Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Von Trojaner in Groupon Mail erwischt!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.03.2013, 01:27   #1
tubtub
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Hallo liebes Trojaner-Board,

den Rechner der Schwiegermutter hat es leider mit dem Trojaner erwischt, der derzeit ueber gefaelsche Groupon-Mails verteilt wird. Der Trojaner ist ja derzeit hoch im Kurs, wie man an den zahlreichen Threads sehen kann

Bevor die ganzen Logfiles kommen, moechte ich mich schon einmal vorab fuer eure (nicht selbstverstaendliche) Hilfe bedanken Finde es toll, dass ihr den vielen Nutzern da draußen zur Seite steht!


Dann fangen wir man mit den Logs an:
Mamb habe ich einmal QuickScan gemacht und einmal Total Scan.

MBAM #1
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***VAIO [Administrator]

09.03.2013 10:32:48
mbam-log-2013-03-09 (10-32-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196196
Laufzeit: 6 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Unzaiz (IPH.Trojan.Zbot.Rke) -> Daten: C:\Users\***\AppData\Roaming\Opxuxa\kyoq.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\***\AppData\Roaming\Opxuxa\kyoq.exe (IPH.Trojan.Zbot.Rke) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\dxftdxftdp.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\fxlaeplaep.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\hrlzpwmkpw.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\ojnqojnqoj.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\plaenjoqnj.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\rszlrwpkmw.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\urvguqnjoq.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

MBAM #2
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.09.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***VAIO [Administrator]

09.03.2013 16:17:25
mbam-log-2013-03-09 (16-17-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 328382
Laufzeit: 1 Stunde(n), 32 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|logonsxplay (Trojan.FakeMS.PRGen) -> Daten: "C:\Users\***\AppData\Roaming\logonsxplay.exe" -autorun -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\AppData\Roaming\logonsxplay.exe (Trojan.FakeMS.PRGen) -> Löschen bei Neustart.
C:\Users\***\AppData\Roaming\Qeevt\ikfo.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Defogger_disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)

Log created at 22:32 on 09/03/2013 (***)



Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.



Checking for services/drivers...

-=E.O.F=-
         
OTL
[CODE]<OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.03.2013 22:33:45 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,22 Gb Available Physical*** Memory | 74,70% Memory free
5,93 Gb Paging File | 5,14 Gb Available in Paging File | 86,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 251,75 Gb Free Space | 84,48% Space Free | Partition Type: NTFS
 
Computer Name: ***VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.icq.com/search/results.php?q=www%20.my2peu&ch_id=rsrh&icid=rs_ra
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 24 6F E9 91 91 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_ptnrs=U3&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4&apn_dtid=OSJ000YYDE&&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.12.24 16:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.12.24 16:23:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.17 16:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.25 09:48:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.24 07:36:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M]
 
[2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.25 09:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions
[2010.09.16 14:26:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.12.25 09:59:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions\toolbar@ask.com
[2012.12.25 09:59:05 | 000,002,308 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\askcom.xml
[2010.10.10 09:56:59 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin-1.xml
[2010.06.25 19:58:07 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin-2.xml
[2010.05.13 09:01:56 | 000,000,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif
[2010.05.13 09:01:56 | 000,000,618 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src
[2010.05.03 07:40:34 | 000,000,955 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.xml
[2012.12.25 09:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012.12.25 09:48:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2010.01.10 02:41:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://start.icq.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Ihitibuql] C:\Users\***\AppData\Roaming\Qeevt\ikfo.exe File not found
O4 - HKCU..\Run: [logonsxplay] "C:\Users\***\AppData\Roaming\logonsxplay.exe" -autorun File not found
O4 - HKCU..\Run: [yvbnuzyr] C:\Users\***\AppData\Roaming\Fzsrlmkpwmk\rlzsruzyr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD24621-C4EB-44F2-A186-64C0C34F0CA6}: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00F7F23-CF56-4DE2-9F0B-64D90B5216B3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ufuv
[2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qeevt
[2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ifeso
[2013.03.09 15:43:22 | 000,103,680 | ---- | C] (GMER) -- C:\pwldrpow.sys
[2013.03.09 10:33:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.09 10:32:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.03.09 10:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.09 10:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.09 10:32:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.09 10:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.09 10:31:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Pyinfa
[2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opxuxa
[2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Iqdeeg
[2013.03.06 18:13:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Fzsrlmkpwmk
[2013.02.28 07:01:14 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.28 07:00:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.28 07:00:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 07:00:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 07:00:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 07:00:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 07:00:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 07:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 07:00:52 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.28 07:00:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.28 07:00:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.28 07:00:52 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.28 07:00:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.28 07:00:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.28 07:00:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.28 07:00:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.28 07:00:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.28 07:00:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.28 07:00:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.28 07:00:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.28 07:00:50 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.24 10:50:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.15 11:41:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.15 11:41:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.15 11:41:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.15 11:41:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.15 11:41:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.15 11:41:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.15 11:41:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.15 11:41:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 06:57:47 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.14 06:57:46 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.14 06:57:39 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.14 06:57:37 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.14 06:57:35 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.09 22:30:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.09 22:30:43 | 2389,991,424 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.09 22:27:16 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job
[2013.03.09 17:23:06 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job
[2013.03.09 16:21:30 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 16:21:30 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.09 15:58:49 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.09 15:58:49 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.09 15:58:49 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.09 15:58:49 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.09 15:54:11 | 277,580,427 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.09 15:43:22 | 000,103,680 | ---- | M] (GMER) -- C:\pwldrpow.sys
[2013.03.09 15:41:54 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\62t7zc1d.exe
[2013.03.09 10:50:03 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.03.09 10:32:20 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.15 14:34:51 | 000,285,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.09 15:42:48 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\62t7zc1d.exe
[2013.03.09 10:50:03 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.03.09 10:49:29 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.03.09 10:32:20 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.24 10:50:06 | 277,580,427 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.24 16:10:49 | 000,233,428 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.06.25 07:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.07.23 20:10:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


OTL-Extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.03.2013 22:33:45 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 74,70% Memory free
5,93 Gb Paging File | 5,14 Gb Available in Paging File | 86,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 251,75 Gb Free Space | 84,48% Space Free | Partition Type: NTFS
 
