Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Groupon Trojaner, die Hundertste...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.03.2013, 22:00   #1
windchill
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Guten Abend,

meine Mutter hat sich den o.g. Schädling eingefangen, indem sie den Anhang mit der angeblichen Rechnung versucht hat zu öffnen. Vorab: Es sind offensichtlich keine Dateien verschlüsselt worden und der Rechner lässt sich normal nutzen. Alle Dateien (Bilder, Filme, Office Dokumente, ...) sind auf einem externen Netzwerkspeicher und werden darüber hinaus täglich auf einer per USB daran angeschlossenen Festplatte gesichert. Den Spaß hab ich ihr nach dem letzten solchen Malheur eingerichtet.

Bisheriges Prozedere:
1. "Desinfektion" mit Kaspersky Internet Security. Danach war der Plagegeist nicht mehr durch einen vollständigen Suchlauf (auch Netzwerkspeicher) mit Kaspersky zu finden.
2. Tags darauf Suchlauf mit Malwarebytes. Sowohl Malwarebytes als auch Kaspersky finden den Schädling wieder. => erneute "Desinfektion" mit Kaspersky
3. CCleaner laufen gelassen, eine Menge Müll gelöscht und das Programm in der Registry rumpfuschen lassen. Da eh alle Daten extern gespeichert sind, hab ich billigend in Kauf genommen irgendetwas zu zerschießen und Windows ggf. neu aufzusetzen.
4. Löschen des Prefetch Ordners in Windows ab dem Zeitpunkt des Downloads der "Rechnung".
5. Nochmalige komplette Suche mit Malwarebytes. Diesmal ohne Fund.
6. Scan mit OTL. Die Logs sind beigefügt.



Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.07.14

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael (Admin) :: **** [Administrator]

07.03.2013 21:32:37
MBAM-log-2013-03-07 (22-56-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 442390
Laufzeit: 1 Stunde(n), 13 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
c:\users\mama\appdata\local\temp\rpfegnsmor.pre (Trojan.Ransom.ED) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.08.14

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael (Admin) :: **** [Administrator]

08.03.2013 19:37:06
mbam-log-2013-03-08 (19-37-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 435119
Laufzeit: 1 Stunde(n), 8 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 3/8/2013 8:54:06 PM - Run 2
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.68% Memory free
5.98 Gb Paging File | 4.15 Gb Available in Paging File | 69.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 704.62 Gb Free Space | 51.96% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: Michael (Admin) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files\FILEminimizer Pictures\FILEMShell.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys File not found
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (InputFilter_Hid_FlexDef2b) -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys (Siliten)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys (SiSoftware)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes\{453456AD-2513-4DEE-BF59-9B11A8AF85E2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes,DefaultScope = {5D699F35-C133-45DA-B63E-388EF330146B}
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes\{5D699F35-C133-45DA-B63E-388EF330146B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 19:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/10 13:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 19:41:31 | 000,000,000 | ---D | M]
 
[2011/10/13 19:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael (Admin)\AppData\Roaming\mozilla\Extensions
[2012/09/11 17:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael (Admin)\AppData\Roaming\mozilla\Firefox\Profiles\5awd1a7g.default\extensions
[2013/02/10 13:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013/02/10 13:45:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
 
O1 HOSTS File: ([2012/09/21 13:51:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3271095012-286924583-1323677700-1003..\Run: [Validator] C:\Users\Mama\AppData\Roaming\Sun\{EF7D5DC7-0AB7-4A7D-83F8-B2D97B888680}\Validator.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/07 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\Michael (Admin)\AppData\Local\Programs
[2013/02/21 11:59:13 | 000,000,000 | ---D | C] -- C:\Ryzhov
[2013/02/21 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2013/02/14 22:16:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/14 22:16:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/14 22:16:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/14 22:16:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/14 22:16:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/14 22:16:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/14 22:16:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/14 22:16:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/14 08:54:41 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/14 08:53:42 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/14 08:53:41 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/14 08:53:00 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/14 08:53:00 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/02/10 13:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/09 13:04:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/09 13:03:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/09 13:03:57 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/09 13:03:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/09 13:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/08 20:12:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/08 19:12:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/08 18:29:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 18:29:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 18:22:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/08 18:22:33 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 13:13:54 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/21 11:37:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013/02/18 05:36:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/18 05:36:03 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/18 05:36:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/18 05:36:03 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/18 05:27:58 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/18 05:27:58 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/15 19:32:17 | 000,346,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/09 13:03:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/02/09 13:03:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/09 13:03:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/09 13:03:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/09 13:03:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/09 13:03:52 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
 
========== Files Created - No Company Name ==========
 
[2012/09/21 13:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/21 13:45:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/21 13:45:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/21 13:45:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/21 13:45:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/24 13:56:47 | 011,304,960 | ---- | C] () -- C:\Users\Michael (Admin)\AppData\Roaming\Sandra.mdb
[2011/12/20 12:08:33 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/10/13 19:39:14 | 000,266,579 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011/10/13 19:39:14 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 3/8/2013 8:54:06 PM - Run 2
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.68% Memory free
5.98 Gb Paging File | 4.15 Gb Available in Paging File | 69.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 704.62 Gb Free Space | 51.96% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: Michael (Admin) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Mama\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BDD420-BEE3-4757-8B73-4400D3C2FF76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{081154FD-4BD6-4D3E-B4DD-034ABB245A9E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0C7BCED2-A274-479A-A820-7A9334BA3A8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0F5EEAA4-B7BC-4E6F-AE28-766DA07ECEB6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{137A422A-659E-40FB-BCBD-FC2EF588E32B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\wnt500x86\rpcsandrasrv.exe | 
"{32FAFA57-191B-42D8-AA01-BB1DC32D1EE1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{35C6FF12-6E07-4D88-9DCC-347CE5A58A43}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{39787B2D-9344-4993-A819-149283233BDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{477735AE-6DE3-4E2E-A567-890B1C68A495}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{56B0A882-D042-4E7A-A0A1-77B0E1A2BE3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83111EF6-3B5D-4585-8A88-1953CA8A095F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{885413BC-79E3-40EA-A4F6-C96B17E782E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{95D4957E-3D46-4339-B786-238C7DE0557A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1113A94-CADA-4A52-9713-93D254EAF56B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A326B671-25D7-4652-9255-6B20A776B6C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AA90FDE1-E104-4E4E-B712-106FACA8E855}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ADF31739-4261-4542-83DB-D0825F6915E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B11D7CA5-0E5B-4E17-A3B6-DA7A2CDD6476}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BBFC31C9-8B5E-427E-A54B-AFCFCC622551}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\rpcagentsrv.exe | 
"{BFCBF6BA-EB46-4D9B-8092-A430B9AFFD49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C43A1297-239D-44C3-B766-3EE4BA209F66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6A82CAE-5CA6-4759-B3B4-F6024C378DC8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CFBDCDA6-31E1-4615-BD4D-A45FAB29932A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D09EC676-4B88-4E9F-9F4F-5094ED0D345A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EC09FB01-A98E-4485-813A-9A3548AFF7CD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F8963069-4C7C-4EA1-A6B3-699CB4099802}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FA04E562-CF7D-4D52-829A-210D45CF101C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB8714EA-773B-4EBB-A0A5-0E472B6E4A1B}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025B4439-C8E6-4A9C-B1E3-698E6BC0587D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{05BBB873-E661-4782-9F90-796F1EA5B56A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{05BD0E42-0560-4F13-A1BD-E2419236439B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{09D6ACB4-5C2A-408B-820D-F55312E4B5BF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0BEEBAE9-A594-4B4C-B8FB-E38A1C512408}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{10FCA857-E15B-400F-A51F-233DB49601AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{126E07AC-F4B1-47F2-A105-16178F32ACCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CDC7EF6-8B0D-4C9F-9235-112D29B7FB64}" = protocol=6 | dir=out | app=system | 
"{402F2C71-6A03-4088-94B7-759890672A0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{40699F8E-E818-492F-9588-E3ECAA8A29DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{434E95EF-7AE0-49A0-8E43-735568C6C61C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{435F4343-95EF-4E0C-8906-2F8DE14567DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{44245E84-3AC8-4605-8F69-BBC313354581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{462D52D5-8132-4189-AC0D-1058CD07EE3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F73A319-EDFB-49F1-A38E-22366D2F7764}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{55AA52AD-79A7-4E82-9881-0FFB7E454359}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{6286C500-B42A-4A4E-A770-AD01C52F4969}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{6DA32599-D51D-4436-A15C-08EEBCF65D47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E0EBA9F-A16F-4EBD-BE27-F56F08F47EF7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7F166275-B998-4D67-A742-47CF0BF9D8F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{8E325D27-4762-4B64-BF13-BD363F32E255}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9387FF56-0DE7-4166-9EB3-47DBD191F0F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98DB6547-DDE7-458E-B8D4-03EF502FB92F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{ABCB539A-C10D-450F-AD29-991BD769A4EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{B159258D-673D-4DC2-B568-000A2621D7DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{B3D78AC8-C0D1-418F-99FB-2C7C514B3F07}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{B4DEEBC0-F58D-4191-9074-61C6802A1B54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B5F28D3F-EE11-4139-B5C7-4928D35CF22A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{C2F3CEB8-9042-4A4A-AA8E-28431AAB362E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{C378AADD-C3E3-490B-B5F8-12E9A6FE8892}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{C56237C2-FCFC-4719-BA38-BCF23A2A8253}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C95C480B-2FF3-481B-BBBA-4CB1D03225F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{D3AB924B-33B2-4779-9DB8-0448BC8A517B}" = dir=in | app=c:\program files\hp\digital imaging\{f86d9734-d358-4c5b-bc2b-6d90557ff05b}\setup\hpznui01.exe | 
"{D734EB0D-3C73-4B80-8677-6F355CA4D866}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D75DF847-7927-42CD-9C70-9426953ADD28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{DE173C8A-3FC4-4D6B-9C09-EBACEF1A62A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E64AF112-E418-4FF0-82F5-6F3EF47EAD66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F02E75B9-5648-4A69-9EE9-AFBFE0EFE3B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{F2A03B4B-AB0F-4854-A6C4-3139F653C99D}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{F54663A2-0757-42E7-9EE9-49E1A6241E35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{F58CA0B3-DA16-42DE-8400-90FF6B026130}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F794D4E3-4B0E-4858-A8F4-67C7FF4AF7B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"TCP Query User{4362E10E-AD6D-455C-BA68-07D6CDB92176}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8A36537C-5743-450E-872D-6978F2785BF3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{9AD7A9CF-628C-47D2-B68F-9A559548FDEA}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{EBA6CC89-B66F-441B-AA93-36285D4C231D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{0DAFEAD2-39CC-4156-905E-E6D93FCBA2AA}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{4D059C26-A92E-4A00-835C-F24292B78F51}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{CC95DD6A-CAEA-4141-8212-4567CC330F3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{E39241BF-8EAE-4F92-9537-8097765AD6EB}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.8.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP2
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MicroDicom" = MicroDicom 0.4.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PowerISO" = PowerISO
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freeciv-2.3.2-gtk2" = Freeciv 2.3.2 (GTK+ client)
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/27/2013 3:06:44 PM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 2/27/2013 3:08:08 PM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
 sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 3/4/2013 3:56:09 PM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 3/4/2013 3:57:45 PM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
 sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 3/5/2013 4:06:55 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 3/5/2013 4:08:26 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
 sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 3/6/2013 8:39:15 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 3/6/2013 8:42:00 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
 sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 3/6/2013 3:43:43 PM | Computer Name = **** | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description = Zertifikatdienstclient: der Anbieter pautoenr.dll konnte nicht geladen
 werden. Fehlercode 5.
 
