3198-4C81-95FE-CD578920C870}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E324FC11-D30E-4BC0-B8AC-62B4B044D8BA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FFCFC80B-E886-4C98-9DA2-888D93416DAA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.6.12
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Designer 2.0_is1" = Designer 2.0
"DivX Setup" = DivX-Setup
"dm FOTO Paradies + CEWE FOTOBUCH" = dm FOTO Paradies + CEWE FOTOBUCH
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 8600" = RACE 07
"Steam App 8660" = GTR Evolution
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1379074756-265788372-1856989295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2013 15:19:14 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.01.2013 15:19:14 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11014
 
Error - 12.01.2013 15:19:14 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11014
 
Error - 12.01.2013 15:19:15 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.01.2013 15:19:15 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12043
 
Error - 12.01.2013 15:19:15 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12043
 
Error - 13.01.2013 12:46:38 | Computer Name = Schnuffel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.01.2013 15:03:15 | Computer Name = Schnuffel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768,
 Zeitstempel: 0x4d688122  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7b325  Ausnahmecode: 0xc000041d  Fehleroffset: 0x000000000002468b
ID
 des fehlerhaften Prozesses: 0x70c  Startzeit der fehlerhaften Anwendung: 0x01cdf1c09b16d4c0
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e1b16260-5db3-11e2-8b0e-0021850526a6
 
Error - 13.01.2013 16:18:00 | Computer Name = Schnuffel-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.70.0.9 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e34    Startzeit: 
01cdf1c477829130    Endzeit: 6    Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID:
 45b407e1-5dbe-11e2-8142-0021850526a6  
 
Error - 13.01.2013 16:22:25 | Computer Name = Schnuffel-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.70.0.9 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 854    Startzeit: 
01cdf1cb188fc1f0    Endzeit: 6    Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID:
 f05b9f51-5dbe-11e2-8142-0021850526a6  
 
[ System Events ]
Error - 13.01.2013 15:23:16 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   discache  KLIF  kneps  spldr  Wanarpv6
 
Error - 13.01.2013 15:23:16 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:16 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:16 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:16 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:16 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:16 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:18 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:18 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:18 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Gmer

Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-13 22:06:47
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\00000060 Hitachi_ rev.GM4O 465,76GB
Running: 3ffppntz.exe; Driver: C:\Users\SCHNUF~1\AppData\Local\Temp\pwtyyuod.sys


---- User code sections - GMER 2.0 ----

.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077581401 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077581419 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077581431 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007758144a 2 bytes [58, 77]
.text   ...                                                                                                                                  * 9
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000775814dd 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000775814f5 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007758150d 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077581525 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007758153d 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000077581555 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007758156d 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077581585 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007758159d 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000775815b5 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000775815cd 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000775816b2 2 bytes [58, 77]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000775816bd 2 bytes [58, 77]

---- Threads - GMER 2.0 ----

Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:4780]                                                                       000000006fc94675
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:2768]                                                                       000000006fc8bc41
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:1980]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:4392]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:4688]                                                                       00000000749e6f14
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:4936]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:1512]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:264]                                                                        0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:4356]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:4816]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:3344]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:3436]                                                                       00000000775f41fa
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:5088]                                                                       0000000072ac2f69
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:436]                                                                        0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:2696]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:3952]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:3180]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:1452]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:3792]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:3596]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:3288]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:1184]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:1860]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:3100]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:5096]                                                                       00000000775f6689
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:4256]                                                                       000000006e8e32fb
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:4924]                                                                       000000007523948b
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:972]                                                                        0000000073942733
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:4572]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:5036]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:1352]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:2668]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:2192]                                                                       0000000073e6c724
Thread  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2680:2736]                                                                       00000000775f6689
Thread  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2416:2304]                                                              000000006fc8bc41
Thread  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2416:4600]                                                              0000000072ac2f69
Thread  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2416:1928]                                                              00000000775f6689
Thread  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2416:4248]                                                              000000006f02d30c
Thread  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2416:3704]                                                              000000006f02d30c
Thread  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2416:2916]                                                              000000006f02d30c
Thread  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2416:4524]                                                              000000006f02d30c
Thread  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2416:2664]                                                              000000006f02d30c
Thread  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2416:164]                                                               000000006f02d30c

---- EOF - GMER 2.0 ----
         
malwarebytes läuft nun zu xten mal aber zum ende hin friert das Programm ein, Windows fragt ob beenden oder auf Antwort warten.
Wenn man es neu startet und unter Logdatein nach schaut sind zwei hinterlegt. mhhh ... nun geht nix mehr.
Ich Poste das jetzt schonmal und versuche den Rechner nochmal neu zu Starten.


Edit:

Viel zu lesen gibts da nicht.

malwarebytes
Code:
ATTFilter
2013/01/13 20:29:54 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting protection
2013/01/13 20:29:54 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Protection started successfully
2013/01/13 20:29:54 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting IP protection
2013/01/13 20:29:56 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	IP Protection started successfully
2013/01/13 20:30:21 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting database refresh
2013/01/13 20:30:21 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Stopping IP protection
2013/01/13 20:30:22 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	IP Protection stopped successfully
2013/01/13 20:30:24 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Database refreshed successfully
2013/01/13 20:30:24 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting IP protection
2013/01/13 20:30:26 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	IP Protection started successfully
         
die zweite datei

Code:
ATTFilter
2013/01/14 07:21:26 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting protection
2013/01/14 07:21:26 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Protection started successfully
2013/01/14 07:21:26 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting IP protection
2013/01/14 07:21:28 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	IP Protection started successfully
2013/01/14 07:23:18 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting protection
2013/01/14 07:23:18 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Protection started successfully
2013/01/14 07:23:18 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting IP protection
2013/01/14 07:23:20 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	IP Protection started successfully
2013/01/14 07:36:09 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting database refresh
2013/01/14 07:36:09 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Stopping IP protection
2013/01/14 07:36:09 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	IP Protection stopped successfully
2013/01/14 07:36:12 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Database refreshed successfully
2013/01/14 07:36:12 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting IP protection
2013/01/14 07:36:13 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	IP Protection started successfully
2013/01/14 07:37:44 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Executing scheduled update:  Daily
2013/01/14 07:37:45 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Database already up-to-date
2013/01/14 07:46:18 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting protection
2013/01/14 07:46:18 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Protection started successfully
2013/01/14 07:46:18 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	Starting IP protection
2013/01/14 07:46:20 +0100	SCHNUFFEL-PC	Schnuffel	MESSAGE	IP Protection started successfully
         
Wenn ich das sehe denke ich das Program stürtzt ab bevor es eigentlich richtig fertig ist.
Ich hoffe das ist jetzt soweit alles richtig und gut zu verarbeiten!

Danke!

Grüße Poloman


Geändert von Poloman (14.01.2013 um 07:54 Uhr)

Alt 14.01.2013, 09:59   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



Kannst du denn nichtmal erkennen was Malwarebytes gefunden hat?
Machst du einen Voll- oder Quickscan?


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> GUV Trojaner Win7

Alt 14.01.2013, 21:52   #7
Poloman
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



Zu Malwarebytes:
Ich habe erst einen Vollscan machen lassen (45 min) und nachdem er eingefrohren war habe ich zum testen mehrere Quickscans gemacht.
Leider lässt sich nichts erkennen da das Programm dann nicht mehr reagiert. Mehr als die rote 5 sehe ich nicht.

Das Anti Rootkit stoppt/hört auf, immer an der selben stelle. Zweimal getestet.
Siehe Bild im Anhang.

Ein mbar-log (mit Datum) wird im Mbar Ordner nicht Abgelegt!

Edit:
Wenn ich vor Ende Pause drücke friert Malwarebytes nicht ein und ich kann das Log Speichern. Aber es sind eigentlich mal 4 mal 5 Infizirte Objekte aber die kommen alle in der letzten Sekunde da ist das Programm schon nicht mehr bedienbar.
Einen konnte ich 'fangen'

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.14.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Schnuffel :: SCHNUFFEL-PC [Administrator]

Schutz: Aktiviert

14.01.2013 21:57:00
MBAM-log-2013-01-14 (21-59-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Autostart | P2P
Durchsuchte Objekte: 36008
Laufzeit: 1 Minute(n), 29 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$Recycle.Bin\S-1-5-21-1379074756-265788372-1856989295-1000\$R117VIF.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
Edit 2: Beim Anti RootKit ging es mit vorher Pausieren auch.
Allerding findet er so nur 3 Fehler...

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.14.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Schnuffel :: SCHNUFFEL-PC [administrator]

14.01.2013 21:54:29
mbar-log-2013-01-14 (21-54-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 22090
Time elapsed: 45 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.14.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Schnuffel :: SCHNUFFEL-PC [administrator]

14.01.2013 22:13:40
mbar-log-2013-01-14 (22-13-40).txt

Scan type: 
Scan options enabled: 
Scan options disabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Objects scanned: 0
Time elapsed: 14 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.14.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Schnuffel :: SCHNUFFEL-PC [administrator]

14.01.2013 22:21:03
mbar-log-2013-01-14 (22-21-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28414
Time elapsed: 7 minute(s), 37 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\Users\Schnuffel\AppData\Roaming\skype.dat (Trojan.Winlock) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-1379074756-265788372-1856989295-1000\$R117VIF.exe (PUP.Adware.Agent) -> Delete on reboot.
c:\Users\Schnuffel\5016331.exe (Trojan.Winlock) -> Delete on reboot.