Computer Name: ***VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094996CA-E65F-44C8-835F-1C367872391C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{136DDA6F-E8EF-4DDD-8A0C-CB6ACFCCA7FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{23F99119-898B-4280-B9D0-F0BCEDD67985}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2EBD564A-BB12-4DAB-9CA3-EB227AE3FC9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37A3B365-793C-423E-8256-C5CE6952D0F6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{3ECBE7EA-B7ED-4C26-B07A-3CB4ED69381D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{4C2AA18A-C09C-4AA2-ABBF-A6C53DE6AEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52AACB24-71F4-4F18-9F2E-78A7CEE86F47}" = lport=137 | protocol=17 | dir=in | app=system | 
"{58D1B7EC-E59B-411B-9581-58232AEE8E49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59BFBA95-E959-4740-9C93-10F2B78CC668}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5C773D43-62C7-46C2-8C3D-732C94537034}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5D6C1BB8-9656-449E-A4E8-5CE1E69B5A51}" = lport=445 | protocol=6 | dir=in | app=system | 
"{60A080A5-9451-4975-B537-C92088D350C6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{75BC0315-C35D-4F6C-B74D-8B132964B754}" = rport=445 | protocol=6 | dir=out | app=system | 
"{820FD69A-E5E4-412A-8583-E82C91F85C13}" = rport=138 | protocol=17 | dir=out | app=system | 
"{84183F74-09C6-4D51-9113-53E4E24AE2E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{87ABC2F3-E4F3-424B-81C9-108E6FF907CC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8FC87411-A396-475D-9DCB-98DE816286FC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{8FCDD4C6-756C-41D1-887C-D799AEA4BB72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{90B5C03C-A4BB-418F-A945-FC3C8A1E62B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A4688F0-4AA6-4CE0-9029-3EF1F88A97C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B646A19B-DB53-4747-9972-63444F300E7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D14012FD-843B-458A-B70A-FE603B489546}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E0E71539-6B6D-446B-9D2C-8539F9DDE526}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E226B3FE-D929-4B74-A9BB-77F63A33BCD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E73BE68A-D554-4FEF-B59B-3EB2188121EC}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{EAB9748B-E62B-46D2-A48E-C66A5B19FB69}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F627807C-D229-49A5-A56E-DE6B6C543FC1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ED89ED-6DB0-4E3F-A568-0DE5A4759125}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{02E59A63-8B64-4D17-95CF-57E7BE9E7F37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{088B899C-C32D-44B6-BF66-C6C253DFA2BC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{08D1FE0E-702A-412B-A063-267D34F17471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{0E679BDB-25EF-4DDA-BBEF-29C66500BA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0EAFEF0B-6C81-4B7F-84C0-B51B41BC17EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21110A92-AF21-4086-8AF9-3A458028E0CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{225AC6B8-34BD-4933-A4D5-219CEDD057AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25D9DE28-7A74-4CEB-849E-67CA37A03BE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{358F7079-8C20-4C36-AA51-442BC76A2800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40F6A69E-D5F5-4B7F-9761-DDD1DCA574B4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{426C8F29-A45D-4E6A-A1C0-D4F69A6934E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{581544E0-82D7-47B4-91A6-D0B4C8413143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5B776B19-39D8-4EF6-B17F-799B70432865}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5CB671D1-D686-4D35-AB1E-B1638D72622F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{5E0DF78D-4DBA-4F8D-9A9C-5A6F98893DD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{60D7477D-641E-4D19-BB53-17880C444F28}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{67E89227-B7B9-41A8-A172-5141E1487191}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{80AF329B-E351-45FE-8882-61143EA0550D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{826F2BC6-1106-4DB1-A485-0132878A8C75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{82EDF5DD-A661-46A3-9E93-FDFB45650CC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{875782A3-DBE0-400E-AB13-79398CE8406B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{908EAF06-0CCD-4DAE-9240-053CCC04EE8D}" = dir=in | app=d:\setup\hpznui01.exe | 
"{917F978C-9A19-4CDC-BEFD-A6CA35DBF06F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{9825950B-032D-4F47-A5E4-05985E2BC4FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{A22F3D72-576C-4485-9DB3-264922CC472D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A76C0F74-5ACF-4331-9729-4B60DEBAF778}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{AA264C12-D44E-4BA6-AFCA-39B5F2E48A99}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B2FBE510-8E94-460A-A9AC-64756BF5A2DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{B75FE7C3-B654-4F16-A109-EC53684875A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD4935B2-D217-4CE5-BF66-5E5F621CC329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C376CA4F-78AC-41BE-ADDC-C5BEF387CF31}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{C9080702-6DC2-4B00-8D8B-1997835C9060}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD9B3420-7237-4229-92DB-677ADC966293}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D9E9D88C-FE42-447A-B0E1-A9ACA3AECB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCAED501-CA75-484A-9920-99E3A2FDED5D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{EB718348-5EA9-4984-B6E6-8BCD23FA74E6}" = protocol=6 | dir=out | app=system | 
"{EB9EC25B-9F4C-4341-B422-A08D91BEB16A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EEB12239-5200-4F0E-8752-74523DD036A3}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{FD5CD563-7FBE-40B1-BB17-166E003C8785}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{FEC4EA92-D755-4913-8526-D976E3F4FC35}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"TCP Query User{90588771-C430-49C5-9F4D-9BFD73DFDABD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{D00D5291-8C66-47A5-9BA8-0EC67DAA22B7}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{E384F343-898A-4B12-A569-57D4B6A46E5B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F671D4FA-5F6D-4FE3-A8B0-0055714CEF0A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{FBC7383F-8398-4F44-BAFB-490DB0B60FB4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{3C673A55-CD7B-4CF2-9E0A-FE83DD99B956}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{6A426BC9-A06E-4053-90B0-4D7B98A376A9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{802B94D4-0BCE-4580-A566-53D071E93AE5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DEE0ECEC-D4E7-464E-A39F-15B50893093B}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{E4DBD2E1-D827-4279-9683-4E5AD78B142D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2011 03:45:53 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.08.2011 03:45:53 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.08.2011 09:01:19 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.08.2011 09:01:19 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.08.2011 10:15:25 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.08.2011 10:15:25 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.08.2011 11:47:48 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.08.2011 11:47:48 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.08.2011 12:08:10 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.08.2011 12:08:10 | Computer Name = ***Vaio | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
[ System Events ]
Error - 09.03.2013 10:47:38 | Computer Name = ***Vaio | Source = BugCheck | ID = 1001
Description = 
 
Error - 09.03.2013 10:47:25 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 09.03.2013 10:47:25 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.03.2013 10:54:18 | Computer Name = ***Vaio | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?03.?2013 um 15:53:16 unerwartet heruntergefahren.
 
Error - 09.03.2013 10:54:26 | Computer Name = ***VAIO | Source = BugCheck | ID = 1001
Description = 
 
Error - 09.03.2013 10:54:17 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 09.03.2013 10:54:17 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.03.2013 17:26:54 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.03.2013 17:30:52 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 09.03.2013 17:30:52 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---


GMER
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 02:02:08
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9SA00 rev.FB4OC43C 298,09GB
Running: 62t7zc1d.exe; Driver: C:\Users\***\AppData\Local\Temp\pwldrpow.sys


---- System - GMER 2.1 ----

SSDT   90F088FE                                                                                           ZwCreateSection
SSDT   90F08908                                                                                           ZwRequestWaitReplyPort
SSDT   90F08903                                                                                           ZwSetContextThread
SSDT   90F0890D                                                                                           ZwSetSecurityObject
SSDT   90F08912                                                                                           ZwSystemDebugControl
SSDT   90F0889F                                                                                           ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                           82A4B9E9 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                             82A851C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                82A8C30C 4 Bytes  [FE, 88, F0, 90]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                82A8C668 4 Bytes  [08, 89, F0, 90]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                82A8C6AC 4 Bytes  [03, 89, F0, 90]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                82A8C728 4 Bytes  [0D, 89, F0, 90]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                82A8C77C 4 Bytes  [12, 89, F0, 90]
.text  ...                                                                                                
?      System32\drivers\tvmmsbgh.sys                                                                      Das System kann den angegebenen Pfad nicht finden. !
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                           section is writeable [0x9161A000, 0x2D5378, 0xE8000020]

---- User IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [744624CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]               [7444562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [744456EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                     [74462546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]           [744585AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]             [74454D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [74455105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]           [744551DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [74456707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [74458301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]       [74458850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]     [744590B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]           [7445E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\Explorer.EXE[1716] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]               [74454C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                    [744624CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]               [7444562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]              [744456EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                     [74462546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]           [744585AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]             [74454D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]            [74455105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]           [744551DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [74456707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]            [74458301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]       [74458850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]     [744590B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]           [7445E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT    C:\Windows\explorer.exe[2520] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]               [74454C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll

---- EOF - GMER 2.1 ----
         

Vielen Dank fuer eure Mithilfe!

Falls ich noch irgend etwas beisteuern kann, lasst es mich bitte wissen.