Error - 3/6/2013 3:43:43 PM | Computer Name = **** | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Zertifikatdienstclient: Die Anbieter konnten nicht als Antwort auf
 Ereignis 512 aufgerufen werden. Fehlercode 2147942405.
 
[ System Events ]
Error - 3/4/2013 2:56:13 PM | Computer Name = **** | Source = DCOM | ID = 10016
Description = 
 
Error - 3/5/2013 4:04:24 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/6/2013 3:48:43 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/6/2013 3:50:11 PM | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
Error - 3/6/2013 3:55:33 PM | Computer Name = **** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 3/6/2013 3:57:37 PM | Computer Name = **** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 3/6/2013 4:00:25 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/6/2013 4:03:39 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/6/2013 4:11:31 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/7/2013 4:23:17 PM | Computer Name = **** | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
 
< End of report >
         
So, ich hoffe, dass ich nichts vergessen habe. Vielen Dank schonmal im Voraus.

Alt 10.03.2013, 19:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Zitat:
1. "Desinfektion" mit Kaspersky Internet Security. Danach war der Plagegeist nicht mehr durch einen vollständigen Suchlauf (auch Netzwerkspeicher) mit Kaspersky zu finden.
Wo sind die Logs dazu? Bitte alle von Kaspersky nachreichen!



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 10.03.2013, 19:55   #3
windchill
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Logs von Kaspersky in Textform gibt es leider keine. Da müsste ich Screenshots machen.

Logs von heute Nachmittag von GMER und MBAR:

GMER:

Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 14:11:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0 1397,27GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\MICHAE~1\AppData\Local\Temp\pwldqpog.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwAdjustPrivilegesToken [0x83FC6208]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwAlpcConnectPort [0x83F79FB8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwAlpcCreatePort [0x83F7A300]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwAlpcSendWaitReceivePort [0x83F7A746]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwClose [0x83F6291E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwConnectPort [0x83F79C92]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreateEvent [0x83F62E96]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreateMutant [0x83F62D7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreatePort [0x83F7A164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreateSection [0x83FC9072]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreateSemaphore [0x83F62FB6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreateSymbolicLinkObject [0x83F8A130]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreateThread [0x83FC850A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreateThreadEx [0x83FC874A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreateUserProcess [0x83FC81AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwCreateWaitablePort [0x83F7A232]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwDebugActiveProcess [0x83FC8054]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwDeviceIoControlFile [0x83F62962]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwDuplicateObject [0x83FC634A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwLoadDriver [0x83FC5FB2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwMapViewOfSection [0x83F8A170]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwNotifyChangeKey [0x83F78422]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwOpenEvent [0x83F62F2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwOpenMutant [0x83F62E0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwOpenProcess [0x83FC7BFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwOpenSection [0x83FC931E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwOpenSemaphore [0x83F6304C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwOpenThread [0x83FC8266]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwPlugPlayControl [0x83F8A140]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwQueryDirectoryObject [0x83F630D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwQueryObject [0x83F78630]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwQueueApcThread [0x83FC8D20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwReplyPort [0x83F7A52A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwReplyWaitReceivePort [0x83F7A3B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwReplyWaitReceivePortEx [0x83F7A46E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwRequestWaitReplyPort [0x83F7A59A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwResumeThread [0x83FC8A4C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwSecureConnectPort [0x83F79E20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwSetContextThread [0x83FC8BA8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwSetInformationToken [0x83F63178]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwSetSystemInformation [0x83FC60BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwSuspendProcess [0x83FC7D9C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwSuspendThread [0x83FC88F4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwSystemDebugControl [0x83F6318A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwTerminateProcess [0x83FC7EFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwTerminateThread [0x83FC8406]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwUnmapViewOfSection [0x83FC9486]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                              ZwWriteVirtualMemory [0x83FC91B0]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                           82C569E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             82C901C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                                82C971EC 4 Bytes  [08, 62, FC, 83]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                82C97214 8 Bytes  [B8, 9F, F7, 83, 00, A3, F7, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                                82C97258 4 Bytes  [46, A7, F7, 83]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                                82C97284 4 Bytes  [1E, 29, F6, 83]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                                82C972A8 4 Bytes  [92, 9C, F7, 83]
.text           ...                                                                                                
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                           section is writeable [0x9280A000, 0x2FBAB4, 0xE8000020]

---- User IAT/EAT - GMER 2.1 ----

IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [749024CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]               [748E562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [748E56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                     [74902546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]           [748F85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]             [748F4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [748F5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]           [748F51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [748F6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [748F8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]       [748F8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]     [748F90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]           [748FE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT             C:\Windows\Explorer.EXE[3956] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]               [748F4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                            kltdi.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                            kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                          kltdi.sys

---- EOF - GMER 2.1 ----
         
MBAR:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.10.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Michael (Admin) :: **** [administrator]

10.03.2013 14:34:07
mbar-log-2013-03-10 (14-34-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29167
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
OTL Scan mit aktueller Version:

Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 3/10/2013 5:22:22 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.34% Memory free
5.98 Gb Paging File | 4.42 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 704.75 Gb Free Space | 51.97% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: Michael (Admin) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Mama\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BDD420-BEE3-4757-8B73-4400D3C2FF76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{081154FD-4BD6-4D3E-B4DD-034ABB245A9E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0C7BCED2-A274-479A-A820-7A9334BA3A8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0F5EEAA4-B7BC-4E6F-AE28-766DA07ECEB6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{137A422A-659E-40FB-BCBD-FC2EF588E32B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\wnt500x86\rpcsandrasrv.exe | 
"{32FAFA57-191B-42D8-AA01-BB1DC32D1EE1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{35C6FF12-6E07-4D88-9DCC-347CE5A58A43}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{39787B2D-9344-4993-A819-149283233BDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{477735AE-6DE3-4E2E-A567-890B1C68A495}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{56B0A882-D042-4E7A-A0A1-77B0E1A2BE3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83111EF6-3B5D-4585-8A88-1953CA8A095F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{885413BC-79E3-40EA-A4F6-C96B17E782E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{95D4957E-3D46-4339-B786-238C7DE0557A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A1113A94-CADA-4A52-9713-93D254EAF56B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A326B671-25D7-4652-9255-6B20A776B6C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AA90FDE1-E104-4E4E-B712-106FACA8E855}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ADF31739-4261-4542-83DB-D0825F6915E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B11D7CA5-0E5B-4E17-A3B6-DA7A2CDD6476}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BBFC31C9-8B5E-427E-A54B-AFCFCC622551}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\rpcagentsrv.exe | 
"{BFCBF6BA-EB46-4D9B-8092-A430B9AFFD49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C43A1297-239D-44C3-B766-3EE4BA209F66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6A82CAE-5CA6-4759-B3B4-F6024C378DC8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CFBDCDA6-31E1-4615-BD4D-A45FAB29932A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D09EC676-4B88-4E9F-9F4F-5094ED0D345A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EC09FB01-A98E-4485-813A-9A3548AFF7CD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F8963069-4C7C-4EA1-A6B3-699CB4099802}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FA04E562-CF7D-4D52-829A-210D45CF101C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FB8714EA-773B-4EBB-A0A5-0E472B6E4A1B}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025B4439-C8E6-4A9C-B1E3-698E6BC0587D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{05BBB873-E661-4782-9F90-796F1EA5B56A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{05BD0E42-0560-4F13-A1BD-E2419236439B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{09D6ACB4-5C2A-408B-820D-F55312E4B5BF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0BEEBAE9-A594-4B4C-B8FB-E38A1C512408}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{10FCA857-E15B-400F-A51F-233DB49601AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{126E07AC-F4B1-47F2-A105-16178F32ACCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CDC7EF6-8B0D-4C9F-9235-112D29B7FB64}" = protocol=6 | dir=out | app=system | 
"{402F2C71-6A03-4088-94B7-759890672A0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{40699F8E-E818-492F-9588-E3ECAA8A29DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{434E95EF-7AE0-49A0-8E43-735568C6C61C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{435F4343-95EF-4E0C-8906-2F8DE14567DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{44245E84-3AC8-4605-8F69-BBC313354581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{462D52D5-8132-4189-AC0D-1058CD07EE3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F73A319-EDFB-49F1-A38E-22366D2F7764}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{55AA52AD-79A7-4E82-9881-0FFB7E454359}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{6286C500-B42A-4A4E-A770-AD01C52F4969}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{6DA32599-D51D-4436-A15C-08EEBCF65D47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E0EBA9F-A16F-4EBD-BE27-F56F08F47EF7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7F166275-B998-4D67-A742-47CF0BF9D8F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{8E325D27-4762-4B64-BF13-BD363F32E255}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9387FF56-0DE7-4166-9EB3-47DBD191F0F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98DB6547-DDE7-458E-B8D4-03EF502FB92F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{ABCB539A-C10D-450F-AD29-991BD769A4EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{B159258D-673D-4DC2-B568-000A2621D7DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{B3D78AC8-C0D1-418F-99FB-2C7C514B3F07}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{B4DEEBC0-F58D-4191-9074-61C6802A1B54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B5F28D3F-EE11-4139-B5C7-4928D35CF22A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{C2F3CEB8-9042-4A4A-AA8E-28431AAB362E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{C378AADD-C3E3-490B-B5F8-12E9A6FE8892}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{C56237C2-FCFC-4719-BA38-BCF23A2A8253}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C95C480B-2FF3-481B-BBBA-4CB1D03225F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{D3AB924B-33B2-4779-9DB8-0448BC8A517B}" = dir=in | app=c:\program files\hp\digital imaging\{f86d9734-d358-4c5b-bc2b-6d90557ff05b}\setup\hpznui01.exe | 
"{D734EB0D-3C73-4B80-8677-6F355CA4D866}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D75DF847-7927-42CD-9C70-9426953ADD28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{DE173C8A-3FC4-4D6B-9C09-EBACEF1A62A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E64AF112-E418-4FF0-82F5-6F3EF47EAD66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F02E75B9-5648-4A69-9EE9-AFBFE0EFE3B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{F2A03B4B-AB0F-4854-A6C4-3139F653C99D}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{F54663A2-0757-42E7-9EE9-49E1A6241E35}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{F58CA0B3-DA16-42DE-8400-90FF6B026130}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F794D4E3-4B0E-4858-A8F4-67C7FF4AF7B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"TCP Query User{4362E10E-AD6D-455C-BA68-07D6CDB92176}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8A36537C-5743-450E-872D-6978F2785BF3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{9AD7A9CF-628C-47D2-B68F-9A559548FDEA}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{EBA6CC89-B66F-441B-AA93-36285D4C231D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{0DAFEAD2-39CC-4156-905E-E6D93FCBA2AA}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{4D059C26-A92E-4A00-835C-F24292B78F51}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{CC95DD6A-CAEA-4141-8212-4567CC330F3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{E39241BF-8EAE-4F92-9537-8097765AD6EB}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.8.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP2
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MicroDicom" = MicroDicom 0.4.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PowerISO" = PowerISO
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freeciv-2.3.2-gtk2" = Freeciv 2.3.2 (GTK+ client)
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/5/2013 4:06:55 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 3/5/2013 4:08:26 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
 sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 3/6/2013 8:39:15 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 3/6/2013 8:42:00 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
 sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 3/6/2013 3:43:43 PM | Computer Name = **** | Source = Microsoft-Windows-CertificateServicesClient | ID = 1001
Description = Zertifikatdienstclient: der Anbieter pautoenr.dll konnte nicht geladen
 werden. Fehlercode 5.
 
Error - 3/6/2013 3:43:43 PM | Computer Name = **** | Source = Microsoft-Windows-CertificateServicesClient | ID = 1003
Description = Zertifikatdienstclient: Die Anbieter konnten nicht als Antwort auf
 Ereignis 512 aufgerufen werden. Fehlercode 2147942405.
 
Error - 3/8/2013 4:12:15 PM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 3/8/2013 4:13:36 PM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
 sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 3/10/2013 10:24:55 AM | Computer Name = **** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 3/10/2013 10:26:10 AM | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sisoftware\sisoftware
 sandra lite 2012.sp2\wnt500x64\RpcSandraSrv.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 3/4/2013 2:56:13 PM | Computer Name = **** | Source = DCOM | ID = 10016
Description = 
 
Error - 3/5/2013 4:04:24 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/6/2013 3:48:43 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/6/2013 3:50:11 PM | Computer Name = **** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
Error - 3/6/2013 3:55:33 PM | Computer Name = **** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 3/6/2013 3:57:37 PM | Computer Name = **** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 3/6/2013 4:00:25 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/6/2013 4:03:39 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/6/2013 4:11:31 PM | Computer Name = **** | Source = bowser | ID = 8003
Description = 
 
Error - 3/7/2013 4:23:17 PM | Computer Name = **** | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
 
< End of report >
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 3/10/2013 5:22:22 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.34% Memory free
5.98 Gb Paging File | 4.42 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 704.75 Gb Free Space | 51.97% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: Michael (Admin) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mama\Desktop\diverse Sicherheitssoftwaresachen\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys File not found
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (InputFilter_Hid_FlexDef2b) -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys (Siliten)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys (SiSoftware)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\..\SearchScopes\{453456AD-2513-4DEE-BF59-9B11A8AF85E2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes,DefaultScope = {5D699F35-C133-45DA-B63E-388EF330146B}
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\..\SearchScopes\{5D699F35-C133-45DA-B63E-388EF330146B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 19:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/01/06 18:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/10 13:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/13 19:41:31 | 000,000,000 | ---D | M]
 
[2011/10/13 19:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael (Admin)\AppData\Roaming\mozilla\Extensions
[2012/09/11 17:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael (Admin)\AppData\Roaming\mozilla\Firefox\Profiles\5awd1a7g.default\extensions
[2013/02/10 13:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013/02/10 13:45:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
 
O1 HOSTS File: ([2012/09/21 13:51:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3271095012-286924583-1323677700-1003..\Run: [Validator] C:\Users\Mama\AppData\Roaming\Sun\{EF7D5DC7-0AB7-4A7D-83F8-B2D97B888680}\Validator.exe File not found
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3271095012-286924583-1323677700-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/07 21:22:36 | 000,000,000 | ---D | C] -- C:\Users\Michael (Admin)\AppData\Local\Programs
[2013/02/21 11:59:13 | 000,000,000 | ---D | C] -- C:\Ryzhov
[2013/02/21 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2013/02/14 22:16:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/14 22:16:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/14 22:16:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/14 22:16:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/14 22:16:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/14 22:16:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/14 22:16:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/14 22:16:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/14 08:54:41 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/14 08:53:42 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/14 08:53:41 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/14 08:53:00 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/14 08:53:00 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/02/10 13:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/09 13:04:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/09 13:03:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/09 13:03:57 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/09 13:03:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/09 13:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/10 17:12:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/10 14:31:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 14:31:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/10 14:24:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/10 14:24:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/10 14:24:11 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/06 13:13:54 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/21 11:37:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013/02/18 05:36:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/18 05:36:03 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/18 05:36:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/18 05:36:03 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/18 05:27:58 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/18 05:27:58 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/15 19:32:17 | 000,346,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/09 13:03:52 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/02/09 13:03:52 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/09 13:03:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/09 13:03:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/09 13:03:52 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/09 13:03:52 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
 
========== Files Created - No Company Name ==========
 
[2012/09/21 13:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/21 13:45:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/21 13:45:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/21 13:45:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/21 13:45:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/24 13:56:47 | 011,304,960 | ---- | C] () -- C:\Users\Michael (Admin)\AppData\Roaming\Sandra.mdb
[2011/12/20 12:08:33 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011/10/13 19:39:14 | 000,266,579 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011/10/13 19:39:14 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/15 23:17:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\.freeciv
[2012/05/29 17:17:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ALDI_SUED_Mah_Jong
[2012/01/17 13:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\avidemux
[2012/09/14 22:58:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FILEminimizerPictures
[2012/06/07 14:51:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Foxit Software
[2012/03/17 22:50:18 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Garmin
[2012/03/14 23:13:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Mobile Atlas Creator
[2011/11/28 21:12:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenOffice.org
[2012/09/03 09:27:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PowerISO
[2012/03/18 23:26:57 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TeamViewer
[2011/10/24 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ALDI_SUED_Mah_Jong
[2011/10/13 21:42:56 | 000,000,000 | ---D | M] -- C:\Users\Michael (Admin)\AppData\Roaming\ALDI_SUED_Mah_Jong
[2012/01/16 21:49:31 | 000,000,000 | ---D | M] -- C:\Users\Michael (Admin)\AppData\Roaming\avidemux
[2012/09/11 17:33:27 | 000,000,000 | ---D | M] -- C:\Users\Michael (Admin)\AppData\Roaming\ESET
[2012/05/26 18:52:50 | 000,000,000 | ---D | M] -- C:\Users\Michael (Admin)\AppData\Roaming\Garmin
 
========== Purity Check ==========
 
 

< End of report >
         
__________________

Alt 10.03.2013, 19:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Dann bitte notieren was Kaspersky wo genau gefunden hat und dann hier posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.03.2013, 20:02   #5
windchill
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



als Anhang

Miniaturansicht angehängter Grafiken
Groupon Trojaner, die Hundertste...-donnerstag-07.03.jpg   Groupon Trojaner, die Hundertste...-mittwoch-06.03.jpg  

Alt 10.03.2013, 21:00   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Groupon Trojaner, die Hundertste...