(end)
         
und jetzt erstmal schlafen!

Danke und Gute Nacht
Angehängte Grafiken
Dateityp: png malwarebytes stop.PNG (155,2 KB, 119x aufgerufen)

Geändert von Poloman (14.01.2013 um 22:28 Uhr)

Alt 14.01.2013, 22:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.01.2013, 22:01   #9
Poloman
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



Code:
ATTFilter
ComboFix 13-01-16.01 - Schnuffel 16.01.2013  21:42:12.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3071.1734 [GMT 1:00]
ausgeführt von:: c:\users\Schnuffel\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Schnuffel\AppData\Roaming\skype.ini
I:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-16 bis 2013-01-16  ))))))))))))))))))))))))))))))
.
.
2013-01-16 20:50 . 2013-01-16 20:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-13 19:29 . 2013-01-13 19:29	--------	d-----w-	c:\users\Schnuffel\AppData\Roaming\Malwarebytes
2013-01-13 19:29 . 2013-01-13 19:29	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-13 19:29 . 2013-01-13 19:29	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-13 19:29 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-13 19:29 . 2013-01-13 19:29	--------	d-----w-	c:\users\Schnuffel\AppData\Local\Programs
2012-12-29 11:51 . 2012-12-29 11:51	--------	d-----w-	c:\program files (x86)\Ask.com
2012-12-29 11:41 . 2012-12-29 11:41	--------	d-----w-	c:\programdata\Ask
2012-12-29 11:41 . 2012-12-29 11:41	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-12-29 11:40 . 2012-12-29 11:40	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-29 11:40 . 2012-12-29 11:40	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-29 11:40 . 2011-03-14 19:11	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-25 11:42 . 2012-10-25 11:42	611160	----a-w-	c:\windows\system32\drivers\klif.sys
2012-10-25 11:42 . 2012-10-25 11:42	29528	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2012-10-25 11:42 . 2012-10-25 11:42	29016	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-10 18:32	1520840	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FILSHtray"="c:\program files (x86)\FILSHtray\FILSHtray.exe" [2012-02-06 597504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-17 218880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-10 1573576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Schnuffel\AppData\Roaming\Mozilla\Firefox\Profiles\tsjva0ca.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-04 19:34; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2012-12-04 19:34; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-12-04 19:34; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2012-12-04 19:34; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-12-04 19:34; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2012-12-29 12:51; toolbar@ask.com; c:\users\Schnuffel\AppData\Roaming\Mozilla\Firefox\Profiles\tsjva0ca.default\extensions\toolbar@ask.com
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-DIMUpdate wird heruntergeladen...1285781003180 - c:\program files (x86)\Corel\CorelDRAW Graphics Suite X5\Draw\DIM.exe
Wow6432Node-HKCU-Run-iPhone PC Suite - c:\program files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Designer 2.0_is1 - c:\users\Schnuffel\Desktop\fotobuch.de\Designer 2.0\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-16  21:53:30
ComboFix-quarantined-files.txt  2013-01-16 20:53
.
Vor Suchlauf: 7 Verzeichnis(se), 146.083.549.184 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 150.708.445.184 Bytes frei
.
- - End Of File - - 53750098D6758E391A52FCE707ED05F5
         
Das nun der Log nach dem Combofix lauf.

Mein Kaspersky 'Monitor' oben rechts auf dem Desktop fehlt noch immer.
Malwarebytes sagt:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.16.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Schnuffel :: SCHNUFFEL-PC [Administrator]

Schutz: Aktiviert

16.01.2013 22:05:45
MBAM-log-2013-01-16 (22-08-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Autostart | P2P
Durchsuchte Objekte: 212692
Laufzeit: 2 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.

(Ende)
         
Zumindest läuft das Program jetzt und friert nicht mehr ein.

mbar log
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.16.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Schnuffel :: SCHNUFFEL-PC [administrator]

16.01.2013 22:24:01
mbar-log-2013-01-16 (22-24-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30707
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Delete on reboot.

(end)
         
Ich lasse jetzt nochmal einen Vollständigen Suchlauf von Malwarebytes durchführen.

Das der Vollständige Scan
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.16.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Schnuffel :: SCHNUFFEL-PC [Administrator]

Schutz: Aktiviert

16.01.2013 22:29:23
MBAM-log-2013-01-17 (08-09-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Autostart | P2P
Durchsuchte Objekte: 378722
Laufzeit: 46 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Schnuffel\Downloads\Programme\SoftonicDownloader_fuer_winrar.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)
         

Geändert von Poloman (16.01.2013 um 22:33 Uhr)

Alt 17.01.2013, 14:30   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.01.2013, 08:26   #11
Poloman
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