Gerade hat Antivir noch 2 erkannt, welche nicht von MBAM erkannt wurden:

Code:
ATTFilter
TR/Yakes.cnls - \Users\***\AppData\Roaming\Fzsrlmkpwmk\rlzsruzyr.exe
TR/Jorik.Bublik.ca - \Users\***\AppData\Local\Temp\tmp4b6956ba\vv0603.wzw
         
Vielen Dank!

Beste Grueße

Alt 10.03.2013, 20:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Hallo und

Zitat:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 13.03.2013, 00:16   #3
tubtub
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Hallo cosinus,

danke, dass du dich meiner annimmst.

Zuerst die Antwort auf deine Frage: Als Student bekommt man von der Uni Windows Professional Lizenzen (ich glaube bis zu 2 oder 3, kostenfrei).

Genutzt wird der Laptop privat von den Schwiegereltern in spe.


Ich habe nun alle Tests durchlaufen lassen. Hier die Logs:

MBAR:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.12.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***VAIO [administrator]

12.03.2013 22:05:24
mbar-log-2013-03-12 (22-05-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28262
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-12 22:37:29
-----------------------------
22:37:29.673    OS Version: Windows 6.1.7601 Service Pack 1
22:37:29.673    Number of processors: 2 586 0xF0D
22:37:29.674    ComputerName: ANNAVAIO  UserName: Anna
22:37:31.006    Initialize success
22:37:43.570    AVAST engine defs: 13031200
22:37:56.027    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:37:56.032    Disk 0 Vendor: Hitachi_HTS543232L9SA00 FB4OC43C Size: 305245MB BusType: 11
22:37:56.057    Disk 0 MBR read successfully
22:37:56.057    Disk 0 MBR scan
22:37:56.067    Disk 0 Windows 7 default MBR code
22:37:56.082    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:37:56.102    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305143 MB offset 206848
22:37:56.122    Disk 0 scanning sectors +625139712
22:37:56.222    Disk 0 scanning C:\Windows\system32\drivers
22:38:11.407    Service scanning
22:38:44.386    Modules scanning
22:38:57.348    Disk 0 trace - called modules:
22:38:57.388    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
22:38:57.398    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d62490]
22:38:57.403    3 CLASSPNP.SYS[8b00459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c91030]
22:38:58.613    AVAST engine scan C:\
00:46:22.616    Scan finished successfully
00:54:37.856    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
00:54:37.861    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR-00.54.txt"
         