Alt 10.03.2013, 22:31   #7
windchill
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



TDSSKiller

Code:
ATTFilter
17:35:26.0242 6372  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:35:26.0305 6372  ============================================================
17:35:26.0305 6372  Current date / time: 2013/03/10 17:35:26.0305
17:35:26.0305 6372  SystemInfo:
17:35:26.0305 6372  
17:35:26.0305 6372  OS Version: 6.1.7601 ServicePack: 1.0
17:35:26.0305 6372  Product type: Workstation
17:35:26.0305 6372  ComputerName: ****
17:35:26.0305 6372  UserName: Michael (Admin)
17:35:26.0305 6372  Windows directory: C:\Windows
17:35:26.0305 6372  System windows directory: C:\Windows
17:35:26.0305 6372  Processor architecture: Intel x86
17:35:26.0305 6372  Number of processors: 4
17:35:26.0305 6372  Page size: 0x1000
17:35:26.0305 6372  Boot type: Normal boot
17:35:26.0305 6372  ============================================================
17:35:31.0203 6372  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:35:31.0203 6372  ============================================================
17:35:31.0203 6372  \Device\Harddisk0\DR0:
17:35:31.0203 6372  MBR partitions:
17:35:31.0203 6372  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:35:31.0203 6372  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800
17:35:31.0203 6372  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000
17:35:31.0203 6372  ============================================================
17:35:31.0219 6372  C: <-> \Device\Harddisk0\DR0\Partition2
17:35:31.0265 6372  D: <-> \Device\Harddisk0\DR0\Partition3
17:35:31.0265 6372  ============================================================
17:35:31.0281 6372  Initialize success
17:35:31.0281 6372  ============================================================
17:35:45.0430 3248  ============================================================
17:35:45.0430 3248  Scan started
17:35:45.0430 3248  Mode: Manual; SigCheck; TDLFS; 
17:35:45.0430 3248  ============================================================
17:35:45.0758 3248  ================ Scan system memory ========================
17:35:45.0758 3248  System memory - ok
17:35:45.0758 3248  ================ Scan services =============================
17:35:45.0820 3248  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:35:45.0883 3248  !SASCORE - ok
17:35:46.0054 3248  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:35:46.0101 3248  1394ohci - ok
17:35:46.0148 3248  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:35:46.0179 3248  ACPI - ok
17:35:46.0195 3248  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:35:46.0273 3248  AcpiPmi - ok
17:35:46.0366 3248  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:35:46.0398 3248  AdobeARMservice - ok
17:35:46.0429 3248  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:35:46.0460 3248  adp94xx - ok
17:35:46.0491 3248  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:35:46.0507 3248  adpahci - ok
17:35:46.0538 3248  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:35:46.0569 3248  adpu320 - ok
17:35:46.0585 3248  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:35:46.0616 3248  AeLookupSvc - ok
17:35:46.0663 3248  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
17:35:46.0710 3248  AFD - ok
17:35:46.0725 3248  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:35:46.0741 3248  agp440 - ok
17:35:46.0756 3248  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:35:46.0772 3248  aic78xx - ok
17:35:46.0788 3248  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:35:46.0834 3248  ALG - ok
17:35:46.0834 3248  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:35:46.0850 3248  aliide - ok
17:35:46.0881 3248  [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:35:46.0912 3248  AMD External Events Utility - ok
17:35:46.0944 3248  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:35:46.0959 3248  amdagp - ok
17:35:46.0975 3248  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:35:46.0990 3248  amdide - ok
17:35:46.0990 3248  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:35:47.0037 3248  AmdK8 - ok
17:35:47.0178 3248  [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:35:47.0271 3248  amdkmdag - ok
17:35:47.0302 3248  [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:35:47.0334 3248  amdkmdap - ok
17:35:47.0365 3248  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:35:47.0412 3248  AmdPPM - ok
17:35:47.0443 3248  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:35:47.0474 3248  amdsata - ok
17:35:47.0490 3248  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:35:47.0521 3248  amdsbs - ok
17:35:47.0536 3248  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:35:47.0536 3248  amdxata - ok
17:35:47.0583 3248  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
17:35:47.0646 3248  AppID - ok
17:35:47.0646 3248  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:35:47.0661 3248  AppIDSvc - ok
17:35:47.0692 3248  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
17:35:47.0739 3248  Appinfo - ok
17:35:47.0786 3248  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:35:47.0802 3248  arc - ok
17:35:47.0817 3248  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:35:47.0833 3248  arcsas - ok
17:35:47.0864 3248  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:35:47.0973 3248  AsyncMac - ok
17:35:48.0082 3248  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
17:35:48.0098 3248  atapi - ok
17:35:48.0145 3248  [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
17:35:48.0348 3248  AtiHdmiService - ok
17:35:48.0426 3248  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:35:48.0488 3248  AudioEndpointBuilder - ok
17:35:48.0488 3248  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:35:48.0519 3248  Audiosrv - ok
17:35:48.0566 3248  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
17:35:48.0613 3248  AVP - ok
17:35:48.0644 3248  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:35:48.0706 3248  AxInstSV - ok
17:35:48.0722 3248  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:35:48.0753 3248  b06bdrv - ok
17:35:48.0784 3248  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:35:48.0816 3248  b57nd60x - ok
17:35:48.0831 3248  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:35:48.0862 3248  BDESVC - ok
17:35:48.0909 3248  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:35:48.0956 3248  Beep - ok
17:35:48.0987 3248  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
17:35:49.0065 3248  BFE - ok
17:35:49.0096 3248  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
17:35:49.0143 3248  BITS - ok
17:35:49.0159 3248  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:35:49.0174 3248  blbdrive - ok
17:35:49.0206 3248  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:35:49.0221 3248  bowser - ok
17:35:49.0237 3248  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:35:49.0284 3248  BrFiltLo - ok
17:35:49.0299 3248  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:35:49.0330 3248  BrFiltUp - ok
17:35:49.0362 3248  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
17:35:49.0408 3248  BridgeMP - ok
17:35:49.0440 3248  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
17:35:49.0471 3248  Browser - ok
17:35:49.0486 3248  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:35:49.0518 3248  Brserid - ok
17:35:49.0533 3248  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:35:49.0564 3248  BrSerWdm - ok
17:35:49.0580 3248  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:35:49.0596 3248  BrUsbMdm - ok
17:35:49.0642 3248  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:35:49.0674 3248  BrUsbSer - ok
17:35:49.0705 3248  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:35:49.0736 3248  BTHMODEM - ok
17:35:49.0767 3248  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:35:49.0814 3248  bthserv - ok
17:35:49.0908 3248  catchme - ok
17:35:49.0923 3248  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:35:49.0986 3248  cdfs - ok
17:35:50.0017 3248  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:35:50.0064 3248  cdrom - ok
17:35:50.0110 3248  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:35:50.0173 3248  CertPropSvc - ok
17:35:50.0204 3248  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:35:50.0220 3248  circlass - ok
17:35:50.0235 3248  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:35:50.0251 3248  CLFS - ok
17:35:50.0313 3248  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:50.0344 3248  clr_optimization_v2.0.50727_32 - ok
17:35:50.0391 3248  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:35:50.0422 3248  clr_optimization_v4.0.30319_32 - ok
17:35:50.0422 3248  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:35:50.0438 3248  CmBatt - ok
17:35:50.0454 3248  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:35:50.0469 3248  cmdide - ok
17:35:50.0485 3248  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:35:50.0500 3248  CNG - ok
17:35:50.0516 3248  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:35:50.0532 3248  Compbatt - ok
17:35:50.0547 3248  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:35:50.0578 3248  CompositeBus - ok
17:35:50.0578 3248  COMSysApp - ok
17:35:50.0594 3248  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:35:50.0594 3248  crcdisk - ok
17:35:50.0625 3248  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:35:50.0641 3248  CryptSvc - ok
17:35:50.0688 3248  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:35:50.0750 3248  DcomLaunch - ok
17:35:50.0797 3248  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:35:50.0859 3248  defragsvc - ok
17:35:50.0890 3248  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:35:50.0953 3248  DfsC - ok
17:35:51.0000 3248  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:35:51.0046 3248  Dhcp - ok
17:35:51.0062 3248  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:35:51.0093 3248  discache - ok
17:35:51.0109 3248  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:35:51.0124 3248  Disk - ok
17:35:51.0156 3248  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:35:51.0187 3248  Dnscache - ok
17:35:51.0218 3248  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:35:51.0265 3248  dot3svc - ok
17:35:51.0296 3248  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
17:35:51.0343 3248  DPS - ok
17:35:51.0374 3248  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:35:51.0405 3248  drmkaud - ok
17:35:51.0436 3248  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:35:51.0468 3248  DXGKrnl - ok
17:35:51.0468 3248  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
17:35:51.0514 3248  EapHost - ok
17:35:51.0608 3248  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:35:51.0733 3248  ebdrv - ok
17:35:51.0748 3248  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
17:35:51.0780 3248  EFS - ok
17:35:51.0811 3248  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:35:51.0858 3248  ehRecvr - ok
17:35:51.0889 3248  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
17:35:51.0904 3248  ehSched - ok
17:35:51.0936 3248  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:35:51.0967 3248  elxstor - ok
17:35:51.0982 3248  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:35:52.0014 3248  ErrDev - ok
17:35:52.0029 3248  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
17:35:52.0076 3248  EventSystem - ok
17:35:52.0092 3248  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:35:52.0123 3248  exfat - ok
17:35:52.0138 3248  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:35:52.0185 3248  fastfat - ok
17:35:52.0232 3248  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
17:35:52.0279 3248  Fax - ok
17:35:52.0294 3248  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:35:52.0310 3248  fdc - ok
17:35:52.0326 3248  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
17:35:52.0357 3248  fdPHost - ok
17:35:52.0372 3248  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:35:52.0388 3248  FDResPub - ok
17:35:52.0404 3248  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:35:52.0419 3248  FileInfo - ok
17:35:52.0419 3248  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:35:52.0450 3248  Filetrace - ok
17:35:52.0497 3248  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:35:52.0513 3248  flpydisk - ok
17:35:52.0528 3248  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:35:52.0544 3248  FltMgr - ok
17:35:52.0591 3248  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
17:35:52.0684 3248  FontCache - ok