TDSSKiller
Ohne Fund
Code:
ATTFilter
08:22:29.0328 4092  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:22:29.0687 4092  ============================================================
08:22:29.0687 4092  Current date / time: 2013/01/18 08:22:29.0687
08:22:29.0687 4092  SystemInfo:
08:22:29.0687 4092  
08:22:29.0687 4092  OS Version: 6.1.7600 ServicePack: 0.0
08:22:29.0687 4092  Product type: Workstation
08:22:29.0688 4092  ComputerName: SCHNUFFEL-PC
08:22:29.0688 4092  UserName: Schnuffel
08:22:29.0688 4092  Windows directory: C:\Windows
08:22:29.0688 4092  System windows directory: C:\Windows
08:22:29.0688 4092  Running under WOW64
08:22:29.0688 4092  Processor architecture: Intel x64
08:22:29.0688 4092  Number of processors: 4
08:22:29.0688 4092  Page size: 0x1000
08:22:29.0688 4092  Boot type: Normal boot
08:22:29.0688 4092  ============================================================
08:22:30.0503 4092  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:22:30.0519 4092  ============================================================
08:22:30.0519 4092  \Device\Harddisk0\DR0:
08:22:30.0519 4092  MBR partitions:
08:22:30.0519 4092  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:22:30.0519 4092  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DBB3000
08:22:30.0519 4092  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DBE5800, BlocksNum 0x1C79F800
08:22:30.0519 4092  ============================================================
08:22:30.0534 4092  C: <-> \Device\Harddisk0\DR0\Partition2
08:22:30.0577 4092  I: <-> \Device\Harddisk0\DR0\Partition3
08:22:30.0578 4092  ============================================================
08:22:30.0578 4092  Initialize success
08:22:30.0578 4092  ============================================================
08:22:37.0010 3760  ============================================================
08:22:37.0010 3760  Scan started
08:22:37.0010 3760  Mode: Manual; SigCheck; TDLFS; 
08:22:37.0010 3760  ============================================================
08:22:37.0552 3760  ================ Scan system memory ========================
08:22:37.0552 3760  System memory - ok
08:22:37.0553 3760  ================ Scan services =============================
08:22:37.0666 3760  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
08:22:37.0783 3760  1394ohci - ok
08:22:37.0892 3760  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
08:22:37.0907 3760  AAV UpdateService - ok
08:22:37.0939 3760  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
08:22:37.0960 3760  ACPI - ok
08:22:37.0972 3760  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
08:22:38.0037 3760  AcpiPmi - ok
08:22:38.0146 3760  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:22:38.0157 3760  AdobeARMservice - ok
08:22:38.0199 3760  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:22:38.0224 3760  adp94xx - ok
08:22:38.0252 3760  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:22:38.0271 3760  adpahci - ok
08:22:38.0288 3760  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:22:38.0303 3760  adpu320 - ok
08:22:38.0331 3760  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:22:38.0457 3760  AeLookupSvc - ok
08:22:38.0494 3760  [ B9384E03479D2506BC924C16A3DB87BC ] AFD             C:\Windows\system32\drivers\afd.sys
08:22:38.0562 3760  AFD - ok
08:22:38.0594 3760  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
08:22:38.0604 3760  agp440 - ok
08:22:38.0630 3760  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
08:22:38.0667 3760  ALG - ok
08:22:38.0696 3760  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
08:22:38.0708 3760  aliide - ok
08:22:38.0747 3760  [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:22:38.0904 3760  AMD External Events Utility - ok
08:22:38.0918 3760  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
08:22:38.0930 3760  amdide - ok
08:22:38.0951 3760  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:22:38.0971 3760  AmdK8 - ok
08:22:38.0980 3760  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:22:39.0010 3760  AmdPPM - ok
08:22:39.0037 3760  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:22:39.0053 3760  amdsata - ok
08:22:39.0092 3760  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:22:39.0111 3760  amdsbs - ok
08:22:39.0130 3760  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:22:39.0140 3760  amdxata - ok
08:22:39.0176 3760  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
08:22:39.0237 3760  AppID - ok
08:22:39.0261 3760  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:22:39.0311 3760  AppIDSvc - ok
08:22:39.0329 3760  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
08:22:39.0360 3760  Appinfo - ok
08:22:39.0401 3760  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:22:39.0414 3760  Apple Mobile Device - ok
08:22:39.0426 3760  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
08:22:39.0462 3760  AppMgmt - ok
08:22:39.0491 3760  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:22:39.0505 3760  arc - ok
08:22:39.0522 3760  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:22:39.0536 3760  arcsas - ok
08:22:39.0555 3760  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:22:39.0616 3760  AsyncMac - ok
08:22:39.0631 3760  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
08:22:39.0641 3760  atapi - ok
08:22:39.0770 3760  [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:22:39.0957 3760  atikmdag - ok
08:22:39.0999 3760  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:22:40.0052 3760  AudioEndpointBuilder - ok
08:22:40.0063 3760  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:22:40.0103 3760  AudioSrv - ok
08:22:40.0145 3760  AVP - ok
08:22:40.0169 3760  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:22:40.0234 3760  AxInstSV - ok
08:22:40.0273 3760  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
08:22:40.0316 3760  b06bdrv - ok
08:22:40.0342 3760  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:22:40.0376 3760  b57nd60a - ok
08:22:40.0406 3760  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:22:40.0449 3760  BDESVC - ok
08:22:40.0464 3760  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:22:40.0515 3760  Beep - ok
08:22:40.0543 3760  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
08:22:40.0592 3760  BFE - ok
08:22:40.0623 3760  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
08:22:40.0677 3760  BITS - ok
08:22:40.0696 3760  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:22:40.0719 3760  blbdrive - ok
08:22:40.0790 3760  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:22:40.0810 3760  Bonjour Service - ok
08:22:40.0852 3760  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:22:40.0889 3760  bowser - ok
08:22:40.0919 3760  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:22:40.0944 3760  BrFiltLo - ok
08:22:40.0953 3760  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:22:40.0967 3760  BrFiltUp - ok
08:22:40.0995 3760  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
08:22:41.0041 3760  BridgeMP - ok
08:22:41.0065 3760  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
08:22:41.0105 3760  Browser - ok
08:22:41.0128 3760  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:22:41.0162 3760  Brserid - ok
08:22:41.0178 3760  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:22:41.0200 3760  BrSerWdm - ok
08:22:41.0217 3760  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:22:41.0247 3760  BrUsbMdm - ok
08:22:41.0251 3760  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:22:41.0270 3760  BrUsbSer - ok
08:22:41.0282 3760  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:22:41.0309 3760  BTHMODEM - ok
08:22:41.0338 3760  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
08:22:41.0395 3760  bthserv - ok
08:22:41.0427 3760  catchme - ok
08:22:41.0454 3760  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:22:41.0504 3760  cdfs - ok
08:22:41.0528 3760  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:22:41.0545 3760  cdrom - ok
08:22:41.0572 3760  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
08:22:41.0619 3760  CertPropSvc - ok
08:22:41.0649 3760  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:22:41.0678 3760  circlass - ok
08:22:41.0698 3760  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
08:22:41.0714 3760  CLFS - ok
08:22:41.0765 3760  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:22:41.0778 3760  clr_optimization_v2.0.50727_32 - ok
08:22:41.0816 3760  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:22:41.0828 3760  clr_optimization_v2.0.50727_64 - ok
08:22:41.0869 3760  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:22:41.0880 3760  clr_optimization_v4.0.30319_32 - ok
08:22:41.0904 3760  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:22:41.0914 3760  clr_optimization_v4.0.30319_64 - ok
08:22:41.0932 3760  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:22:41.0948 3760  CmBatt - ok
08:22:41.0964 3760  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
08:22:41.0974 3760  cmdide - ok
08:22:41.0997 3760  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
08:22:42.0022 3760  CNG - ok
08:22:42.0047 3760  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:22:42.0058 3760  Compbatt - ok
08:22:42.0083 3760  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
08:22:42.0117 3760  CompositeBus - ok
08:22:42.0124 3760  COMSysApp - ok
08:22:42.0144 3760  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:22:42.0154 3760  crcdisk - ok
08:22:42.0178 3760  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:22:42.0220 3760  CryptSvc - ok
08:22:42.0243 3760  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
08:22:42.0285 3760  CSC - ok
08:22:42.0314 3760  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
08:22:42.0357 3760  CscService - ok
08:22:42.0384 3760  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:22:42.0426 3760  DcomLaunch - ok
08:22:42.0457 3760  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
08:22:42.0517 3760  defragsvc - ok
08:22:42.0535 3760  [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:22:42.0576 3760  DfsC - ok
08:22:42.0607 3760  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:22:42.0679 3760  Dhcp - ok
08:22:42.0703 3760  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
08:22:42.0756 3760  discache - ok
08:22:42.0774 3760  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:22:42.0785 3760  Disk - ok
08:22:42.0825 3760  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:22:42.0863 3760  Dnscache - ok
08:22:42.0892 3760  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
08:22:42.0944 3760  dot3svc - ok
08:22:42.0965 3760  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
08:22:43.0001 3760  DPS - ok
08:22:43.0018 3760  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:22:43.0039 3760  drmkaud - ok
08:22:43.0107 3760  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:22:43.0140 3760  DXGKrnl - ok
08:22:43.0173 3760  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
08:22:43.0222 3760  EapHost - ok
08:22:43.0301 3760  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
08:22:43.0379 3760  ebdrv - ok
08:22:43.0403 3760  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
08:22:43.0428 3760  EFS - ok
08:22:43.0475 3760  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:22:43.0526 3760  ehRecvr - ok
08:22:43.0544 3760  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
08:22:43.0576 3760  ehSched - ok
08:22:43.0622 3760  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:22:43.0649 3760  elxstor - ok
08:22:43.0666 3760  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
08:22:43.0688 3760  ErrDev - ok
08:22:43.0735 3760  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
08:22:43.0774 3760  EventSystem - ok
08:22:43.0788 3760  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
08:22:43.0832 3760  exfat - ok
08:22:43.0851 3760  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:22:43.0892 3760  fastfat - ok
08:22:43.0928 3760  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
08:22:43.0975 3760  Fax - ok
08:22:43.0995 3760  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:22:44.0026 3760  fdc - ok
08:22:44.0045 3760  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:22:44.0098 3760  fdPHost - ok
08:22:44.0103 3760  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:22:44.0137 3760  FDResPub - ok
08:22:44.0160 3760  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:22:44.0171 3760  FileInfo - ok
08:22:44.0182 3760  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:22:44.0216 3760  Filetrace - ok
08:22:44.0234 3760  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:22:44.0246 3760  flpydisk - ok
08:22:44.0270 3760  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:22:44.0286 3760  FltMgr - ok
08:22:44.0339 3760  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
08:22:44.0403 3760  FontCache - ok
08:22:44.0437 3760  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:22:44.0449 3760  FontCache3.0.0.0 - ok
08:22:44.0470 3760  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:22:44.0484 3760  FsDepends - ok
08:22:44.0493 3760  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:22:44.0505 3760  Fs_Rec - ok
08:22:44.0534 3760  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:22:44.0554 3760  fvevol - ok
08:22:44.0581 3760  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:22:44.0593 3760  gagp30kx - ok
08:22:44.0627 3760  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:22:44.0635 3760  GEARAspiWDM - ok
08:22:44.0670 3760  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
08:22:44.0718 3760  gpsvc - ok
08:22:44.0744 3760  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:22:44.0786 3760  hcw85cir - ok
08:22:44.0817 3760  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:22:44.0847 3760  HdAudAddService - ok
08:22:44.0873 3760  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:22:44.0900 3760  HDAudBus - ok
08:22:44.0913 3760  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:22:44.0940 3760  HidBatt - ok
08:22:44.0952 3760  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:22:44.0984 3760  HidBth - ok
08:22:45.0000 3760  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:22:45.0024 3760  HidIr - ok
08:22:45.0049 3760  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
08:22:45.0101 3760  hidserv - ok
08:22:45.0135 3760  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:22:45.0159 3760  HidUsb - ok
08:22:45.0178 3760  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:22:45.0225 3760  hkmsvc - ok
08:22:45.0238 3760  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:22:45.0274 3760  HomeGroupListener - ok
08:22:45.0299 3760  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:22:45.0322 3760  HomeGroupProvider - ok
08:22:45.0351 3760  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
08:22:45.0362 3760  HpSAMD - ok
08:22:45.0399 3760  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:22:45.0446 3760  HTTP - ok
08:22:45.0461 3760  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:22:45.0470 3760  hwpolicy - ok
08:22:45.0483 3760  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:22:45.0497 3760  i8042prt - ok
08:22:45.0547 3760  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:22:45.0571 3760  iaStorV - ok
08:22:45.0621 3760  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:22:45.0651 3760  idsvc - ok
08:22:45.0674 3760  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:22:45.0684 3760  iirsp - ok
08:22:45.0715 3760  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
08:22:45.0774 3760  IKEEXT - ok
08:22:45.0830 3760  [ D8BCE8176CB1084C6F5830C019D47166 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:22:45.0896 3760  IntcAzAudAddService - ok
08:22:45.0916 3760  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
08:22:45.0926 3760  intelide - ok
08:22:45.0949 3760  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:22:45.0968 3760  intelppm - ok
08:22:45.0990 3760  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:22:46.0025 3760  IPBusEnum - ok
08:22:46.0042 3760  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:22:46.0076 3760  IpFilterDriver - ok