TDSSKiller
Code:
ATTFilter
00:55:37.0139 3212  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:55:37.0379 3212  ============================================================
00:55:37.0379 3212  Current date / time: 2013/03/13 00:55:37.0379
00:55:37.0379 3212  SystemInfo:
00:55:37.0379 3212  
00:55:37.0379 3212  OS Version: 6.1.7601 ServicePack: 1.0
00:55:37.0379 3212  Product type: Workstation
00:55:37.0379 3212  ComputerName: ANNAVAIO
00:55:37.0379 3212  UserName: Anna
00:55:37.0379 3212  Windows directory: C:\Windows
00:55:37.0379 3212  System windows directory: C:\Windows
00:55:37.0379 3212  Processor architecture: Intel x86
00:55:37.0379 3212  Number of processors: 2
00:55:37.0379 3212  Page size: 0x1000
00:55:37.0379 3212  Boot type: Normal boot
00:55:37.0379 3212  ============================================================
00:55:38.0971 3212  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:55:38.0976 3212  ============================================================
00:55:38.0976 3212  \Device\Harddisk0\DR0:
00:55:38.0976 3212  MBR partitions:
00:55:38.0976 3212  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:55:38.0976 3212  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
00:55:38.0976 3212  ============================================================
00:55:39.0086 3212  C: <-> \Device\Harddisk0\DR0\Partition2
00:55:39.0086 3212  ============================================================
00:55:39.0086 3212  Initialize success
00:55:39.0086 3212  ============================================================
00:56:26.0734 2120  ============================================================
00:56:26.0734 2120  Scan started
00:56:26.0734 2120  Mode: Manual; SigCheck; TDLFS; 
00:56:26.0734 2120  ============================================================
00:56:27.0239 2120  ================ Scan system memory ========================
00:56:27.0239 2120  System memory - ok
00:56:27.0244 2120  ================ Scan services =============================
00:56:27.0476 2120  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:56:27.0591 2120  1394ohci - ok
00:56:27.0626 2120  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:56:27.0646 2120  ACPI - ok
00:56:27.0661 2120  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:56:27.0716 2120  AcpiPmi - ok
00:56:27.0806 2120  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:56:27.0821 2120  AdobeFlashPlayerUpdateSvc - ok
00:56:27.0876 2120  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:56:27.0926 2120  adp94xx - ok
00:56:27.0941 2120  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:56:27.0961 2120  adpahci - ok
00:56:27.0971 2120  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:56:27.0986 2120  adpu320 - ok
00:56:28.0026 2120  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:56:28.0076 2120  AeLookupSvc - ok
00:56:28.0121 2120  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
00:56:28.0176 2120  AFD - ok
00:56:28.0201 2120  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
00:56:28.0216 2120  agp440 - ok
00:56:28.0256 2120  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
00:56:28.0271 2120  aic78xx - ok
00:56:28.0326 2120  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
00:56:28.0361 2120  ALG - ok
00:56:28.0396 2120  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:56:28.0411 2120  aliide - ok
00:56:28.0446 2120  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:56:28.0501 2120  AMD External Events Utility - ok
00:56:28.0516 2120  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
00:56:28.0531 2120  amdagp - ok
00:56:28.0541 2120  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:56:28.0556 2120  amdide - ok
00:56:28.0591 2120  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:56:28.0641 2120  AmdK8 - ok
00:56:28.0651 2120  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:56:28.0679 2120  AmdPPM - ok
00:56:28.0713 2120  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:56:28.0728 2120  amdsata - ok
00:56:28.0738 2120  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:56:28.0758 2120  amdsbs - ok
00:56:28.0778 2120  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:56:28.0793 2120  amdxata - ok
00:56:28.0913 2120  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
00:56:28.0938 2120  AntiVirSchedulerService - ok
00:56:29.0003 2120  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
00:56:29.0018 2120  AntiVirService - ok
00:56:29.0058 2120  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
00:56:29.0188 2120  AppID - ok
00:56:29.0233 2120  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:56:29.0293 2120  AppIDSvc - ok
00:56:29.0333 2120  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
00:56:29.0368 2120  Appinfo - ok
00:56:29.0443 2120  [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:56:29.0483 2120  Apple Mobile Device - ok
00:56:29.0528 2120  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:56:29.0563 2120  AppMgmt - ok
00:56:29.0598 2120  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:56:29.0618 2120  arc - ok
00:56:29.0628 2120  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:56:29.0643 2120  arcsas - ok
00:56:29.0668 2120  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:56:29.0778 2120  AsyncMac - ok
00:56:29.0813 2120  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
00:56:29.0828 2120  atapi - ok
00:56:29.0998 2120  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:56:30.0183 2120  atikmdag - ok
00:56:30.0253 2120  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:56:30.0298 2120  AudioEndpointBuilder - ok
00:56:30.0313 2120  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
00:56:30.0348 2120  Audiosrv - ok
00:56:30.0398 2120  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
00:56:30.0418 2120  avgntflt - ok
00:56:30.0468 2120  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
00:56:30.0483 2120  avipbb - ok
00:56:30.0523 2120  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
00:56:30.0538 2120  avkmgr - ok
00:56:30.0588 2120  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:56:30.0653 2120  AxInstSV - ok
00:56:30.0698 2120  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
00:56:30.0753 2120  b06bdrv - ok
00:56:30.0783 2120  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
00:56:30.0803 2120  b57nd60x - ok
00:56:30.0828 2120  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:56:30.0873 2120  BDESVC - ok
00:56:30.0898 2120  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:56:30.0928 2120  Beep - ok
00:56:30.0978 2120  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
00:56:31.0033 2120  BFE - ok
00:56:31.0083 2120  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
00:56:31.0143 2120  BITS - ok
00:56:31.0158 2120  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:56:31.0178 2120  blbdrive - ok
00:56:31.0293 2120  [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:56:31.0308 2120  Bonjour Service - ok
00:56:31.0353 2120  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:56:31.0403 2120  bowser - ok
00:56:31.0433 2120  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:56:31.0473 2120  BrFiltLo - ok
00:56:31.0493 2120  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:56:31.0528 2120  BrFiltUp - ok
00:56:31.0583 2120  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
00:56:31.0638 2120  Browser - ok
00:56:31.0678 2120  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:56:31.0718 2120  Brserid - ok
00:56:31.0728 2120  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:56:31.0748 2120  BrSerWdm - ok
00:56:31.0763 2120  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:56:31.0798 2120  BrUsbMdm - ok
00:56:31.0813 2120  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:56:31.0838 2120  BrUsbSer - ok
00:56:31.0843 2120  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:56:31.0873 2120  BTHMODEM - ok
00:56:31.0913 2120  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
00:56:31.0963 2120  bthserv - ok
00:56:31.0993 2120  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:56:32.0033 2120  cdfs - ok
00:56:32.0093 2120  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
00:56:32.0133 2120  cdrom - ok
00:56:32.0183 2120  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:56:32.0233 2120  CertPropSvc - ok
00:56:32.0253 2120  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:56:32.0273 2120  circlass - ok
00:56:32.0308 2120  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
00:56:32.0333 2120  CLFS - ok
00:56:32.0408 2120  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:56:32.0433 2120  clr_optimization_v2.0.50727_32 - ok
00:56:32.0523 2120  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:56:32.0553 2120  clr_optimization_v4.0.30319_32 - ok
00:56:32.0578 2120  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:56:32.0593 2120  CmBatt - ok
00:56:32.0628 2120  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:56:32.0658 2120  cmdide - ok
00:56:32.0708 2120  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
00:56:32.0748 2120  CNG - ok
00:56:32.0778 2120  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:56:32.0793 2120  Compbatt - ok
00:56:32.0833 2120  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:56:32.0868 2120  CompositeBus - ok
00:56:32.0888 2120  COMSysApp - ok
00:56:32.0908 2120  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:56:32.0923 2120  crcdisk - ok
00:56:32.0973 2120  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:56:33.0013 2120  CryptSvc - ok
00:56:33.0058 2120  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
00:56:33.0108 2120  CSC - ok
00:56:33.0138 2120  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
00:56:33.0188 2120  CscService - ok
00:56:33.0228 2120  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:56:33.0273 2120  DcomLaunch - ok
00:56:33.0313 2120  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
00:56:33.0358 2120  defragsvc - ok
00:56:33.0408 2120  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:56:33.0483 2120  DfsC - ok
00:56:33.0553 2120  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:56:33.0588 2120  Dhcp - ok
00:56:33.0613 2120  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
00:56:33.0663 2120  discache - ok
00:56:33.0693 2120  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:56:33.0708 2120  Disk - ok
00:56:33.0753 2120  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:56:33.0818 2120  Dnscache - ok
00:56:33.0868 2120  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:56:33.0913 2120  dot3svc - ok
00:56:33.0958 2120  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
00:56:34.0015 2120  DPS - ok
00:56:34.0045 2120  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:56:34.0065 2120  drmkaud - ok
00:56:34.0115 2120  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:56:34.0150 2120  DXGKrnl - ok
00:56:34.0185 2120  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
00:56:34.0225 2120  EapHost - ok
00:56:34.0330 2120  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
00:56:34.0520 2120  ebdrv - ok
00:56:34.0545 2120  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
00:56:34.0595 2120  EFS - ok
00:56:34.0645 2120  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:56:34.0710 2120  ehRecvr - ok
00:56:34.0735 2120  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
00:56:34.0765 2120  ehSched - ok
00:56:34.0810 2120  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:56:34.0840 2120  elxstor - ok
00:56:34.0910 2120  [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
00:56:34.0945 2120  EPSON_PM_RPCV4_01 - ok
00:56:34.0955 2120  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:56:34.0980 2120  ErrDev - ok
00:56:35.0030 2120  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
00:56:35.0075 2120  EventSystem - ok
00:56:35.0090 2120  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
00:56:35.0130 2120  exfat - ok