17:35:52.0716 3248  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:35:52.0731 3248  FontCache3.0.0.0 - ok
17:35:52.0747 3248  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:35:52.0762 3248  FsDepends - ok
17:35:52.0778 3248  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:35:52.0794 3248  Fs_Rec - ok
17:35:52.0809 3248  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:35:52.0840 3248  fvevol - ok
17:35:52.0856 3248  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:35:52.0872 3248  gagp30kx - ok
17:35:52.0918 3248  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:35:52.0965 3248  gpsvc - ok
17:35:53.0012 3248  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:35:53.0043 3248  gupdate - ok
17:35:53.0043 3248  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:35:53.0059 3248  gupdatem - ok
17:35:53.0074 3248  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:35:53.0090 3248  hcw85cir - ok
17:35:53.0121 3248  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:35:53.0152 3248  HdAudAddService - ok
17:35:53.0168 3248  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:35:53.0184 3248  HDAudBus - ok
17:35:53.0199 3248  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:35:53.0230 3248  HidBatt - ok
17:35:53.0262 3248  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:35:53.0277 3248  HidBth - ok
17:35:53.0293 3248  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:35:53.0324 3248  HidIr - ok
17:35:53.0340 3248  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
17:35:53.0386 3248  hidserv - ok
17:35:53.0402 3248  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:35:53.0449 3248  HidUsb - ok
17:35:53.0496 3248  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:35:53.0558 3248  hkmsvc - ok
17:35:53.0605 3248  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:35:53.0636 3248  HomeGroupListener - ok
17:35:53.0714 3248  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:35:53.0761 3248  HomeGroupProvider - ok
17:35:53.0839 3248  [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:35:53.0870 3248  hpqcxs08 - ok
17:35:53.0932 3248  [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:35:53.0948 3248  hpqddsvc - ok
17:35:53.0979 3248  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:35:53.0995 3248  HpSAMD - ok
17:35:54.0026 3248  [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:35:54.0042 3248  HPSLPSVC - ok
17:35:54.0104 3248  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:35:54.0166 3248  HTTP - ok
17:35:54.0182 3248  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:35:54.0198 3248  hwpolicy - ok
17:35:54.0229 3248  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:35:54.0244 3248  i8042prt - ok
17:35:54.0276 3248  [ 26541A068572F650A2FA490726FE81BE ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:35:54.0291 3248  iaStor - ok
17:35:54.0338 3248  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:35:54.0354 3248  IAStorDataMgrSvc - ok
17:35:54.0369 3248  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:35:54.0385 3248  iaStorV - ok
17:35:54.0447 3248  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:35:54.0494 3248  idsvc - ok
17:35:54.0510 3248  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:35:54.0525 3248  iirsp - ok
17:35:54.0556 3248  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:35:54.0588 3248  IKEEXT - ok
17:35:54.0634 3248  [ D6782400E92C62ED2BF3AF8ED4753738 ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
17:35:54.0666 3248  InputFilter_Hid_FlexDef2b - ok
17:35:54.0759 3248  [ 4BE85CF5831A41104C2DDED55FBC3565 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:35:54.0822 3248  IntcAzAudAddService - ok
17:35:54.0837 3248  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:35:54.0853 3248  intelide - ok
17:35:54.0884 3248  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:35:54.0931 3248  intelppm - ok
17:35:54.0946 3248  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:35:54.0993 3248  IPBusEnum - ok
17:35:55.0009 3248  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:35:55.0040 3248  IpFilterDriver - ok
17:35:55.0056 3248  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:35:55.0149 3248  iphlpsvc - ok
17:35:55.0165 3248  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:35:55.0196 3248  IPMIDRV - ok
17:35:55.0212 3248  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:35:55.0274 3248  IPNAT - ok
17:35:55.0305 3248  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:35:55.0336 3248  IRENUM - ok
17:35:55.0368 3248  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:35:55.0383 3248  isapnp - ok
17:35:55.0399 3248  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:35:55.0399 3248  iScsiPrt - ok
17:35:55.0414 3248  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:35:55.0430 3248  kbdclass - ok
17:35:55.0461 3248  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:35:55.0477 3248  kbdhid - ok
17:35:55.0477 3248  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:35:55.0492 3248  KeyIso - ok
17:35:55.0539 3248  [ EA26CB00F83686856F2C79673C00C686 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
17:35:55.0570 3248  kl1 - ok
17:35:55.0633 3248  [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
17:35:55.0664 3248  KLIF - ok
17:35:55.0711 3248  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
17:35:55.0711 3248  KLIM6 - ok
17:35:55.0726 3248  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
17:35:55.0742 3248  klkbdflt - ok
17:35:55.0742 3248  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
17:35:55.0758 3248  klmouflt - ok
17:35:55.0758 3248  [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
17:35:55.0773 3248  kltdi - ok
17:35:55.0804 3248  [ 71A38C123600172511C26BFABD0EF579 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
17:35:55.0820 3248  kneps - ok
17:35:55.0851 3248  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:35:55.0867 3248  KSecDD - ok
17:35:55.0882 3248  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:35:55.0898 3248  KSecPkg - ok
17:35:55.0960 3248  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:35:56.0070 3248  KtmRm - ok
17:35:56.0085 3248  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:35:56.0132 3248  LanmanServer - ok
17:35:56.0179 3248  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:35:56.0257 3248  LanmanWorkstation - ok
17:35:56.0257 3248  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:35:56.0319 3248  lltdio - ok
17:35:56.0335 3248  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:35:56.0366 3248  lltdsvc - ok
17:35:56.0366 3248  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:35:56.0397 3248  lmhosts - ok
17:35:56.0413 3248  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:35:56.0428 3248  LSI_FC - ok
17:35:56.0460 3248  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:35:56.0460 3248  LSI_SAS - ok
17:35:56.0475 3248  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:35:56.0491 3248  LSI_SAS2 - ok
17:35:56.0506 3248  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:35:56.0522 3248  LSI_SCSI - ok
17:35:56.0538 3248  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:35:56.0569 3248  luafv - ok
17:35:56.0647 3248  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:35:56.0662 3248  MBAMProtector - ok
17:35:56.0725 3248  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe
17:35:56.0756 3248  MBAMScheduler - ok
17:35:56.0772 3248  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe
17:35:56.0787 3248  MBAMService - ok
17:35:56.0834 3248  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:35:56.0865 3248  Mcx2Svc - ok
17:35:56.0865 3248  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:35:56.0881 3248  megasas - ok
17:35:56.0912 3248  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:35:56.0928 3248  MegaSR - ok
17:35:56.0943 3248  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:35:56.0974 3248  MMCSS - ok
17:35:56.0990 3248  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:35:57.0037 3248  Modem - ok
17:35:57.0052 3248  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:35:57.0068 3248  monitor - ok
17:35:57.0068 3248  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:35:57.0084 3248  mouclass - ok
17:35:57.0099 3248  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:35:57.0130 3248  mouhid - ok
17:35:57.0146 3248  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:35:57.0162 3248  mountmgr - ok
17:35:57.0224 3248  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:35:57.0255 3248  MozillaMaintenance - ok
17:35:57.0271 3248  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:35:57.0302 3248  mpio - ok
17:35:57.0318 3248  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:35:57.0364 3248  mpsdrv - ok
17:35:57.0396 3248  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:35:57.0442 3248  MpsSvc - ok
17:35:57.0458 3248  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:35:57.0474 3248  MRxDAV - ok
17:35:57.0520 3248  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:35:57.0552 3248  mrxsmb - ok
17:35:57.0598 3248  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:35:57.0630 3248  mrxsmb10 - ok
17:35:57.0645 3248  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:35:57.0692 3248  mrxsmb20 - ok
17:35:57.0708 3248  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:35:57.0739 3248  msahci - ok
17:35:57.0786 3248  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:35:57.0801 3248  msdsm - ok
17:35:57.0832 3248  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:35:57.0864 3248  MSDTC - ok
17:35:57.0879 3248  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:35:57.0910 3248  Msfs - ok
17:35:57.0926 3248  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:35:57.0957 3248  mshidkmdf - ok
17:35:57.0973 3248  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:35:57.0988 3248  msisadrv - ok
17:35:58.0004 3248  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:35:58.0035 3248  MSiSCSI - ok
17:35:58.0035 3248  msiserver - ok
17:35:58.0066 3248  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:35:58.0098 3248  MSKSSRV - ok
17:35:58.0144 3248  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:35:58.0176 3248  MSPCLOCK - ok
17:35:58.0191 3248  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:35:58.0207 3248  MSPQM - ok
17:35:58.0238 3248  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:35:58.0238 3248  MsRPC - ok
17:35:58.0254 3248  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:35:58.0269 3248  mssmbios - ok
17:35:58.0269 3248  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:35:58.0300 3248  MSTEE - ok
17:35:58.0316 3248  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:35:58.0332 3248  MTConfig - ok
17:35:58.0347 3248  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:35:58.0363 3248  Mup - ok
17:35:58.0394 3248  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:35:58.0425 3248  napagent - ok
17:35:58.0472 3248  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:35:58.0503 3248  NativeWifiP - ok
17:35:58.0534 3248  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:35:58.0566 3248  NDIS - ok
17:35:58.0581 3248  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:35:58.0612 3248  NdisCap - ok
17:35:58.0628 3248  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:35:58.0659 3248  NdisTapi - ok
17:35:58.0690 3248  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:35:58.0722 3248  Ndisuio - ok
17:35:58.0768 3248  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:35:58.0815 3248  NdisWan - ok
17:35:58.0862 3248  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:35:58.0893 3248  NDProxy - ok
17:35:58.0956 3248  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:35:58.0971 3248  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:35:58.0971 3248  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:35:58.0987 3248  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:35:59.0049 3248  NetBIOS - ok
17:35:59.0065 3248  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:35:59.0096 3248  NetBT - ok
17:35:59.0096 3248  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:35:59.0112 3248  Netlogon - ok
17:35:59.0143 3248  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:35:59.0190 3248  Netman - ok
17:35:59.0205 3248  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:35:59.0252 3248  netprofm - ok
17:35:59.0268 3248  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:35:59.0268 3248  NetTcpPortSharing - ok
17:35:59.0299 3248  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:35:59.0299 3248  nfrd960 - ok