08:22:46.0102 3760  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:22:46.0152 3760  iphlpsvc - ok
08:22:46.0180 3760  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:22:46.0194 3760  IPMIDRV - ok
08:22:46.0211 3760  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:22:46.0253 3760  IPNAT - ok
08:22:46.0292 3760  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:22:46.0313 3760  iPod Service - ok
08:22:46.0342 3760  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:22:46.0359 3760  IRENUM - ok
08:22:46.0370 3760  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
08:22:46.0380 3760  isapnp - ok
08:22:46.0400 3760  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:22:46.0414 3760  iScsiPrt - ok
08:22:46.0440 3760  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:22:46.0454 3760  kbdclass - ok
08:22:46.0471 3760  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:22:46.0495 3760  kbdhid - ok
08:22:46.0511 3760  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
08:22:46.0530 3760  KeyIso - ok
08:22:46.0599 3760  [ 8B5219318DF5895ABD230C373F2DF18A ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
08:22:46.0622 3760  KL1 - ok
08:22:46.0646 3760  [ 8191BB24F61EBCAF84719993C7F7B5C6 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
08:22:46.0666 3760  KLIF - ok
08:22:46.0674 3760  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
08:22:46.0683 3760  KLIM6 - ok
08:22:46.0709 3760  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
08:22:46.0720 3760  klkbdflt - ok
08:22:46.0758 3760  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
08:22:46.0770 3760  klmouflt - ok
08:22:46.0794 3760  [ FFC0501A1EA742406F1904A0CFE3BFE2 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
08:22:46.0807 3760  kltdi - ok
08:22:46.0831 3760  [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
08:22:46.0846 3760  kneps - ok
08:22:46.0868 3760  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:22:46.0885 3760  KSecDD - ok
08:22:46.0906 3760  [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:22:46.0918 3760  KSecPkg - ok
08:22:46.0939 3760  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:22:46.0980 3760  ksthunk - ok
08:22:47.0003 3760  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:22:47.0056 3760  KtmRm - ok
08:22:47.0080 3760  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
08:22:47.0111 3760  LanmanServer - ok
08:22:47.0134 3760  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:22:47.0170 3760  LanmanWorkstation - ok
08:22:47.0200 3760  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:22:47.0234 3760  lltdio - ok
08:22:47.0252 3760  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:22:47.0303 3760  lltdsvc - ok
08:22:47.0328 3760  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:22:47.0362 3760  lmhosts - ok
08:22:47.0394 3760  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:22:47.0406 3760  LSI_FC - ok
08:22:47.0419 3760  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:22:47.0432 3760  LSI_SAS - ok
08:22:47.0441 3760  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:22:47.0452 3760  LSI_SAS2 - ok
08:22:47.0464 3760  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:22:47.0477 3760  LSI_SCSI - ok
08:22:47.0502 3760  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
08:22:47.0547 3760  luafv - ok
08:22:47.0585 3760  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
08:22:47.0596 3760  MBAMProtector - ok
08:22:47.0653 3760  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:22:47.0673 3760  MBAMScheduler - ok
08:22:47.0694 3760  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:22:47.0713 3760  MBAMService - ok
08:22:47.0757 3760  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:22:47.0802 3760  Mcx2Svc - ok
08:22:47.0828 3760  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:22:47.0841 3760  megasas - ok
08:22:47.0854 3760  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:22:47.0872 3760  MegaSR - ok
08:22:47.0988 3760  [ 033B947AF4A997820E86FCB070B1F450 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:22:48.0001 3760  Microsoft Office Groove Audit Service - ok
08:22:48.0031 3760  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
08:22:48.0079 3760  MMCSS - ok
08:22:48.0099 3760  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
08:22:48.0137 3760  Modem - ok
08:22:48.0156 3760  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:22:48.0184 3760  monitor - ok
08:22:48.0209 3760  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:22:48.0233 3760  mouclass - ok
08:22:48.0260 3760  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:22:48.0273 3760  mouhid - ok
08:22:48.0290 3760  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:22:48.0302 3760  mountmgr - ok
08:22:48.0346 3760  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:22:48.0360 3760  MozillaMaintenance - ok
08:22:48.0377 3760  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
08:22:48.0393 3760  mpio - ok
08:22:48.0413 3760  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:22:48.0455 3760  mpsdrv - ok
08:22:48.0499 3760  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:22:48.0550 3760  MpsSvc - ok
08:22:48.0569 3760  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:22:48.0598 3760  MRxDAV - ok
08:22:48.0633 3760  [ B7F3D2C40BDF8FFB73EBFB19C77734E2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:22:48.0670 3760  mrxsmb - ok
08:22:48.0694 3760  [ 86C6F88B5168CE21CF8D69D0B3FF5D19 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:22:48.0716 3760  mrxsmb10 - ok
08:22:48.0730 3760  [ B081069251C8E9F42CB8769D07148F9C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:22:48.0749 3760  mrxsmb20 - ok
08:22:48.0767 3760  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
08:22:48.0778 3760  msahci - ok
08:22:48.0791 3760  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
08:22:48.0804 3760  msdsm - ok
08:22:48.0816 3760  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
08:22:48.0842 3760  MSDTC - ok
08:22:48.0858 3760  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:22:48.0891 3760  Msfs - ok
08:22:48.0899 3760  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:22:48.0944 3760  mshidkmdf - ok
08:22:48.0965 3760  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
08:22:48.0991 3760  msisadrv - ok
08:22:49.0070 3760  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:22:49.0119 3760  MSiSCSI - ok
08:22:49.0124 3760  msiserver - ok
08:22:49.0143 3760  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:22:49.0176 3760  MSKSSRV - ok
08:22:49.0197 3760  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:22:49.0236 3760  MSPCLOCK - ok
08:22:49.0251 3760  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:22:49.0291 3760  MSPQM - ok
08:22:49.0317 3760  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:22:49.0333 3760  MsRPC - ok
08:22:49.0349 3760  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:22:49.0358 3760  mssmbios - ok
08:22:49.0380 3760  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:22:49.0419 3760  MSTEE - ok
08:22:49.0429 3760  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:22:49.0451 3760  MTConfig - ok
08:22:49.0471 3760  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:22:49.0482 3760  Mup - ok
08:22:49.0502 3760  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
08:22:49.0544 3760  napagent - ok
08:22:49.0575 3760  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:22:49.0600 3760  NativeWifiP - ok
08:22:49.0640 3760  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:22:49.0663 3760  NDIS - ok
08:22:49.0679 3760  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:22:49.0713 3760  NdisCap - ok
08:22:49.0733 3760  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:22:49.0786 3760  NdisTapi - ok
08:22:49.0804 3760  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:22:49.0846 3760  Ndisuio - ok
08:22:49.0872 3760  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:22:49.0908 3760  NdisWan - ok
08:22:49.0921 3760  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:22:49.0955 3760  NDProxy - ok
08:22:49.0981 3760  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:22:50.0015 3760  NetBIOS - ok
08:22:50.0030 3760  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:22:50.0076 3760  NetBT - ok
08:22:50.0085 3760  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
08:22:50.0099 3760  Netlogon - ok
08:22:50.0132 3760  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
08:22:50.0186 3760  Netman - ok
08:22:50.0205 3760  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
08:22:50.0255 3760  netprofm - ok
08:22:50.0272 3760  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:22:50.0282 3760  NetTcpPortSharing - ok
08:22:50.0307 3760  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:22:50.0317 3760  nfrd960 - ok
08:22:50.0351 3760  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:22:50.0394 3760  NlaSvc - ok
08:22:50.0420 3760  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
08:22:50.0475 3760  nmwcd - ok
08:22:50.0497 3760  [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
08:22:50.0528 3760  nmwcdc - ok
08:22:50.0538 3760  [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdcx64       C:\Windows\system32\drivers\ccdcmbox64.sys
08:22:50.0561 3760  nmwcdcx64 - ok
08:22:50.0574 3760  nmwcdnsucx64 - ok
08:22:50.0580 3760  nmwcdnsux64 - ok
08:22:50.0603 3760  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcdx64        C:\Windows\system32\drivers\ccdcmbx64.sys
08:22:50.0626 3760  nmwcdx64 - ok
08:22:50.0640 3760  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:22:50.0674 3760  Npfs - ok
08:22:50.0706 3760  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
08:22:50.0750 3760  nsi - ok
08:22:50.0764 3760  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:22:50.0810 3760  nsiproxy - ok
08:22:50.0878 3760  [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:22:50.0926 3760  Ntfs - ok
08:22:50.0952 3760  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
08:22:50.0985 3760  Null - ok
08:22:51.0015 3760  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
08:22:51.0043 3760  NVENETFD - ok
08:22:51.0076 3760  [ ED9380F201C8126425C09BED96DBE1E5 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
08:22:51.0088 3760  NVHDA - ok
08:22:51.0345 3760  [ BBE872A814B00798C2D568D46C42A71B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:22:51.0694 3760  nvlddmkm - ok
08:22:51.0741 3760  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:22:51.0754 3760  nvraid - ok
08:22:51.0792 3760  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:22:51.0808 3760  nvstor - ok
08:22:51.0847 3760  [ 0393E59488C67F704336F3FF06E2B7BD ] NVSvc           C:\Windows\system32\nvvsvc.exe
08:22:51.0890 3760  NVSvc - ok
08:22:51.0915 3760  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
08:22:51.0927 3760  nv_agp - ok
08:22:52.0012 3760  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:22:52.0030 3760  odserv - ok
08:22:52.0061 3760  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:22:52.0078 3760  ohci1394 - ok
08:22:52.0133 3760  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:22:52.0146 3760  ose - ok
08:22:52.0176 3760  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:22:52.0215 3760  p2pimsvc - ok
08:22:52.0232 3760  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:22:52.0253 3760  p2psvc - ok
08:22:52.0276 3760  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:22:52.0290 3760  Parport - ok
08:22:52.0302 3760  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:22:52.0313 3760  partmgr - ok
08:22:52.0336 3760  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:22:52.0362 3760  PcaSvc - ok
08:22:52.0376 3760  pccsmcfd - ok
08:22:52.0389 3760  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
08:22:52.0400 3760  pci - ok
08:22:52.0411 3760  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
08:22:52.0421 3760  pciide - ok
08:22:52.0438 3760  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:22:52.0452 3760  pcmcia - ok
08:22:52.0484 3760  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:22:52.0495 3760  pcw - ok
08:22:52.0515 3760  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:22:52.0569 3760  PEAUTH - ok
08:22:52.0608 3760  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
08:22:52.0659 3760  PeerDistSvc - ok
08:22:52.0707 3760  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:22:52.0726 3760  PerfHost - ok
08:22:52.0763 3760  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
08:22:52.0840 3760  pla - ok
08:22:52.0874 3760  [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:22:52.0924 3760  PlugPlay - ok
08:22:52.0945 3760  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:22:52.0967 3760  PNRPAutoReg - ok
08:22:52.0984 3760  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:22:53.0000 3760  PNRPsvc - ok
08:22:53.0031 3760  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:22:53.0073 3760  PolicyAgent - ok
08:22:53.0094 3760  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
08:22:53.0140 3760  Power - ok
08:22:53.0168 3760  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:22:53.0202 3760  PptpMiniport - ok
08:22:53.0220 3760  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:22:53.0247 3760  Processor - ok
08:22:53.0273 3760  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
08:22:53.0316 3760  ProfSvc - ok
08:22:53.0327 3760  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
08:22:53.0340 3760  ProtectedStorage - ok
08:22:53.0364 3760  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:22:53.0397 3760  Psched - ok
08:22:53.0443 3760  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:22:53.0484 3760  ql2300 - ok
08:22:53.0499 3760  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:22:53.0512 3760  ql40xx - ok
08:22:53.0536 3760  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
08:22:53.0556 3760  QWAVE - ok
08:22:53.0567 3760  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:22:53.0592 3760  QWAVEdrv - ok
08:22:53.0602 3760  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:22:53.0639 3760  RasAcd - ok
08:22:53.0671 3760  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:22:53.0716 3760  RasAgileVpn - ok
08:22:53.0741 3760  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
08:22:53.0795 3760  RasAuto - ok
08:22:53.0816 3760  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:22:53.0851 3760  Rasl2tp - ok
08:22:53.0866 3760  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
08:22:53.0905 3760  RasMan - ok
08:22:53.0931 3760  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:22:53.0975 3760  RasPppoe - ok
08:22:53.0989 3760  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:22:54.0030 3760  RasSstp - ok
08:22:54.0051 3760  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:22:54.0098 3760  rdbss - ok
08:22:54.0118 3760  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:22:54.0133 3760  rdpbus - ok
08:22:54.0145 3760  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:22:54.0179 3760  RDPCDD - ok
08:22:54.0195 3760  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
08:22:54.0227 3760  RDPDR - ok
08:22:54.0239 3760  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:22:54.0282 3760  RDPENCDD - ok
08:22:54.0293 3760  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:22:54.0325 3760  RDPREFMP - ok
08:22:54.0346 3760  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:22:54.0388 3760  RDPWD - ok
08:22:54.0419 3760  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:22:54.0433 3760  rdyboost - ok
08:22:54.0455 3760  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:22:54.0501 3760  RemoteAccess - ok
08:22:54.0527 3760  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:22:54.0569 3760  RemoteRegistry - ok
08:22:54.0596 3760  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:22:54.0642 3760  RpcEptMapper - ok
08:22:54.0654 3760  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
08:22:54.0671 3760  RpcLocator - ok
08:22:54.0691 3760  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
08:22:54.0730 3760  RpcSs - ok
08:22:54.0761 3760  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:22:54.0805 3760  rspndr - ok
08:22:54.0813 3760  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