00:56:35.0150 2120  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:56:35.0195 2120  fastfat - ok
00:56:35.0255 2120  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
00:56:35.0300 2120  Fax - ok
00:56:35.0320 2120  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:56:35.0350 2120  fdc - ok
00:56:35.0375 2120  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
00:56:35.0425 2120  fdPHost - ok
00:56:35.0440 2120  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
00:56:35.0490 2120  FDResPub - ok
00:56:35.0505 2120  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:56:35.0520 2120  FileInfo - ok
00:56:35.0535 2120  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:56:35.0575 2120  Filetrace - ok
00:56:35.0595 2120  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:56:35.0615 2120  flpydisk - ok
00:56:35.0645 2120  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:56:35.0665 2120  FltMgr - ok
00:56:35.0740 2120  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
00:56:35.0800 2120  FontCache - ok
00:56:35.0865 2120  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:56:35.0895 2120  FontCache3.0.0.0 - ok
00:56:35.0910 2120  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:56:35.0925 2120  FsDepends - ok
00:56:35.0965 2120  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:56:35.0980 2120  Fs_Rec - ok
00:56:36.0040 2120  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:56:36.0060 2120  fvevol - ok
00:56:36.0090 2120  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:56:36.0105 2120  gagp30kx - ok
00:56:36.0140 2120  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:56:36.0150 2120  GEARAspiWDM - ok
00:56:36.0200 2120  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:56:36.0240 2120  gpsvc - ok
00:56:36.0265 2120  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:56:36.0310 2120  hcw85cir - ok
00:56:36.0375 2120  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:56:36.0405 2120  HdAudAddService - ok
00:56:36.0430 2120  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
00:56:36.0460 2120  HDAudBus - ok
00:56:36.0480 2120  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:56:36.0510 2120  HidBatt - ok
00:56:36.0520 2120  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:56:36.0550 2120  HidBth - ok
00:56:36.0565 2120  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:56:36.0585 2120  HidIr - ok
00:56:36.0615 2120  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
00:56:36.0675 2120  hidserv - ok
00:56:36.0720 2120  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
00:56:36.0745 2120  HidUsb - ok
00:56:36.0775 2120  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:56:36.0815 2120  hkmsvc - ok
00:56:36.0865 2120  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:56:36.0925 2120  HomeGroupListener - ok
00:56:36.0965 2120  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:56:37.0005 2120  HomeGroupProvider - ok
00:56:37.0140 2120  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:56:37.0160 2120  hpqcxs08 - ok
00:56:37.0170 2120  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:56:37.0180 2120  hpqddsvc - ok
00:56:37.0225 2120  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:56:37.0240 2120  HpSAMD - ok
00:56:37.0275 2120  [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
00:56:37.0300 2120  HPSLPSVC - ok
00:56:37.0370 2120  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:56:37.0455 2120  HTTP - ok
00:56:37.0545 2120  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:56:37.0590 2120  hwpolicy - ok
00:56:37.0650 2120  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:56:37.0700 2120  i8042prt - ok
00:56:37.0730 2120  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:56:37.0750 2120  iaStorV - ok
00:56:37.0820 2120  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:56:37.0855 2120  idsvc - ok
00:56:37.0905 2120  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:56:37.0920 2120  iirsp - ok
00:56:37.0990 2120  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
00:56:38.0050 2120  IKEEXT - ok
00:56:38.0070 2120  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:56:38.0085 2120  intelide - ok
00:56:38.0120 2120  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:56:38.0140 2120  intelppm - ok
00:56:38.0155 2120  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:56:38.0205 2120  IPBusEnum - ok
00:56:38.0225 2120  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:56:38.0265 2120  IpFilterDriver - ok
00:56:38.0320 2120  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:56:38.0370 2120  iphlpsvc - ok
00:56:38.0405 2120  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:56:38.0430 2120  IPMIDRV - ok
00:56:38.0445 2120  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:56:38.0485 2120  IPNAT - ok
00:56:38.0540 2120  [ 8F610078437A459948480407F4DB91EA ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:56:38.0565 2120  iPod Service - ok
00:56:38.0610 2120  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:56:38.0655 2120  IRENUM - ok
00:56:38.0675 2120  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:56:38.0690 2120  isapnp - ok
00:56:38.0725 2120  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:56:38.0745 2120  iScsiPrt - ok
00:56:38.0785 2120  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
00:56:38.0800 2120  kbdclass - ok
00:56:38.0820 2120  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
00:56:38.0850 2120  kbdhid - ok
00:56:38.0870 2120  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
00:56:38.0885 2120  KeyIso - ok
00:56:38.0920 2120  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:56:38.0935 2120  KSecDD - ok
00:56:38.0970 2120  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:56:38.0985 2120  KSecPkg - ok
00:56:39.0025 2120  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:56:39.0065 2120  KtmRm - ok
00:56:39.0115 2120  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:56:39.0155 2120  LanmanServer - ok
00:56:39.0180 2120  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:56:39.0225 2120  LanmanWorkstation - ok
00:56:39.0275 2120  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:56:39.0320 2120  lltdio - ok
00:56:39.0350 2120  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:56:39.0405 2120  lltdsvc - ok
00:56:39.0425 2120  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:56:39.0465 2120  lmhosts - ok
00:56:39.0505 2120  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:56:39.0520 2120  LSI_FC - ok
00:56:39.0530 2120  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:56:39.0545 2120  LSI_SAS - ok
00:56:39.0550 2120  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:56:39.0565 2120  LSI_SAS2 - ok
00:56:39.0575 2120  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:56:39.0590 2120  LSI_SCSI - ok
00:56:39.0610 2120  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
00:56:39.0640 2120  luafv - ok
00:56:39.0665 2120  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:56:39.0685 2120  Mcx2Svc - ok
00:56:39.0695 2120  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:56:39.0705 2120  megasas - ok
00:56:39.0715 2120  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:56:39.0740 2120  MegaSR - ok
00:56:39.0765 2120  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
00:56:39.0805 2120  MMCSS - ok
00:56:39.0825 2120  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
00:56:39.0870 2120  Modem - ok
00:56:39.0905 2120  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:56:39.0935 2120  monitor - ok
00:56:39.0990 2120  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
00:56:40.0005 2120  mouclass - ok
00:56:40.0035 2120  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:56:40.0055 2120  mouhid - ok
00:56:40.0095 2120  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:56:40.0110 2120  mountmgr - ok
00:56:40.0150 2120  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:56:40.0170 2120  mpio - ok
00:56:40.0200 2120  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:56:40.0245 2120  mpsdrv - ok
00:56:40.0300 2120  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:56:40.0360 2120  MpsSvc - ok
00:56:40.0385 2120  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:56:40.0405 2120  MRxDAV - ok
00:56:40.0455 2120  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:56:40.0500 2120  mrxsmb - ok
00:56:40.0545 2120  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:56:40.0570 2120  mrxsmb10 - ok
00:56:40.0590 2120  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:56:40.0620 2120  mrxsmb20 - ok
00:56:40.0665 2120  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
00:56:40.0700 2120  msahci - ok
00:56:40.0720 2120  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:56:40.0740 2120  msdsm - ok
00:56:40.0750 2120  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
00:56:40.0780 2120  MSDTC - ok
00:56:40.0815 2120  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:56:40.0845 2120  Msfs - ok
00:56:40.0860 2120  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:56:40.0895 2120  mshidkmdf - ok
00:56:40.0930 2120  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:56:40.0945 2120  msisadrv - ok
00:56:40.0980 2120  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:56:41.0020 2120  MSiSCSI - ok
00:56:41.0025 2120  msiserver - ok
00:56:41.0055 2120  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:56:41.0085 2120  MSKSSRV - ok
00:56:41.0100 2120  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:56:41.0140 2120  MSPCLOCK - ok
00:56:41.0145 2120  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:56:41.0180 2120  MSPQM - ok
00:56:41.0200 2120  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:56:41.0215 2120  MsRPC - ok
00:56:41.0265 2120  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
00:56:41.0280 2120  mssmbios - ok
00:56:41.0305 2120  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:56:41.0335 2120  MSTEE - ok
00:56:41.0345 2120  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:56:41.0365 2120  MTConfig - ok
00:56:41.0400 2120  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:56:41.0415 2120  Mup - ok
00:56:41.0460 2120  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
00:56:41.0510 2120  napagent - ok
00:56:41.0545 2120  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:56:41.0565 2120  NativeWifiP - ok
00:56:41.0615 2120  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:56:41.0645 2120  NDIS - ok
00:56:41.0680 2120  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:56:41.0720 2120  NdisCap - ok
00:56:41.0750 2120  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:56:41.0790 2120  NdisTapi - ok
00:56:41.0840 2120  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:56:41.0870 2120  Ndisuio - ok
00:56:41.0905 2120  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:56:41.0940 2120  NdisWan - ok
00:56:41.0955 2120  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:56:41.0995 2120  NDProxy - ok
00:56:42.0045 2120  [ 80B7A96F908DA13617E7E6832C5C6A64 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:56:42.0065 2120  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:56:42.0065 2120  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:56:42.0100 2120  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:56:42.0135 2120  NetBIOS - ok
00:56:42.0175 2120  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:56:42.0210 2120  NetBT - ok
00:56:42.0225 2120  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
00:56:42.0240 2120  Netlogon - ok
00:56:42.0290 2120  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
00:56:42.0335 2120  Netman - ok
00:56:42.0365 2120  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
00:56:42.0410 2120  netprofm - ok
00:56:42.0445 2120  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:56:42.0460 2120  NetTcpPortSharing - ok
00:56:42.0600 2120  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
00:56:42.0770 2120  netw5v32 - ok