17:35:59.0330 3248  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:35:59.0346 3248  NlaSvc - ok
17:35:59.0346 3248  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:35:59.0377 3248  Npfs - ok
17:35:59.0392 3248  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:35:59.0424 3248  nsi - ok
17:35:59.0424 3248  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:35:59.0455 3248  nsiproxy - ok
17:35:59.0502 3248  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:35:59.0564 3248  Ntfs - ok
17:35:59.0595 3248  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:35:59.0626 3248  Null - ok
17:35:59.0642 3248  [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
17:35:59.0658 3248  nusb3hub - ok
17:35:59.0689 3248  [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:35:59.0720 3248  nusb3xhc - ok
17:35:59.0736 3248  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:35:59.0751 3248  nvraid - ok
17:35:59.0767 3248  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:35:59.0782 3248  nvstor - ok
17:35:59.0814 3248  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:35:59.0829 3248  nv_agp - ok
17:35:59.0892 3248  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:35:59.0923 3248  odserv - ok
17:35:59.0954 3248  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:35:59.0985 3248  ohci1394 - ok
17:36:00.0016 3248  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:00.0032 3248  ose - ok
17:36:00.0048 3248  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:36:00.0079 3248  p2pimsvc - ok
17:36:00.0126 3248  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:36:00.0157 3248  p2psvc - ok
17:36:00.0172 3248  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:36:00.0204 3248  Parport - ok
17:36:00.0219 3248  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:36:00.0235 3248  partmgr - ok
17:36:00.0250 3248  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:36:00.0282 3248  Parvdm - ok
17:36:00.0282 3248  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:36:00.0313 3248  PcaSvc - ok
17:36:00.0344 3248  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
17:36:00.0360 3248  pci - ok
17:36:00.0375 3248  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:36:00.0391 3248  pciide - ok
17:36:00.0406 3248  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:36:00.0422 3248  pcmcia - ok
17:36:00.0422 3248  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:36:00.0438 3248  pcw - ok
17:36:00.0469 3248  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:36:00.0500 3248  PEAUTH - ok
17:36:00.0547 3248  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
17:36:00.0609 3248  pla - ok
17:36:00.0640 3248  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:36:00.0656 3248  PlugPlay - ok
17:36:00.0687 3248  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:36:00.0703 3248  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:36:00.0703 3248  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:36:00.0718 3248  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:36:00.0750 3248  PNRPAutoReg - ok
17:36:00.0765 3248  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:36:00.0781 3248  PNRPsvc - ok
17:36:00.0812 3248  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:36:00.0843 3248  PolicyAgent - ok
17:36:00.0874 3248  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
17:36:00.0952 3248  Power - ok
17:36:00.0984 3248  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:36:01.0030 3248  PptpMiniport - ok
17:36:01.0046 3248  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:36:01.0077 3248  Processor - ok
17:36:01.0108 3248  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
17:36:01.0124 3248  ProfSvc - ok
17:36:01.0140 3248  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:36:01.0155 3248  ProtectedStorage - ok
17:36:01.0186 3248  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:36:01.0218 3248  Psched - ok
17:36:01.0249 3248  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:36:01.0264 3248  PSI_SVC_2 - ok
17:36:01.0311 3248  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:36:01.0358 3248  ql2300 - ok
17:36:01.0389 3248  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:36:01.0405 3248  ql40xx - ok
17:36:01.0405 3248  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:36:01.0452 3248  QWAVE - ok
17:36:01.0467 3248  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:36:01.0498 3248  QWAVEdrv - ok
17:36:01.0514 3248  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:36:01.0545 3248  RasAcd - ok
17:36:01.0545 3248  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:36:01.0592 3248  RasAgileVpn - ok
17:36:01.0608 3248  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:36:01.0639 3248  RasAuto - ok
17:36:01.0639 3248  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:01.0686 3248  Rasl2tp - ok
17:36:01.0701 3248  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:36:01.0748 3248  RasMan - ok
17:36:01.0764 3248  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:01.0795 3248  RasPppoe - ok
17:36:01.0810 3248  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:36:01.0842 3248  RasSstp - ok
17:36:01.0888 3248  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:36:01.0935 3248  rdbss - ok
17:36:01.0951 3248  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:36:01.0982 3248  rdpbus - ok
17:36:02.0013 3248  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:02.0060 3248  RDPCDD - ok
17:36:02.0076 3248  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:36:02.0107 3248  RDPENCDD - ok
17:36:02.0122 3248  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:36:02.0154 3248  RDPREFMP - ok
17:36:02.0185 3248  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:36:02.0200 3248  RdpVideoMiniport - ok
17:36:02.0216 3248  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:36:02.0247 3248  RDPWD - ok
17:36:02.0278 3248  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:36:02.0294 3248  rdyboost - ok
17:36:02.0310 3248  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:36:02.0341 3248  RemoteAccess - ok
17:36:02.0356 3248  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:36:02.0388 3248  RemoteRegistry - ok
17:36:02.0403 3248  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:36:02.0434 3248  RpcEptMapper - ok
17:36:02.0450 3248  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:36:02.0466 3248  RpcLocator - ok
17:36:02.0497 3248  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
17:36:02.0528 3248  RpcSs - ok
17:36:02.0528 3248  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:36:02.0559 3248  rspndr - ok
17:36:02.0606 3248  [ 0516998076AD894AE7E362C3110AA071 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
17:36:02.0637 3248  RTL8167 - ok
17:36:02.0668 3248  [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
17:36:02.0684 3248  RTL8192su - ok
17:36:02.0700 3248  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
17:36:02.0715 3248  SamSs - ok
17:36:02.0793 3248  [ 230FD3749904CA045EA5EC0AA14006E9 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys
17:36:02.0809 3248  SANDRA - ok
17:36:02.0840 3248  [ 28D22B00901EE48BB98899ABAD5DA11E ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe
17:36:02.0856 3248  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
17:36:02.0856 3248  SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
17:36:02.0902 3248  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:36:02.0918 3248  SASDIFSV - ok
17:36:02.0949 3248  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:36:02.0965 3248  SASKUTIL - ok
17:36:02.0996 3248  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:36:03.0012 3248  sbp2port - ok
17:36:03.0027 3248  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:36:03.0058 3248  SCardSvr - ok
17:36:03.0090 3248  [ B08CC192330FDE1510F28CF284F80026 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
17:36:03.0090 3248  SCDEmu - ok
17:36:03.0105 3248  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:36:03.0136 3248  scfilter - ok
17:36:03.0183 3248  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:36:03.0246 3248  Schedule - ok
17:36:03.0277 3248  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:36:03.0324 3248  SCPolicySvc - ok
17:36:03.0355 3248  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:36:03.0370 3248  SDRSVC - ok
17:36:03.0386 3248  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:36:03.0433 3248  secdrv - ok
17:36:03.0433 3248  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:36:03.0526 3248  seclogon - ok
17:36:03.0558 3248  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
17:36:03.0589 3248  SENS - ok
17:36:03.0636 3248  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:36:03.0667 3248  SensrSvc - ok
17:36:03.0698 3248  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:36:03.0729 3248  Serenum - ok
17:36:03.0745 3248  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:36:03.0760 3248  Serial - ok
17:36:03.0776 3248  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:36:03.0792 3248  sermouse - ok
17:36:03.0823 3248  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:36:03.0870 3248  SessionEnv - ok
17:36:03.0885 3248  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:36:03.0916 3248  sffdisk - ok
17:36:03.0932 3248  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:36:03.0948 3248  sffp_mmc - ok
17:36:03.0963 3248  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:36:03.0994 3248  sffp_sd - ok
17:36:04.0010 3248  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:36:04.0010 3248  sfloppy - ok
17:36:04.0057 3248  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:36:04.0119 3248  SharedAccess - ok
17:36:04.0150 3248  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:36:04.0197 3248  ShellHWDetection - ok
17:36:04.0228 3248  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:36:04.0244 3248  sisagp - ok
17:36:04.0260 3248  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:36:04.0275 3248  SiSRaid2 - ok
17:36:04.0306 3248  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:36:04.0322 3248  SiSRaid4 - ok
17:36:04.0353 3248  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:36:04.0400 3248  Smb - ok
17:36:04.0416 3248  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:36:04.0431 3248  SNMPTRAP - ok
17:36:04.0431 3248  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:36:04.0447 3248  spldr - ok
17:36:04.0478 3248  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
17:36:04.0494 3248  Spooler - ok
17:36:04.0587 3248  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:36:04.0650 3248  sppsvc - ok
17:36:04.0681 3248  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:36:04.0696 3248  sppuinotify - ok
17:36:04.0728 3248  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:36:04.0743 3248  srv - ok
17:36:04.0759 3248  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:36:04.0774 3248  srv2 - ok
17:36:04.0821 3248  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:36:04.0852 3248  srvnet - ok
17:36:04.0868 3248  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:36:04.0915 3248  SSDPSRV - ok
17:36:04.0930 3248  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:36:04.0962 3248  SstpSvc - ok
17:36:04.0977 3248  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:36:04.0993 3248  stexstor - ok
17:36:05.0024 3248  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:36:05.0055 3248  StillCam - ok
17:36:05.0086 3248  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:36:05.0118 3248  StiSvc - ok
17:36:05.0118 3248  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:36:05.0133 3248  swenum - ok
17:36:05.0149 3248  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:36:05.0180 3248  swprv - ok
17:36:05.0258 3248  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
17:36:05.0336 3248  SysMain - ok
17:36:05.0352 3248  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:36:05.0367 3248  TabletInputService - ok
17:36:05.0383 3248  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:36:05.0430 3248  TapiSrv - ok
17:36:05.0445 3248  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:36:05.0476 3248  TBS - ok
17:36:05.0539 3248  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:36:05.0586 3248  Tcpip - ok
17:36:05.0617 3248  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:36:05.0648 3248  TCPIP6 - ok
17:36:05.0679 3248  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:36:05.0695 3248  tcpipreg - ok
17:36:05.0726 3248  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:36:05.0742 3248  TDPIPE - ok