08:22:54.0846 3760  s3cap - ok
08:22:54.0852 3760  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
08:22:54.0865 3760  SamSs - ok
08:22:54.0878 3760  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
08:22:54.0889 3760  sbp2port - ok
08:22:54.0913 3760  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:22:54.0950 3760  SCardSvr - ok
08:22:54.0969 3760  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:22:55.0009 3760  scfilter - ok
08:22:55.0059 3760  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
08:22:55.0104 3760  Schedule - ok
08:22:55.0129 3760  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:22:55.0162 3760  SCPolicySvc - ok
08:22:55.0184 3760  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:22:55.0216 3760  SDRSVC - ok
08:22:55.0245 3760  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:22:55.0302 3760  secdrv - ok
08:22:55.0316 3760  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
08:22:55.0359 3760  seclogon - ok
08:22:55.0380 3760  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
08:22:55.0423 3760  SENS - ok
08:22:55.0438 3760  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:22:55.0467 3760  SensrSvc - ok
08:22:55.0491 3760  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:22:55.0504 3760  Serenum - ok
08:22:55.0525 3760  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:22:55.0550 3760  Serial - ok
08:22:55.0564 3760  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:22:55.0586 3760  sermouse - ok
08:22:55.0610 3760  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
08:22:55.0646 3760  SessionEnv - ok
08:22:55.0657 3760  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
08:22:55.0676 3760  sffdisk - ok
08:22:55.0687 3760  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:22:55.0708 3760  sffp_mmc - ok
08:22:55.0723 3760  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
08:22:55.0738 3760  sffp_sd - ok
08:22:55.0757 3760  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:22:55.0779 3760  sfloppy - ok
08:22:55.0805 3760  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:22:55.0856 3760  SharedAccess - ok
08:22:55.0881 3760  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:22:55.0913 3760  ShellHWDetection - ok
08:22:55.0957 3760  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:22:55.0981 3760  SiSRaid2 - ok
08:22:55.0994 3760  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:22:56.0005 3760  SiSRaid4 - ok
08:22:56.0019 3760  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:22:56.0066 3760  Smb - ok
08:22:56.0099 3760  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:22:56.0114 3760  SNMPTRAP - ok
08:22:56.0137 3760  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:22:56.0147 3760  spldr - ok
08:22:56.0176 3760  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
08:22:56.0217 3760  Spooler - ok
08:22:56.0290 3760  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
08:22:56.0373 3760  sppsvc - ok
08:22:56.0397 3760  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:22:56.0431 3760  sppuinotify - ok
08:22:56.0471 3760  [ 148D50904D2A0DF29A19778715EB35BB ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:22:56.0509 3760  srv - ok
08:22:56.0555 3760  [ CE2189FE31D36678AC9EB7DDEE08EC96 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:22:56.0584 3760  srv2 - ok
08:22:56.0601 3760  [ CB69EDEB069A49577592835659CD0E46 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:22:56.0616 3760  srvnet - ok
08:22:56.0637 3760  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:22:56.0685 3760  SSDPSRV - ok
08:22:56.0701 3760  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:22:56.0737 3760  SstpSvc - ok
08:22:56.0776 3760  Steam Client Service - ok
08:22:56.0813 3760  [ 8D01686AE82B466F4CD074F31F2942CA ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:22:56.0827 3760  Stereo Service - ok
08:22:56.0852 3760  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:22:56.0863 3760  stexstor - ok
08:22:56.0896 3760  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
08:22:56.0930 3760  stisvc - ok
08:22:56.0943 3760  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
08:22:56.0954 3760  storflt - ok
08:22:56.0972 3760  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
08:22:56.0984 3760  storvsc - ok
08:22:56.0996 3760  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:22:57.0007 3760  swenum - ok
08:22:57.0033 3760  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
08:22:57.0080 3760  swprv - ok
08:22:57.0117 3760  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
08:22:57.0166 3760  SysMain - ok
08:22:57.0187 3760  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:22:57.0216 3760  TabletInputService - ok
08:22:57.0243 3760  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:22:57.0294 3760  TapiSrv - ok
08:22:57.0311 3760  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
08:22:57.0346 3760  TBS - ok
08:22:57.0396 3760  [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:22:57.0441 3760  Tcpip - ok
08:22:57.0469 3760  [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:22:57.0505 3760  TCPIP6 - ok
08:22:57.0522 3760  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:22:57.0562 3760  tcpipreg - ok
08:22:57.0570 3760  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:22:57.0608 3760  TDPIPE - ok
08:22:57.0617 3760  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:22:57.0650 3760  TDTCP - ok
08:22:57.0667 3760  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:22:57.0711 3760  tdx - ok
08:22:57.0778 3760  [ 2A64C802F4C8AA00AC8472C771688E00 ] TeamViewer5     C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
08:22:57.0815 3760  TeamViewer5 - ok
08:22:57.0828 3760  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:22:57.0839 3760  TermDD - ok
08:22:57.0869 3760  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
08:22:57.0918 3760  TermService - ok
08:22:57.0930 3760  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
08:22:57.0960 3760  Themes - ok
08:22:57.0971 3760  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
08:22:58.0006 3760  THREADORDER - ok
08:22:58.0040 3760  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
08:22:58.0080 3760  TrkWks - ok
08:22:58.0109 3760  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:22:58.0127 3760  TrustedInstaller - ok
08:22:58.0150 3760  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:22:58.0198 3760  tssecsrv - ok
08:22:58.0229 3760  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:22:58.0274 3760  tunnel - ok
08:22:58.0287 3760  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:22:58.0298 3760  uagp35 - ok
08:22:58.0313 3760  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:22:58.0357 3760  udfs - ok
08:22:58.0378 3760  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:22:58.0400 3760  UI0Detect - ok
08:22:58.0429 3760  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
08:22:58.0439 3760  uliagpkx - ok
08:22:58.0468 3760  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:22:58.0492 3760  umbus - ok
08:22:58.0505 3760  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:22:58.0521 3760  UmPass - ok
08:22:58.0541 3760  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
08:22:58.0566 3760  UmRdpService - ok
08:22:58.0594 3760  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
08:22:58.0643 3760  upnphost - ok
08:22:58.0663 3760  [ 4E93C8496359E97830C75AC36393654D ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
08:22:58.0696 3760  upperdev - ok
08:22:58.0713 3760  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
08:22:58.0741 3760  USBAAPL64 - ok
08:22:58.0775 3760  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:22:58.0807 3760  usbccgp - ok
08:22:58.0826 3760  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
08:22:58.0854 3760  usbcir - ok
08:22:58.0888 3760  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:22:58.0904 3760  usbehci - ok
08:22:58.0945 3760  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:22:58.0974 3760  usbhub - ok
08:22:58.0987 3760  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
08:22:59.0005 3760  usbohci - ok
08:22:59.0023 3760  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:22:59.0050 3760  usbprint - ok
08:22:59.0084 3760  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:22:59.0099 3760  usbscan - ok
08:22:59.0233 3760  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\Windows\system32\drivers\usbser.sys
08:22:59.0295 3760  usbser - ok
08:22:59.0320 3760  [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
08:22:59.0365 3760  UsbserFilt - ok
08:22:59.0379 3760  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:22:59.0409 3760  USBSTOR - ok
08:22:59.0438 3760  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:22:59.0459 3760  usbuhci - ok
08:22:59.0476 3760  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
08:22:59.0510 3760  UxSms - ok
08:22:59.0518 3760  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
08:22:59.0531 3760  VaultSvc - ok
08:22:59.0557 3760  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
08:22:59.0567 3760  vdrvroot - ok
08:22:59.0584 3760  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
08:22:59.0607 3760  vds - ok
08:22:59.0618 3760  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:22:59.0633 3760  vga - ok
08:22:59.0648 3760  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:22:59.0687 3760  VgaSave - ok
08:22:59.0707 3760  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
08:22:59.0722 3760  vhdmp - ok
08:22:59.0731 3760  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
08:22:59.0741 3760  viaide - ok
08:22:59.0770 3760  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
08:22:59.0785 3760  vmbus - ok
08:22:59.0799 3760  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
08:22:59.0818 3760  VMBusHID - ok
08:22:59.0834 3760  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
08:22:59.0844 3760  volmgr - ok
08:22:59.0859 3760  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:22:59.0877 3760  volmgrx - ok
08:22:59.0895 3760  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
08:22:59.0911 3760  volsnap - ok
08:22:59.0935 3760  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:22:59.0947 3760  vsmraid - ok
08:22:59.0995 3760  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
08:23:00.0044 3760  VSS - ok
08:23:00.0067 3760  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
08:23:00.0082 3760  vwifibus - ok
08:23:00.0102 3760  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
08:23:00.0142 3760  W32Time - ok
08:23:00.0159 3760  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:23:00.0184 3760  WacomPen - ok
08:23:00.0207 3760  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:23:00.0245 3760  WANARP - ok
08:23:00.0249 3760  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:23:00.0282 3760  Wanarpv6 - ok
08:23:00.0329 3760  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
08:23:00.0384 3760  wbengine - ok
08:23:00.0397 3760  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:23:00.0417 3760  WbioSrvc - ok
08:23:00.0458 3760  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:23:00.0499 3760  wcncsvc - ok
08:23:00.0527 3760  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:23:00.0550 3760  WcsPlugInService - ok
08:23:00.0572 3760  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:23:00.0585 3760  Wd - ok
08:23:00.0608 3760  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:23:00.0634 3760  Wdf01000 - ok
08:23:00.0647 3760  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:23:00.0677 3760  WdiServiceHost - ok
08:23:00.0680 3760  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:23:00.0698 3760  WdiSystemHost - ok
08:23:00.0732 3760  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
08:23:00.0769 3760  WebClient - ok
08:23:00.0793 3760  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:23:00.0840 3760  Wecsvc - ok
08:23:00.0857 3760  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:23:00.0906 3760  wercplsupport - ok
08:23:00.0929 3760  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:23:00.0964 3760  WerSvc - ok
08:23:00.0991 3760  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:23:01.0025 3760  WfpLwf - ok
08:23:01.0037 3760  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:23:01.0051 3760  WIMMount - ok
08:23:01.0067 3760  WinDefend - ok
08:23:01.0072 3760  WinHttpAutoProxySvc - ok
08:23:01.0123 3760  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:23:01.0163 3760  Winmgmt - ok
08:23:01.0273 3760  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:23:01.0361 3760  WinRM - ok
08:23:01.0410 3760  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:23:01.0431 3760  WinUsb - ok
08:23:01.0466 3760  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:23:01.0497 3760  Wlansvc - ok
08:23:01.0539 3760  [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
08:23:01.0551 3760  WmBEnum - ok
08:23:01.0589 3760  [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
08:23:01.0600 3760  WmFilter - ok
08:23:01.0607 3760  [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo         C:\Windows\system32\drivers\WmHidLo.sys
08:23:01.0618 3760  WmHidLo - ok
08:23:01.0637 3760  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
08:23:01.0650 3760  WmiAcpi - ok
08:23:01.0683 3760  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:23:01.0712 3760  wmiApSrv - ok
08:23:01.0739 3760  WMPNetworkSvc - ok
08:23:01.0783 3760  [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
08:23:01.0793 3760  WmVirHid - ok
08:23:01.0803 3760  [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
08:23:01.0814 3760  WmXlCore - ok
08:23:01.0830 3760  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:23:01.0851 3760  WPCSvc - ok
08:23:01.0879 3760  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:23:01.0923 3760  WPDBusEnum - ok
08:23:01.0945 3760  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:23:01.0994 3760  ws2ifsl - ok
08:23:02.0032 3760  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\system32\wscsvc.dll
08:23:02.0078 3760  wscsvc - ok
08:23:02.0084 3760  WSearch - ok
08:23:02.0170 3760  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:23:02.0228 3760  wuauserv - ok
08:23:02.0254 3760  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:23:02.0290 3760  WudfPf - ok
08:23:02.0314 3760  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:23:02.0354 3760  WUDFRd - ok
08:23:02.0372 3760  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:23:02.0417 3760  wudfsvc - ok
08:23:02.0437 3760  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:23:02.0458 3760  WwanSvc - ok
08:23:02.0463 3760  ================ Scan global ===============================
08:23:02.0486 3760  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:23:02.0524 3760  [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
08:23:02.0535 3760  [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
08:23:02.0564 3760  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:23:02.0577 3760  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:23:02.0584 3760  [Global] - ok
08:23:02.0585 3760  ================ Scan MBR ==================================
08:23:02.0591 3760  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:23:02.0804 3760  \Device\Harddisk0\DR0 - ok
08:23:02.0805 3760  ================ Scan VBR ==================================
08:23:02.0808 3760  [ E73FA048FA3D97D6399CA79EAA70FDB1 ] \Device\Harddisk0\DR0\Partition1
08:23:02.0809 3760  \Device\Harddisk0\DR0\Partition1 - ok
08:23:02.0842 3760  [ FBE74B3278D951872620C7277BCD6DDB ] \Device\Harddisk0\DR0\Partition2
08:23:02.0843 3760  \Device\Harddisk0\DR0\Partition2 - ok
08:23:02.0871 3760  [ 037E58FC5C9C9E467F51DB5D5112CDF4 ] \Device\Harddisk0\DR0\Partition3
08:23:02.0873 3760  \Device\Harddisk0\DR0\Partition3 - ok
08:23:02.0873 3760  ============================================================
08:23:02.0873 3760  Scan finished
08:23:02.0873 3760  ============================================================
08:23:02.0891 3368  Detected object count: 0
08:23:02.0891 3368  Actual detected object count: 0
08:23:43.0742 0188  Deinitialize success
         
aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-17 20:55:04
-----------------------------
20:55:04.725    OS Version: Windows x64 6.1.7600 
20:55:04.725    Number of processors: 4 586 0xF0B
20:55:04.726    ComputerName: SCHNUFFEL-PC  UserName: Schnuffel
20:55:05.413    Initialize success
20:55:16.113    AVAST engine defs: 13011700
20:56:23.816    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
20:56:23.819    Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 8
20:56:23.831    Disk 0 MBR read successfully
20:56:23.834    Disk 0 MBR scan
20:56:23.839    Disk 0 Windows 7 default MBR code
20:56:23.850    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:56:23.865    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       243558 MB offset 206848
20:56:23.895    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       233279 MB offset 499013632
20:56:23.923    Disk 0 scanning C:\Windows\system32\drivers
20:56:31.724    Service scanning
20:56:54.051    Modules scanning
20:56:54.061    Disk 0 trace - called modules:
20:56:54.077    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys 
20:56:54.410    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800369c060]
20:56:54.416    3 CLASSPNP.SYS[fffff880017cf43f] -> nt!IofCallDriver -> [0xfffffa80024e0770]
20:56:54.423    5 ACPI.sys[fffff88000ec2781] -> nt!IofCallDriver -> \Device\00000061[0xfffffa800345b9c0]
20:56:55.192    AVAST engine scan C:\Windows
20:56:57.308    AVAST engine scan C:\Windows\system32
21:00:12.354    AVAST engine scan C:\Windows\system32\drivers
21:00:28.501    AVAST engine scan C:\Users\Schnuffel
21:22:33.853    AVAST engine scan C:\ProgramData
21:23:51.205    Scan finished successfully
21:24:30.038    Disk 0 MBR has been saved successfully to "C:\Users\Schnuffel\Desktop\MBR.dat"
21:24:30.044    The log file has been saved successfully to "C:\Users\Schnuffel\Desktop\aswMBR2.txt"
         