00:56:42.0805 2120  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:56:42.0820 2120  nfrd960 - ok
00:56:42.0860 2120  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:56:42.0895 2120  NlaSvc - ok
00:56:42.0910 2120  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:56:42.0940 2120  Npfs - ok
00:56:42.0975 2120  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
00:56:43.0010 2120  nsi - ok
00:56:43.0020 2120  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:56:43.0055 2120  nsiproxy - ok
00:56:43.0130 2120  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:56:43.0180 2120  Ntfs - ok
00:56:43.0200 2120  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
00:56:43.0245 2120  Null - ok
00:56:43.0255 2120  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:56:43.0275 2120  nvraid - ok
00:56:43.0310 2120  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:56:43.0330 2120  nvstor - ok
00:56:43.0340 2120  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:56:43.0355 2120  nv_agp - ok
00:56:43.0370 2120  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:56:43.0400 2120  ohci1394 - ok
00:56:43.0425 2120  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:56:43.0465 2120  p2pimsvc - ok
00:56:43.0500 2120  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:56:43.0545 2120  p2psvc - ok
00:56:43.0570 2120  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:56:43.0595 2120  Parport - ok
00:56:43.0635 2120  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:56:43.0670 2120  partmgr - ok
00:56:43.0680 2120  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
00:56:43.0700 2120  Parvdm - ok
00:56:43.0735 2120  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:56:43.0760 2120  PcaSvc - ok
00:56:43.0805 2120  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
00:56:43.0820 2120  pci - ok
00:56:43.0830 2120  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
00:56:43.0845 2120  pciide - ok
00:56:43.0880 2120  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:56:43.0895 2120  pcmcia - ok
00:56:43.0915 2120  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
00:56:43.0930 2120  pcw - ok
00:56:43.0965 2120  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:56:44.0005 2120  PEAUTH - ok
00:56:44.0055 2120  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:56:44.0100 2120  PeerDistSvc - ok
00:56:44.0185 2120  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
00:56:44.0260 2120  pla - ok
00:56:44.0305 2120  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:56:44.0350 2120  PlugPlay - ok
00:56:44.0430 2120  [ 0C155C5D8942B3CBCF9506A9D376B9AD ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:56:44.0435 2120  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:56:44.0435 2120  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:56:44.0460 2120  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:56:44.0485 2120  PNRPAutoReg - ok
00:56:44.0505 2120  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:56:44.0525 2120  PNRPsvc - ok
00:56:44.0570 2120  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:56:44.0630 2120  PolicyAgent - ok
00:56:44.0675 2120  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
00:56:44.0705 2120  Power - ok
00:56:44.0740 2120  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:56:44.0785 2120  PptpMiniport - ok
00:56:44.0800 2120  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:56:44.0820 2120  Processor - ok
00:56:44.0860 2120  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
00:56:44.0915 2120  ProfSvc - ok
00:56:44.0935 2120  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:56:44.0950 2120  ProtectedStorage - ok
00:56:44.0995 2120  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:56:45.0030 2120  Psched - ok
00:56:45.0085 2120  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:56:45.0130 2120  ql2300 - ok
00:56:45.0155 2120  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:56:45.0175 2120  ql40xx - ok
00:56:45.0210 2120  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
00:56:45.0245 2120  QWAVE - ok
00:56:45.0265 2120  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:56:45.0295 2120  QWAVEdrv - ok
00:56:45.0305 2120  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:56:45.0350 2120  RasAcd - ok
00:56:45.0375 2120  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:56:45.0405 2120  RasAgileVpn - ok
00:56:45.0435 2120  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
00:56:45.0470 2120  RasAuto - ok
00:56:45.0500 2120  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:56:45.0545 2120  Rasl2tp - ok
00:56:45.0595 2120  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
00:56:45.0650 2120  RasMan - ok
00:56:45.0660 2120  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:56:45.0700 2120  RasPppoe - ok
00:56:45.0715 2120  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:56:45.0750 2120  RasSstp - ok
00:56:45.0775 2120  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:56:45.0815 2120  rdbss - ok
00:56:45.0840 2120  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:56:45.0855 2120  rdpbus - ok
00:56:45.0890 2120  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:56:45.0955 2120  RDPCDD - ok
00:56:45.0995 2120  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:56:46.0035 2120  RDPDR - ok
00:56:46.0050 2120  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:56:46.0090 2120  RDPENCDD - ok
00:56:46.0105 2120  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:56:46.0135 2120  RDPREFMP - ok
00:56:46.0215 2120  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:56:46.0275 2120  RdpVideoMiniport - ok
00:56:46.0315 2120  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:56:46.0365 2120  RDPWD - ok
00:56:46.0405 2120  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:56:46.0425 2120  rdyboost - ok
00:56:46.0450 2120  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:56:46.0495 2120  RemoteAccess - ok
00:56:46.0520 2120  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:56:46.0675 2120  RemoteRegistry - ok
00:56:46.0730 2120  [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
00:56:46.0785 2120  RimUsb - ok
00:56:46.0840 2120  [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
00:56:46.0875 2120  RimVSerPort - ok
00:56:46.0915 2120  [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
00:56:46.0965 2120  ROOTMODEM - ok
00:56:47.0000 2120  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:56:47.0049 2120  RpcEptMapper - ok
00:56:47.0081 2120  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
00:56:47.0137 2120  RpcLocator - ok
00:56:47.0192 2120  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
00:56:47.0232 2120  RpcSs - ok
00:56:47.0262 2120  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:56:47.0307 2120  rspndr - ok
00:56:47.0342 2120  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
00:56:47.0382 2120  s3cap - ok
00:56:47.0392 2120  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
00:56:47.0407 2120  SamSs - ok
00:56:47.0437 2120  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:56:47.0452 2120  sbp2port - ok
00:56:47.0477 2120  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:56:47.0512 2120  SCardSvr - ok
00:56:47.0532 2120  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:56:47.0567 2120  scfilter - ok
00:56:47.0622 2120  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
00:56:47.0687 2120  Schedule - ok
00:56:47.0707 2120  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:56:47.0737 2120  SCPolicySvc - ok
00:56:47.0857 2120  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
00:56:47.0882 2120  sdbus - ok
00:56:48.0032 2120  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:56:48.0202 2120  SDRSVC - ok
00:56:48.0277 2120  [ 0F656D23F7956E9385E0A03F945EE338 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:56:48.0302 2120  SeaPort - ok
00:56:48.0342 2120  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:56:48.0407 2120  secdrv - ok
00:56:48.0432 2120  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
00:56:48.0477 2120  seclogon - ok
00:56:48.0502 2120  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
00:56:48.0547 2120  SENS - ok
00:56:48.0572 2120  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:56:48.0612 2120  SensrSvc - ok
00:56:48.0642 2120  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:56:48.0662 2120  Serenum - ok
00:56:48.0682 2120  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:56:48.0707 2120  Serial - ok
00:56:48.0747 2120  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:56:48.0762 2120  sermouse - ok
00:56:48.0802 2120  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:56:48.0842 2120  SessionEnv - ok
00:56:48.0877 2120  [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
00:56:48.0922 2120  SFEP - ok
00:56:48.0957 2120  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
00:56:48.0977 2120  sffdisk - ok
00:56:48.0992 2120  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:56:49.0012 2120  sffp_mmc - ok
00:56:49.0022 2120  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
00:56:49.0042 2120  sffp_sd - ok
00:56:49.0062 2120  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:56:49.0077 2120  sfloppy - ok
00:56:49.0117 2120  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:56:49.0162 2120  SharedAccess - ok
00:56:49.0207 2120  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:56:49.0262 2120  ShellHWDetection - ok
00:56:49.0297 2120  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
00:56:49.0312 2120  sisagp - ok
00:56:49.0352 2120  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:56:49.0367 2120  SiSRaid2 - ok
00:56:49.0387 2120  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:56:49.0402 2120  SiSRaid4 - ok
00:56:49.0432 2120  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:56:49.0467 2120  Smb - ok
00:56:49.0502 2120  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:56:49.0542 2120  SNMPTRAP - ok
00:56:49.0577 2120  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:56:49.0592 2120  spldr - ok
00:56:49.0652 2120  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
00:56:49.0682 2120  Spooler - ok
00:56:49.0792 2120  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
00:56:49.0917 2120  sppsvc - ok
00:56:49.0962 2120  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:56:50.0002 2120  sppuinotify - ok
00:56:50.0032 2120  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:56:50.0082 2120  srv - ok
00:56:50.0102 2120  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:56:50.0132 2120  srv2 - ok
00:56:50.0177 2120  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:56:50.0207 2120  SrvHsfHDA - ok
00:56:50.0237 2120  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:56:50.0272 2120  SrvHsfV92 - ok
00:56:50.0302 2120  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:56:50.0327 2120  SrvHsfWinac - ok
00:56:50.0342 2120  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:56:50.0357 2120  srvnet - ok
00:56:50.0382 2120  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:56:50.0427 2120  SSDPSRV - ok
00:56:50.0492 2120  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
00:56:50.0502 2120  ssmdrv - ok
00:56:50.0522 2120  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:56:50.0562 2120  SstpSvc - ok
00:56:50.0587 2120  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:56:50.0602 2120  stexstor - ok
00:56:50.0637 2120  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
00:56:50.0662 2120  StillCam - ok
00:56:50.0707 2120  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
00:56:50.0742 2120  StiSvc - ok
00:56:50.0787 2120  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
00:56:50.0802 2120  storflt - ok
00:56:50.0832 2120  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
00:56:50.0852 2120  StorSvc - ok
00:56:50.0882 2120  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:56:50.0897 2120  storvsc - ok