17:36:05.0773 3248  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:36:05.0788 3248  TDTCP - ok
17:36:05.0820 3248  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:36:05.0866 3248  tdx - ok
17:36:05.0882 3248  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:36:05.0898 3248  TermDD - ok
17:36:05.0929 3248  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
17:36:05.0960 3248  TermService - ok
17:36:05.0976 3248  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:36:05.0991 3248  Themes - ok
17:36:05.0991 3248  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:36:06.0022 3248  THREADORDER - ok
17:36:06.0038 3248  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:36:06.0069 3248  TrkWks - ok
17:36:06.0116 3248  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:36:06.0132 3248  TrustedInstaller - ok
17:36:06.0147 3248  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:36:06.0178 3248  tssecsrv - ok
17:36:06.0210 3248  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:36:06.0210 3248  TsUsbFlt - ok
17:36:06.0241 3248  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:36:06.0288 3248  tunnel - ok
17:36:06.0288 3248  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:36:06.0303 3248  uagp35 - ok
17:36:06.0319 3248  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:36:06.0350 3248  udfs - ok
17:36:06.0366 3248  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:36:06.0397 3248  UI0Detect - ok
17:36:06.0412 3248  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:36:06.0428 3248  uliagpkx - ok
17:36:06.0475 3248  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
17:36:06.0490 3248  umbus - ok
17:36:06.0506 3248  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:36:06.0537 3248  UmPass - ok
17:36:06.0553 3248  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:36:06.0584 3248  upnphost - ok
17:36:06.0584 3248  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:36:06.0615 3248  usbccgp - ok
17:36:06.0646 3248  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:36:06.0678 3248  usbcir - ok
17:36:06.0693 3248  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:36:06.0709 3248  usbehci - ok
17:36:06.0724 3248  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:36:06.0756 3248  usbhub - ok
17:36:06.0756 3248  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:36:06.0787 3248  usbohci - ok
17:36:06.0802 3248  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:36:06.0834 3248  usbprint - ok
17:36:06.0834 3248  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:36:06.0865 3248  USBSTOR - ok
17:36:06.0880 3248  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:36:06.0912 3248  usbuhci - ok
17:36:06.0912 3248  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:36:06.0943 3248  UxSms - ok
17:36:06.0958 3248  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:36:06.0974 3248  VaultSvc - ok
17:36:06.0990 3248  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:36:06.0990 3248  vdrvroot - ok
17:36:07.0021 3248  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
17:36:07.0083 3248  vds - ok
17:36:07.0099 3248  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:36:07.0099 3248  vga - ok
17:36:07.0114 3248  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:36:07.0146 3248  VgaSave - ok
17:36:07.0161 3248  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:36:07.0177 3248  vhdmp - ok
17:36:07.0192 3248  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:36:07.0208 3248  viaagp - ok
17:36:07.0208 3248  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:36:07.0224 3248  ViaC7 - ok
17:36:07.0224 3248  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:36:07.0239 3248  viaide - ok
17:36:07.0255 3248  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:36:07.0270 3248  volmgr - ok
17:36:07.0286 3248  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:36:07.0302 3248  volmgrx - ok
17:36:07.0317 3248  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:36:07.0333 3248  volsnap - ok
17:36:07.0348 3248  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:36:07.0364 3248  vsmraid - ok
17:36:07.0411 3248  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
17:36:07.0442 3248  VSS - ok
17:36:07.0442 3248  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:36:07.0458 3248  vwifibus - ok
17:36:07.0489 3248  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:36:07.0504 3248  vwififlt - ok
17:36:07.0504 3248  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:36:07.0551 3248  W32Time - ok
17:36:07.0567 3248  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:36:07.0582 3248  WacomPen - ok
17:36:07.0645 3248  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:36:07.0676 3248  WANARP - ok
17:36:07.0692 3248  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:36:07.0723 3248  Wanarpv6 - ok
17:36:07.0816 3248  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:36:07.0879 3248  WatAdminSvc - ok
17:36:07.0910 3248  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:36:07.0957 3248  wbengine - ok
17:36:07.0972 3248  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:36:08.0004 3248  WbioSrvc - ok
17:36:08.0050 3248  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:36:08.0097 3248  wcncsvc - ok
17:36:08.0113 3248  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:36:08.0144 3248  WcsPlugInService - ok
17:36:08.0160 3248  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:36:08.0175 3248  Wd - ok
17:36:08.0191 3248  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:36:08.0222 3248  Wdf01000 - ok
17:36:08.0238 3248  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:36:08.0269 3248  WdiServiceHost - ok
17:36:08.0269 3248  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:36:08.0284 3248  WdiSystemHost - ok
17:36:08.0331 3248  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
17:36:08.0362 3248  WebClient - ok
17:36:08.0362 3248  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:36:08.0409 3248  Wecsvc - ok
17:36:08.0409 3248  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:36:08.0440 3248  wercplsupport - ok
17:36:08.0472 3248  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:36:08.0518 3248  WerSvc - ok
17:36:08.0550 3248  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:36:08.0581 3248  WfpLwf - ok
17:36:08.0596 3248  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:36:08.0612 3248  WIMMount - ok
17:36:08.0659 3248  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:36:08.0706 3248  WinDefend - ok
17:36:08.0706 3248  WinHttpAutoProxySvc - ok
17:36:08.0737 3248  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:36:08.0784 3248  Winmgmt - ok
17:36:08.0830 3248  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:36:08.0893 3248  WinRM - ok
17:36:08.0940 3248  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:36:08.0955 3248  WinUsb - ok
17:36:08.0971 3248  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:36:09.0002 3248  Wlansvc - ok
17:36:09.0080 3248  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:36:09.0127 3248  wlidsvc - ok
17:36:09.0142 3248  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:36:09.0174 3248  WmiAcpi - ok
17:36:09.0189 3248  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:36:09.0205 3248  wmiApSrv - ok
17:36:09.0236 3248  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:36:09.0267 3248  WMPNetworkSvc - ok
17:36:09.0283 3248  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:36:09.0298 3248  WPCSvc - ok
17:36:09.0314 3248  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:36:09.0330 3248  WPDBusEnum - ok
17:36:09.0361 3248  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:36:09.0392 3248  ws2ifsl - ok
17:36:09.0392 3248  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
17:36:09.0423 3248  wscsvc - ok
17:36:09.0423 3248  WSearch - ok
17:36:09.0470 3248  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:36:09.0517 3248  wuauserv - ok
17:36:09.0532 3248  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:36:09.0548 3248  WudfPf - ok
17:36:09.0548 3248  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:36:09.0564 3248  WUDFRd - ok
17:36:09.0626 3248  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:36:09.0673 3248  wudfsvc - ok
17:36:09.0688 3248  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:36:09.0735 3248  WwanSvc - ok
17:36:09.0766 3248  ================ Scan global ===============================
17:36:09.0782 3248  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:36:09.0813 3248  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:36:09.0829 3248  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:36:09.0860 3248  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:36:09.0876 3248  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:36:09.0891 3248  [Global] - ok
17:36:09.0891 3248  ================ Scan MBR ==================================
17:36:09.0907 3248  [ AF00FC1920E1CF861B39B90A4375EDF3 ] \Device\Harddisk0\DR0
17:36:10.0983 3248  \Device\Harddisk0\DR0 - ok
17:36:10.0983 3248  ================ Scan VBR ==================================
17:36:10.0983 3248  [ D6C9AA1F982E43EF3694E2C514B6D894 ] \Device\Harddisk0\DR0\Partition1
17:36:10.0983 3248  \Device\Harddisk0\DR0\Partition1 - ok
17:36:11.0014 3248  [ 6906C902F0E51AF117D14BDF3646A777 ] \Device\Harddisk0\DR0\Partition2
17:36:11.0014 3248  \Device\Harddisk0\DR0\Partition2 - ok
17:36:11.0046 3248  [ 4A6508FACEA94B9FCABE01BDC850863E ] \Device\Harddisk0\DR0\Partition3
17:36:11.0046 3248  \Device\Harddisk0\DR0\Partition3 - ok
17:36:11.0046 3248  ============================================================
17:36:11.0046 3248  Scan finished
17:36:11.0046 3248  ============================================================
17:36:11.0061 6164  Detected object count: 3
17:36:11.0061 6164  Actual detected object count: 3
17:39:15.0207 6164  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:15.0207 6164  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:15.0207 6164  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:15.0207 6164  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:15.0207 6164  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:15.0207 6164  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-10 23:13:43
-----------------------------
23:13:43.376    OS Version: Windows 6.1.7601 Service Pack 1
23:13:43.376    Number of processors: 4 586 0x2505
23:13:43.376    ComputerName: ****  UserName: 
23:13:45.763    Initialize success
23:14:48.315    AVAST engine defs: 13031001
23:15:11.949    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:15:11.965    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
23:15:11.996    Disk 0 MBR read successfully
23:15:11.996    Disk 0 MBR scan
23:15:11.996    Disk 0 Windows 7 default MBR code
23:15:12.012    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:15:12.012    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1388713 MB offset 206848
23:15:12.043    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 2844291072
23:15:12.074    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 2928177152
23:15:12.074    Disk 0 scanning sectors +2930275120
23:15:12.137    Disk 0 scanning C:\Windows\system32\drivers
23:15:19.905    Service scanning
23:15:25.693    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
23:15:26.301    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
23:15:26.317    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
23:15:26.348    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
23:15:26.364    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
23:15:26.395    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
23:15:35.677    Modules scanning
23:15:41.496    Disk 0 trace - called modules:
23:15:41.527    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
23:15:41.527    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8862b030]
23:15:41.543    3 CLASSPNP.SYS[8c45259e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86adb028]
23:15:44.600    AVAST engine scan C:\Windows
23:15:47.845    AVAST engine scan C:\Windows\system32
23:18:02.863    AVAST engine scan C:\Windows\system32\drivers
23:18:14.470    AVAST engine scan C:\Users\Michael (Admin)
23:18:32.706    AVAST engine scan C:\ProgramData
23:19:52.095    Scan finished successfully
23:21:09.939    Disk 0 MBR has been saved successfully to "C:\xx 12.10.2011\sonstiges\Logdateien\aswMBR\MBR.dat"
23:21:09.939    The log file has been saved successfully to "C:\xx 12.10.2011\sonstiges\Logdateien\aswMBR\aswMBR.txt"
         
AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 10/03/2013 um 19:33:38 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Michael (Admin) - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mama\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\pwjbvhe7.default\searchplugins\11-suche.xml

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\Michael (Admin)\AppData\Roaming\Mozilla\Firefox\Profiles\5awd1a7g.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\pwjbvhe7.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\zuqhyg52.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.152

Datei : C:\Users\Michael (Admin)\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1462 octets] - [15/09/2012 19:02:25]
AdwCleaner[R2].txt - [1489 octets] - [17/09/2012 10:04:44]
AdwCleaner[R3].txt - [1385 octets] - [10/03/2013 19:33:38]
AdwCleaner[S1].txt - [2203 octets] - [16/09/2012 16:37:29]

########## EOF - \AdwCleaner[R3].txt - [1505 octets] ##########
         
Edit: Noch eine Frage: Muss ich mir um die externen Daten zum jetzigen Zeitpunkt Gedanken machen?

Geändert von windchill (10.03.2013 um 22:38 Uhr)

Alt 11.03.2013, 08:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.03.2013, 19:33   #9
windchill
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Code:
ATTFilter
ComboFix 13-03-11.01 - Michael (Admin) 11.03.2013  20:18:32.3.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3063.1788 [GMT 1:00]
ausgeführt von:: c:\users\Mama\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-11 bis 2013-03-11  ))))))))))))))))))))))))))))))
.
.
2013-03-11 19:22 . 2013-03-11 19:22	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-03-11 19:22 . 2013-03-11 19:22	--------	d-----w-	c:\users\Michael\AppData\Local\temp
2013-03-11 19:22 . 2013-03-11 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-08 17:28 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F2E24E6C-E531-4261-B533-E70610712608}\mpengine.dll
2013-03-07 20:22 . 2013-03-07 20:22	--------	d-----w-	c:\users\Michael (Admin)\AppData\Local\Programs
2013-02-21 10:59 . 2013-02-21 11:01	--------	d-----w-	C:\Ryzhov
2013-02-14 07:54 . 2013-01-04 03:00	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 07:53 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-14 07:53 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 07:53 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-02-14 07:53 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 07:53 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 04:27 . 2012-04-05 17:55	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-18 04:27 . 2011-10-31 08:10	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 12:03 . 2013-02-09 12:03	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-09 12:03 . 2012-06-17 21:42	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-09 12:03 . 2010-08-30 10:05	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-27 13:35 . 2013-01-27 13:35	113608	----a-w-	c:\windows\system32\drivers\scdemu.sys
2013-01-17 00:28 . 2010-08-30 16:46	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-06 17:48 . 2012-06-08 10:38	43608	----a-w-	c:\windows\system32\drivers\kltdi.sys
2012-12-16 14:13 . 2012-12-21 10:07	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 10:07	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-14 15:49 . 2012-09-10 16:50	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-10 12:45 . 2013-02-10 12:45	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-06 356376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Mama\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" [2013-02-16 1363016]
.
c:\users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 21:21	103720	------w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55	49208	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-12-14 15:49	512360	----a-w-	c:\program files\Malwarebytes' Anti-Malware nochmal\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-07-30 08:56	162408	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2013-01-27 13:36	337432	----a-w-	c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-06 20:05	4780928	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware nochmal\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware nochmal\mbamservice.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 12:12	1630672	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-12 19:27]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-12 19:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-11  20:24:27
ComboFix-quarantined-files.txt  2013-03-11 19:24
ComboFix2.txt  2012-09-21 12:53
.
Vor Suchlauf: 15 Verzeichnis(se), 767.219.314.688 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 767.019.126.784 Bytes frei
.
- - End Of File - - E67143A2A5C7D928EFBF1903047BD6CE
         

Alt 11.03.2013, 21:32   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Dirlook::
    C:\Ryzhov
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.03.2013, 19:53   #11
windchill
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Als Archiv im Anhang.

Alt 12.03.2013, 22:48   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Zitat:
c:\ryzhov\DICOM\ST00001\SE00003\IM00009
Hm...ich weiß nicht was ich von diesem Ordner halten soll

Sagt dir der Ordner c:\ryzhov\ ietwas?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 09:41   #13
windchill
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Der Ordner sollte harmlos sein. Den habe ich erstellt. Das war eine ISO-Datei von einer MRT-CD, die meine Mutter von einem Bekannten aus Russland zugeschickt bekam (bzw. Download via Link) mit der Bitte, einen entsprechenden Facharzt zu suchen und ihm vorzulegen. => DICOM ist das universelle Format für Aufnahmen in der Medizin. Der Hauptfehler in dem Ordner ist, dass die Software zur Betrachtung der Bilder nicht mit dabei war. In dem Fall: Ordnername=Name ; Eigentlich wäre es mir lieber, wenn der ganze Ordner extern liegen würde. Nur ist da der Dateipfad zu lang für Windows.

Alt 13.03.2013, 11:16   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Ok, dann hab ich das falsch interpretiert, da ich DICOM nicht kannte

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 11:24   #15
windchill
 
Groupon Trojaner, die Hundertste... - Standard

Groupon Trojaner, die Hundertste...



Das mache ich am Wochenende, da ich es bis dahin nicht schaffe, bei meinen Eltern vorbeizukommen.

Antwort

Themen zu Groupon Trojaner, die Hundertste...
32 bit, 7-zip, adobe reader xi, application/pdf:, bho, desktop, ebanking, error, eset smart security, fehler, fehlercode 2, fehlercode 21, festplatte, firefox, flash player, format, groupon, home, internet, internet security 2013, kaspersky, kaspersky internet security 2013, logfile, nodrives, office 2007, officejet, prefetch, programm, realtek, registry, richtlinie, rundll, scan, schädling, senden, svchost.exe, taskhost.exe, tastatur, trojaner, udp, usb, windows



Ähnliche Themen: Groupon Trojaner, die Hundertste...


  1. Groupon Virus/Trojaner
    Log-Analyse und Auswertung - 29.05.2013 (74)
  2. Groupon Trojaner
    Log-Analyse und Auswertung - 30.03.2013 (28)
  3. Groupon Trojaner
    Log-Analyse und Auswertung - 26.03.2013 (9)
  4. Groupon Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (29)
  5. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (11)
  6. Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (10)
  7. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2013 (16)
  8. Groupon Trojaner per Anhang geöffnet
    Log-Analyse und Auswertung - 15.03.2013 (11)
  9. Groupon AG Abrechnung - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (2)
  10. Groupon Trojaner-Bereinigung
    Log-Analyse und Auswertung - 14.03.2013 (72)
  11. Nochmal Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (1)
  12. 2x | Groupon Trojaner
    Mülltonne - 13.03.2013 (5)
  13. Groupon Nachricht mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (5)
  14. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (24)
  15. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (13)
  16. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (5)
  17. Windows Security sperrt PC, 100 Euro (die Hundertste)
    Log-Analyse und Auswertung - 06.02.2012 (34)

Zum Thema Groupon Trojaner, die Hundertste... - Guten Abend, meine Mutter hat sich den o.g. Schädling eingefangen, indem sie den Anhang mit der angeblichen Rechnung versucht hat zu öffnen. Vorab: Es sind offensichtlich keine Dateien verschlüsselt worden - Groupon Trojaner, die Hundertste......
Archiv
Du betrachtest: Groupon Trojaner, die Hundertste... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.