Grüße )

Alt 18.01.2013, 13:06   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.01.2013, 15:39   #13
Poloman
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



adwCleaner

Code:
ATTFilter
# AdwCleaner v2.106 - Datei am 20/01/2013 um 15:37:45 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : Schnuffel - SCHNUFFEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schnuffel\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Schnuffel\AppData\Roaming\Mozilla\Firefox\Profiles\tsjva0ca.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\Schnuffel\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Schnuffel\AppData\Roaming\Mozilla\Firefox\Profiles\tsjva0ca.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Users\Schnuffel\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16766

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Datei : C:\Users\Schnuffel\AppData\Roaming\Mozilla\Firefox\Profiles\tsjva0ca.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.finduny.com?client=mozilla-firefox[...]
Gefunden : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4851 octets] - [20/01/2013 15:37:45]

########## EOF - C:\AdwCleaner[R1].txt - [4911 octets] ##########
         

Alt 20.01.2013, 19:58   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.01.2013, 10:18   #15
Poloman
 
GUV Trojaner Win7 - Standard

GUV Trojaner Win7



adwCleaner
Code:
ATTFilter
# AdwCleaner v2.109 - Datei am 28/01/2013 um 10:00:37 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : Schnuffel - SCHNUFFEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schnuffel\Desktop\adwcleaner2.109.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Schnuffel\AppData\Roaming\Mozilla\Firefox\Profiles\tsjva0ca.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Schnuffel\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Schnuffel\AppData\Roaming\Mozilla\Firefox\Profiles\tsjva0ca.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\Schnuffel\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16766

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Datei : C:\Users\Schnuffel\AppData\Roaming\Mozilla\Firefox\Profiles\tsjva0ca.default\prefs.js

C:\Users\Schnuffel\AppData\Roaming\Mozilla\Firefox\Profiles\tsjva0ca.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.finduny.com?client=mozilla-firefox[...]
Gelöscht : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4972 octets] - [20/01/2013 15:37:45]
AdwCleaner[R2].txt - [5037 octets] - [28/01/2013 09:59:44]
AdwCleaner[S1].txt - [5081 octets] - [28/01/2013 10:00:37]

########## EOF - C:\AdwCleaner[S1].txt - [5141 octets] ##########
         
OTL text
Code:
ATTFilter
OTL logfile created on: 28.01.2013 10:09:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schnuffel\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,95% Memory free
6,00 Gb Paging File | 4,28 Gb Available in Paging File | 71,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237,85 Gb Total Space | 140,54 Gb Free Space | 59,09% Space Free | Partition Type: NTFS
Drive I: | 227,81 Gb Total Space | 227,68 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: SCHNUFFEL-PC | User Name: Schnuffel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.20 15:33:39 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.01.13 21:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schnuffel\Desktop\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.04 17:31:13 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.09.29 10:36:24 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.20 15:34:08 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll
MOD - [2013.01.20 15:33:39 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.01.20 15:33:38 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013.01.20 15:33:38 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.01.20 15:33:38 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013.01.20 15:33:38 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.09.29 10:36:24 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.08.17 21:40:22 | 000,441,784 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko15\content_blocker_xpcom.dll
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.03.08 15:48:40 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.20 15:33:39 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.29 10:36:24 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.25 12:42:02 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.06.08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2011.08.17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2011.08.17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.09.07 21:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 9D C2 E2 CF 88 CB 01  [binary data]
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\..\SearchScopes\{2476FDBD-FC38-4C67-9447-9401115E7B1F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=D79DBA29-AA99-4F74-AD81-B37ACFA8FEDA&apn_sauid=02A334B2-F993-4D54-A361-28886D7C61CF
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: content_blocker@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledAddons: online_banking@kaspersky.com:13.0.1.4190
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.13
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.470
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.04 19:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.04 19:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.04 19:34:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.04 19:34:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.04 19:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.29 10:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.16 22:25:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.29 10:36:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.16 22:25:12 | 000,000,000 | ---D | M]
 
[2010.11.20 20:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\Extensions
[2013.01.28 10:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\Firefox\Profiles\tsjva0ca.default\extensions
[2013.01.13 19:25:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\Firefox\Profiles\tsjva0ca.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.09 09:53:26 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\Firefox\Profiles\tsjva0ca.default\extensions\gutscheinmieze@synatix-gmbh.de
[2012.11.23 22:53:05 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\firefox\profiles\tsjva0ca.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.11 17:45:31 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Schnuffel\AppData\Roaming\mozilla\firefox\profiles\tsjva0ca.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.04.11 12:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.07 12:19:55 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.20 16:38:36 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.07.20 16:38:31 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.12.04 19:34:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012.12.04 19:34:26 | 000,000,000 | ---D | M] (Modul für das Blockieren gefährlicher Webseiten) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2012.12.04 19:34:30 | 000,000,000 | ---D | M] (Sicherer Zahlungsverkehr) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2012.09.29 10:36:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.07 13:44:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.29 10:36:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.07 13:44:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.09 09:53:26 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.06.07 13:44:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 13:44:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 13:44:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Click to call with Skype = C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
CHR - Extension: Anti-Banner = C:\Users\Schnuffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2013.01.16 21:50:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Schnuffel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Schnuffel\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [FILSHtray] C:\Program Files (x86)\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1379074756-265788372-1856989295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81451C78-77C7-47F0-BB6F-7BE1605380BC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.17 20:47:47 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schnuffel\Desktop\tdsskiller.exe
[2013.01.17 20:28:01 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Schnuffel\Desktop\aswMBR.exe
[2013.01.16 22:03:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.16 21:53:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.16 21:39:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.16 21:39:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.16 21:39:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.16 21:39:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.16 21:33:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.16 21:32:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.16 21:22:42 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\Schnuffel\Desktop\ComboFix.exe
[2013.01.14 21:06:03 | 001,356,360 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Schnuffel\Desktop\mbar.exe
[2013.01.14 21:06:03 | 000,000,000 | ---D | C] -- C:\Users\Schnuffel\Desktop\mbar
[2013.01.13 21:20:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schnuffel\Desktop\OTL.exe
[2013.01.13 20:29:43 | 000,000,000 | ---D | C] -- C:\Users\Schnuffel\AppData\Roaming\Malwarebytes
[2013.01.13 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.13 20:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.13 20:29:25 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.13 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.13 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\Schnuffel\AppData\Local\Programs
[2012.12.29 12:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.29 12:40:52 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.29 12:40:52 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.29 12:40:41 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.28 10:09:16 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.28 10:09:16 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.28 10:09:16 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.28 10:09:16 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.28 10:09:16 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.28 10:08:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 10:08:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 10:03:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.28 10:03:02 | 2415,312,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.28 09:58:58 | 000,580,235 | ---- | M] () -- C:\Users\Schnuffel\Desktop\adwcleaner2.109.exe
[2013.01.17 21:24:30 | 000,000,512 | ---- | M] () -- C:\Users\Schnuffel\Desktop\MBR.dat
[2013.01.17 20:49:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schnuffel\Desktop\tdsskiller.exe
[2013.01.17 20:29:02 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Schnuffel\Desktop\aswMBR.exe
[2013.01.16 21:50:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.16 21:23:11 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\Schnuffel\Desktop\ComboFix.exe
[2013.01.14 21:27:07 | 000,158,918 | ---- | M] () -- C:\Users\Schnuffel\Desktop\malwarebytes stop.PNG
[2013.01.13 21:40:05 | 000,000,000 | ---- | M] () -- C:\Users\Schnuffel\defogger_reenable
[2013.01.13 21:39:11 | 000,050,477 | ---- | M] () -- C:\Users\Schnuffel\Desktop\Defogger.exe
[2013.01.13 21:33:22 | 000,001,172 | ---- | M] () -- C:\Users\Schnuffel\Desktop\Continue Mipony Download Manager Installation.lnk
[2013.01.13 21:20:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schnuffel\Desktop\OTL.exe
[2013.01.13 20:29:26 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 14:27:42 | 001,356,360 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Schnuffel\Desktop\mbar.exe
[2012.12.29 12:40:31 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.12.29 12:40:30 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.12.29 12:40:30 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.12.29 12:40:29 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.12.29 12:40:29 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.12.29 12:40:29 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
 