00:56:50.0917 2120  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
00:56:50.0932 2120  swenum - ok
00:56:50.0972 2120  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
00:56:51.0012 2120  swprv - ok
00:56:51.0082 2120  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
00:56:51.0157 2120  SysMain - ok
00:56:51.0192 2120  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:56:51.0232 2120  TabletInputService - ok
00:56:51.0287 2120  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:56:51.0343 2120  TapiSrv - ok
00:56:51.0389 2120  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
00:56:51.0434 2120  TBS - ok
00:56:51.0504 2120  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:56:51.0554 2120  Tcpip - ok
00:56:51.0604 2120  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:56:51.0644 2120  TCPIP6 - ok
00:56:51.0679 2120  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:56:51.0704 2120  tcpipreg - ok
00:56:51.0744 2120  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:56:51.0784 2120  TDPIPE - ok
00:56:51.0824 2120  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:56:51.0879 2120  TDTCP - ok
00:56:51.0924 2120  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:56:51.0964 2120  tdx - ok
00:56:52.0279 2120  [ 01CC3B9349B244C752CDD99EFDA080BB ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
00:56:52.0539 2120  TeamViewer8 - ok
00:56:52.0554 2120  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
00:56:52.0569 2120  TermDD - ok
00:56:52.0619 2120  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
00:56:52.0659 2120  TermService - ok
00:56:52.0689 2120  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
00:56:52.0724 2120  Themes - ok
00:56:52.0744 2120  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
00:56:52.0774 2120  THREADORDER - ok
00:56:52.0799 2120  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
00:56:52.0844 2120  TrkWks - ok
00:56:52.0899 2120  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:56:52.0944 2120  TrustedInstaller - ok
00:56:52.0964 2120  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:56:53.0004 2120  tssecsrv - ok
00:56:53.0044 2120  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:56:53.0099 2120  TsUsbFlt - ok
00:56:53.0179 2120  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:56:53.0254 2120  tunnel - ok
00:56:53.0276 2120  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:56:53.0296 2120  uagp35 - ok
00:56:53.0336 2120  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:56:53.0386 2120  udfs - ok
00:56:53.0416 2120  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:56:53.0441 2120  UI0Detect - ok
00:56:53.0471 2120  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:56:53.0486 2120  uliagpkx - ok
00:56:53.0536 2120  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
00:56:53.0571 2120  umbus - ok
00:56:53.0591 2120  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:56:53.0621 2120  UmPass - ok
00:56:53.0666 2120  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:56:53.0696 2120  UmRdpService - ok
00:56:53.0721 2120  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
00:56:53.0771 2120  upnphost - ok
00:56:53.0811 2120  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:56:53.0856 2120  usbccgp - ok
00:56:53.0891 2120  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:56:53.0921 2120  usbcir - ok
00:56:53.0936 2120  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:56:53.0951 2120  usbehci - ok
00:56:54.0001 2120  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:56:54.0016 2120  usbhub - ok
00:56:54.0036 2120  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:56:54.0056 2120  usbohci - ok
00:56:54.0096 2120  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:56:54.0116 2120  usbprint - ok
00:56:54.0146 2120  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:56:54.0181 2120  usbscan - ok
00:56:54.0196 2120  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:56:54.0231 2120  USBSTOR - ok
00:56:54.0276 2120  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:56:54.0286 2120  usbuhci - ok
00:56:54.0321 2120  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:56:54.0341 2120  usbvideo - ok
00:56:54.0366 2120  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
00:56:54.0396 2120  UxSms - ok
00:56:54.0416 2120  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
00:56:54.0431 2120  VaultSvc - ok
00:56:54.0476 2120  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:56:54.0491 2120  vdrvroot - ok
00:56:54.0541 2120  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
00:56:54.0586 2120  vds - ok
00:56:54.0621 2120  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:56:54.0636 2120  vga - ok
00:56:54.0656 2120  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:56:54.0701 2120  VgaSave - ok
00:56:54.0741 2120  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:56:54.0761 2120  vhdmp - ok
00:56:54.0796 2120  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
00:56:54.0811 2120  viaagp - ok
00:56:54.0836 2120  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
00:56:54.0861 2120  ViaC7 - ok
00:56:54.0876 2120  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
00:56:54.0891 2120  viaide - ok
00:56:54.0911 2120  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:56:54.0926 2120  vmbus - ok
00:56:54.0946 2120  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
00:56:54.0976 2120  VMBusHID - ok
00:56:54.0991 2120  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:56:55.0006 2120  volmgr - ok
00:56:55.0026 2120  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:56:55.0046 2120  volmgrx - ok
00:56:55.0071 2120  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:56:55.0091 2120  volsnap - ok
00:56:55.0151 2120  [ E4D2305EBB9DE0871A1E13294D0F349B ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
00:56:55.0176 2120  vpnagent - ok
00:56:55.0196 2120  [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
00:56:55.0206 2120  vpnva - ok
00:56:55.0246 2120  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:56:55.0261 2120  vsmraid - ok
00:56:55.0311 2120  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
00:56:55.0371 2120  VSS - ok
00:56:55.0391 2120  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:56:55.0416 2120  vwifibus - ok
00:56:55.0451 2120  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
00:56:55.0496 2120  W32Time - ok
00:56:55.0521 2120  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:56:55.0551 2120  WacomPen - ok
00:56:55.0601 2120  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:56:55.0646 2120  WANARP - ok
00:56:55.0651 2120  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:56:55.0681 2120  Wanarpv6 - ok
00:56:55.0746 2120  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
00:56:55.0811 2120  wbengine - ok
00:56:55.0846 2120  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:56:55.0886 2120  WbioSrvc - ok
00:56:55.0921 2120  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:56:55.0961 2120  wcncsvc - ok
00:56:55.0971 2120  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:56:56.0011 2120  WcsPlugInService - ok
00:56:56.0046 2120  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:56:56.0061 2120  Wd - ok
00:56:56.0121 2120  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:56:56.0166 2120  Wdf01000 - ok
00:56:56.0201 2120  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:56:56.0266 2120  WdiServiceHost - ok
00:56:56.0271 2120  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:56:56.0291 2120  WdiSystemHost - ok
00:56:56.0331 2120  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
00:56:56.0361 2120  WebClient - ok
00:56:56.0406 2120  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:56:56.0446 2120  Wecsvc - ok
00:56:56.0456 2120  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:56:56.0496 2120  wercplsupport - ok
00:56:56.0521 2120  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:56:56.0566 2120  WerSvc - ok
00:56:56.0596 2120  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:56:56.0626 2120  WfpLwf - ok
00:56:56.0651 2120  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:56:56.0666 2120  WIMMount - ok
00:56:56.0741 2120  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
00:56:56.0786 2120  WinDefend - ok
00:56:56.0791 2120  WinHttpAutoProxySvc - ok
00:56:56.0831 2120  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:56:56.0861 2120  Winmgmt - ok
00:56:56.0931 2120  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
00:56:56.0996 2120  WinRM - ok
00:56:57.0061 2120  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:56:57.0096 2120  WinUsb - ok
00:56:57.0146 2120  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:56:57.0181 2120  Wlansvc - ok
00:56:57.0291 2120  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:56:57.0341 2120  wlidsvc - ok
00:56:57.0371 2120  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:56:57.0386 2120  WmiAcpi - ok
00:56:57.0421 2120  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:56:57.0451 2120  wmiApSrv - ok
00:56:57.0531 2120  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
00:56:57.0611 2120  WMPNetworkSvc - ok
00:56:57.0646 2120  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:56:57.0691 2120  WPCSvc - ok
00:56:57.0726 2120  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:56:57.0756 2120  WPDBusEnum - ok
00:56:57.0776 2120  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:56:57.0816 2120  ws2ifsl - ok
00:56:57.0851 2120  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
00:56:57.0886 2120  wscsvc - ok
00:56:57.0896 2120  WSearch - ok
00:56:57.0981 2120  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
00:56:58.0046 2120  wuauserv - ok
00:56:58.0081 2120  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:56:58.0106 2120  WudfPf - ok
00:56:58.0136 2120  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:56:58.0156 2120  WUDFRd - ok
00:56:58.0186 2120  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:56:58.0211 2120  wudfsvc - ok
00:56:58.0261 2120  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:56:58.0326 2120  WwanSvc - ok
00:56:58.0401 2120  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
00:56:58.0451 2120  yukonw7 - ok
00:56:58.0461 2120  ================ Scan global ===============================
00:56:58.0516 2120  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
00:56:58.0556 2120  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
00:56:58.0581 2120  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
00:56:58.0613 2120  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
00:56:58.0648 2120  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
00:56:58.0658 2120  [Global] - ok
00:56:58.0658 2120  ================ Scan MBR ==================================
00:56:58.0673 2120  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:56:59.0013 2120  \Device\Harddisk0\DR0 - ok
00:56:59.0013 2120  ================ Scan VBR ==================================
00:56:59.0018 2120  [ 33B5BF4C184339DC90B2E5A847C68AAC ] \Device\Harddisk0\DR0\Partition1
00:56:59.0023 2120  \Device\Harddisk0\DR0\Partition1 - ok
00:56:59.0053 2120  [ EB382E755A7BBB3EB547F75D26D2F37E ] \Device\Harddisk0\DR0\Partition2
00:56:59.0053 2120  \Device\Harddisk0\DR0\Partition2 - ok
00:56:59.0058 2120  ============================================================
00:56:59.0058 2120  Scan finished
00:56:59.0058 2120  ============================================================
00:56:59.0068 6024  Detected object count: 2
00:56:59.0068 6024  Actual detected object count: 2
01:02:22.0800 6024  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:22.0800 6024  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:02:22.0800 6024  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
01:02:22.0800 6024  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Net Driver HPZ12 und Pml Driver duerften vermurtlich vom Drucker sein.