========== Files Created - No Company Name ==========
 
[2013.01.28 09:58:56 | 000,580,235 | ---- | C] () -- C:\Users\Schnuffel\Desktop\adwcleaner2.109.exe
[2013.01.17 20:40:57 | 000,000,512 | ---- | C] () -- C:\Users\Schnuffel\Desktop\MBR.dat
[2013.01.16 21:39:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.16 21:39:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.16 21:39:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.16 21:39:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.16 21:39:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.14 21:27:07 | 000,158,918 | ---- | C] () -- C:\Users\Schnuffel\Desktop\malwarebytes stop.PNG
[2013.01.13 21:40:05 | 000,000,000 | ---- | C] () -- C:\Users\Schnuffel\defogger_reenable
[2013.01.13 21:39:11 | 000,050,477 | ---- | C] () -- C:\Users\Schnuffel\Desktop\Defogger.exe
[2013.01.13 21:33:22 | 000,001,172 | ---- | C] () -- C:\Users\Schnuffel\Desktop\Continue Mipony Download Manager Installation.lnk
[2013.01.13 20:29:26 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.24 19:44:52 | 000,004,063 | ---- | C] () -- C:\Users\Schnuffel\AppData\Local\recently-used.xbel
[2011.10.03 17:45:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.07.20 16:44:13 | 000,017,408 | ---- | C] () -- C:\Users\Schnuffel\AppData\Local\WebpageIcons.db
[2010.11.21 21:42:20 | 000,015,428 | ---- | C] () -- C:\Users\Schnuffel\RefEdit.exd
[2010.11.21 20:12:34 | 112,766,976 | ---- | C] () -- C:\Users\Schnuffel\kavkis.msi
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
otl extra
Code:
ATTFilter
OTL Extras logfile created on: 28.01.2013 10:09:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schnuffel\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,95% Memory free
6,00 Gb Paging File | 4,28 Gb Available in Paging File | 71,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237,85 Gb Total Space | 140,54 Gb Free Space | 59,09% Space Free | Partition Type: NTFS
Drive I: | 227,81 Gb Total Space | 227,68 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: SCHNUFFEL-PC | User Name: Schnuffel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1379074756-265788372-1856989295-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm paradies foto\dm FOTO Paradies + CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm FOTO Paradies + CEWE FOTOBUCH] -- "C:\Program Files (x86)\dm paradies foto\dm FOTO Paradies + CEWE FOTOBUCH\dm FOTO Paradies + CEWE FOTOBUCH.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm paradies foto\dm FOTO Paradies + CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm FOTO Paradies + CEWE FOTOBUCH] -- "C:\Program Files (x86)\dm paradies foto\dm FOTO Paradies + CEWE FOTOBUCH\dm FOTO Paradies + CEWE FOTOBUCH.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Users\Schnuffel\Desktop\fotobuch.de\Designer 2.0\Designer.exe" = C:\Users\Schnuffel\Desktop\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Users\Schnuffel\Desktop\fotobuch.de\Designer 2.0\Designer.exe" = C:\Users\Schnuffel\Desktop\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21A8E308-4CF6-41A2-8B84-D757DF54BE1F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E10903B-00A5-4FA7-9228-C90F9223D2F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34E3C1D2-3834-441D-866C-F9216AC3867A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{35EC6885-F7C9-4A17-8EDD-3E82614B2CF7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B80473D-C386-4667-B268-A16F1CE9334E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{43E20507-3C18-4763-92BF-F95671D7FF13}" = rport=138 | protocol=17 | dir=out | app=system | 
"{45048CB8-96A2-4260-9905-806EB0C9BCCD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4564F575-70BC-4D03-A98E-8DCADD08CED0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4766A523-92DC-4181-9001-3390A3E4FF60}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{521E15FA-3903-49C9-9D8D-4E01D3BF757C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{677F0DF5-44FC-4585-AAC8-061F83A14041}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{77A8A666-E035-4AFF-8AA7-ECE4576D0007}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7DBDF639-6091-4B56-BE71-FD1BDBA2FBAB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7FB2489A-B64D-45E2-BCD1-678AE8B7CBBE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8566ACF5-0469-4EFB-8D2A-C6752272D839}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8C395251-67EF-42A4-8166-CE997DED60AE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8D0B134D-4FB5-4D1F-849B-D9F961A2FCC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9D1168A-511C-44EE-A44D-F72E080962B5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C4D880DE-563B-40C4-8723-DF9E108CB33A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CC4F2009-6D90-4C08-BF17-A292363E38BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D9E9B9B4-7C7F-400F-B393-A30341A03A31}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DA5B4711-39F3-49C3-B949-F0573A25FC3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F153F0F9-944A-480C-97E9-CBFA2DD102C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F762F74D-BA17-46D9-BE06-60DA64B339FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{104276DB-5D5D-4930-BE63-37866435EBD9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21D6A96C-E417-4CE4-8175-A91FC05A32FD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{26A1E761-A7AF-401D-A0D2-CE2D7224740F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{30FA5585-F6F7-4E37-8387-78D4D076D175}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C998C8B-9155-4BF7-8B25-7F39689C7285}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{47AB7574-94A8-4F89-960F-C44330780E67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{516E61AB-8F34-4334-8600-E4FD818190AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{542D416B-BC91-48E1-9466-2B7386D64D77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5AE5F0E0-FE12-4F29-BD70-B739ADF28692}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5B052235-41ED-452F-A1FF-1F532F890FAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{62967F5F-5FF0-409A-AC7A-E9B655A9941C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{634DA5E8-A9E2-4B8B-97B4-59A23B16F0B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{63FA5F4E-0F9C-4130-96A5-204C843491AE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{66B72763-99CD-4482-9234-83AFDA1E0917}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
"{68470707-700B-4937-9BCF-8327CD87A084}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{77777C35-4DD5-4660-8E90-42E4B6CB6FC9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{77EE29ED-BFE9-497D-89E7-7194B501F610}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7AA9875C-919C-4F40-97CA-97E5F692EBC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{7AF35C0B-2D77-4B43-94A4-ECAEAB1605CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AF8BC11-290A-4300-A768-79C61EA686B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C7F2A24-B07B-4F79-A517-ACE3AC54F938}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9E06FC41-5F93-4F27-9021-AF0F99A794D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A4ACCF1A-B053-4EB6-BE2C-F1A98EF1F852}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{A66637D9-A805-4708-AFC3-E456DDAAF20D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{ADEDC631-6F65-4C79-B773-055F0ABEF5D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ADEDCF4C-F273-44CA-AAC0-215050410F10}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B9BA4979-3857-4931-955B-1AB510D013EC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BA11D933-6362-49CB-8C70-522E7913EE3D}" = protocol=6 | dir=out | app=system | 
"{BE5D7D61-2991-404C-9401-63334F37E06F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer_service.exe | 
"{C389B009-FBD7-409C-AE1A-E9D1988EF4C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C5BD3C2A-F847-4D2D-AF6B-A9D51229743A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C95F24D3-91B7-46C4-8A48-CFCDA922C2AB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D1C749A3-E5FB-4A28-B216-BB7CC06FF18F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D92136EE-3198-4C81-95FE-CD578920C870}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E324FC11-D30E-4BC0-B8AC-62B4B044D8BA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FFCFC80B-E886-4C98-9DA2-888D93416DAA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.6.12
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Designer 2.0_is1" = Designer 2.0
"DivX Setup" = DivX-Setup
"dm FOTO Paradies + CEWE FOTOBUCH" = dm FOTO Paradies + CEWE FOTOBUCH
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 8600" = RACE 07
"Steam App 8660" = GTR Evolution
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.01.2013 18:18:20 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.01.2013 18:18:20 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 20124
 
Error - 16.01.2013 18:18:20 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20124
 
Error - 16.01.2013 18:18:21 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.01.2013 18:18:21 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21138
 
Error - 16.01.2013 18:18:21 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21138
 
Error - 16.01.2013 18:18:22 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.01.2013 18:18:22 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22152
 
Error - 16.01.2013 18:18:22 | Computer Name = Schnuffel-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 22152
 
Error - 28.01.2013 05:08:39 | Computer Name = Schnuffel-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1248    Startzeit:
 01cdfd36ac0f5e10    Endzeit: 4    Anwendungspfad: C:\Users\Schnuffel\Desktop\OTL.exe    Berichts-ID:
 431a3c81-692a-11e2-a384-0021850526a6  
 
[ System Events ]
Error - 13.01.2013 15:23:16 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:16 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:18 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:18 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.01.2013 15:23:18 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.01.2013 16:47:32 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 16.01.2013 16:49:37 | Computer Name = Schnuffel-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.01.2013 16:50:08 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 20.01.2013 10:34:28 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 20.01.2013 10:34:28 | Computer Name = Schnuffel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         

Antwort

Themen zu GUV Trojaner Win7
ahnung, daten, euere, gefunde, gen, gescannt, google, googlen, hinweis, hoffe, konnte, lag, min, rechner, sache, sachen, schritte, seite, stick, troja, trojaner, usb, usb stick, win, win7



Ähnliche Themen: GUV Trojaner Win7


  1. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  2. GVU-Trojaner auf Win7 x64
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (5)
  3. GVU Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (1)
  4. GVU-Trojaner auf Win7
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (13)
  5. GVU Trojaner in Win7
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (3)
  6. BKA Trojaner 1.13 Win7
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (10)
  7. GVU Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (11)
  8. GVU Win7 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (4)
  9. GVU Trojaner auf Win7 Pro x64
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (12)
  10. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  11. GVU Trojaner auf Win7 :-(
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (10)
  12. GVU Trojaner - Win7
    Log-Analyse und Auswertung - 06.08.2012 (12)
  13. gvu trojaner win7
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (7)
  14. GVU-Trojaner, Win7 64-Bit
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  15. BKA Trojaner 3.02 und 1.03 auf Win7
    Log-Analyse und Auswertung - 30.03.2012 (1)
  16. BKA Trojaner win7 pro 64 Bit
    Log-Analyse und Auswertung - 14.11.2011 (30)
  17. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)

Zum Thema GUV Trojaner Win7 - Hallo Trojaner Team, ich hab nach etwas googlen heraus gefunden das ich einen GUV Trojaner hab und bin dann auf euere Seite gestoßen. Habe soweit ich das verstanden habe die - GUV Trojaner Win7...
Archiv
Du betrachtest: GUV Trojaner Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.