Falls du Fragen hast oder du noch etwas brauchst, lass es mich einfach wissen

Vielen Dank noch einmal, dass du mir/uns hilfst!
__________________

Alt 13.03.2013, 08:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Ok, danke für die Erklärung

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.03.2013, 14:51   #5
tubtub
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Hallo cosinus

Hier der Combofix-Log:

Code:
ATTFilter
ComboFix 13-03-12.02 - *** 13.03.2013  14:53:46.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3039.1847 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-13 bis 2013-03-13  ))))))))))))))))))))))))))))))
.
.
2013-03-13 14:01 . 2013-03-13 14:02	--------	d-----w-	c:\users\***\AppData\Local\temp
2013-03-13 14:01 . 2013-03-13 14:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-13 14:00 . 2013-03-13 14:00	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C622075-BBB5-40B9-8028-E862E2828923}\offreg.dll
2013-03-13 13:43 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C622075-BBB5-40B9-8028-E862E2828923}\mpengine.dll
2013-03-10 08:25 . 2012-08-23 14:10	12288	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-03-10 08:24 . 2012-05-04 09:59	514560	----a-w-	c:\windows\system32\qdvd.dll
2013-03-10 08:24 . 2012-08-24 17:05	136560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-03-10 08:24 . 2012-08-24 16:57	247808	----a-w-	c:\windows\system32\schannel.dll
2013-03-10 08:24 . 2012-08-24 17:02	369856	----a-w-	c:\windows\system32\drivers\cng.sys
2013-03-10 08:24 . 2012-08-24 16:56	1039360	----a-w-	c:\windows\system32\lsasrv.dll
2013-03-10 08:21 . 2013-03-12 21:45	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 08:21 . 2013-03-12 21:45	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-10 08:20 . 2013-03-10 08:20	--------	d-----w-	c:\program files\Common Files\Java
2013-03-10 08:19 . 2013-03-10 08:19	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 15:26 . 2013-03-09 21:29	--------	d-----w-	c:\users\***\AppData\Roaming\Qeevt
2013-03-09 15:26 . 2013-03-09 15:26	--------	d-----w-	c:\users\***\AppData\Roaming\Ifeso
2013-03-09 15:26 . 2013-03-09 15:26	--------	d-----w-	c:\users\***\AppData\Roaming\Ufuv
2013-03-09 14:43 . 2013-03-09 14:43	103680	----a-w-	C:\pwldrpow.sys
2013-03-09 09:32 . 2013-03-09 09:32	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-03-09 09:32 . 2013-03-09 09:32	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-09 09:32 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-09 09:32 . 2013-03-09 09:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-09 09:31 . 2013-03-09 09:31	--------	d-----w-	c:\users\***\AppData\Local\Programs
2013-03-06 17:13 . 2013-03-09 09:45	--------	d-----w-	c:\users\***\AppData\Roaming\Opxuxa
2013-03-06 17:13 . 2013-03-06 17:17	--------	d-----w-	c:\users\***\AppData\Roaming\Pyinfa
2013-03-06 17:13 . 2013-03-06 17:13	--------	d-----w-	c:\users\***\AppData\Roaming\Iqdeeg
2013-03-06 17:13 . 2013-03-10 08:43	--------	d-----w-	c:\users\***\AppData\Roaming\Fzsrlmkpwmk
2013-02-28 06:01 . 2013-01-13 19:53	187392	----a-w-	c:\windows\system32\UIAnimation.dll
2013-02-15 18:58 . 2013-02-15 18:58	106088	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 18:58 . 2013-02-15 18:58	106088	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 05:57 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-14 05:57 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 05:57 . 2013-01-04 03:00	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 05:57 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 05:57 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 05:57 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-10 08:18 . 2012-12-25 08:48	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-10 08:18 . 2010-09-16 13:19	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2010-01-10 01:15	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-21 12:20	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:20	34304	----a-w-	c:\windows\system32\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-10 1573576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39	41208	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series]
2006-09-22 02:01	139264	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13	54576	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33	141624	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 10:12	288080	----a-w-	c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-11-16 08:27	240992	----a-w-	c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-01 16:47	90448	----a-w-	c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12	26192168	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-10 21:45]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 10:14]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 10:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.icq.com/search/results.php?q=www%20.my2peu&ch_id=rsrh&icid=rs_ra
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 83.169.184.225
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_ptnrs=U3&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4&apn_dtid=OSJ000YYDE&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Ihitibuql - c:\users\***\AppData\Roaming\Qeevt\ikfo.exe
HKCU-Run-logonsxplay - c:\users\***\AppData\Roaming\logonsxplay.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*®*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*®*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-13  15:07:47
ComboFix-quarantined-files.txt  2013-03-13 14:07
.
Vor Suchlauf: 6 Verzeichnis(se), 269.691.387.904 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 271.447.113.728 Bytes frei
.
- - End Of File - - 9C2A4090E53825E05D8FC547A22B8E20
         
Vielen Dank. :-)

EDIT: mir ist gerade im Log aufgefallen, dass der Windows Defender nicht deaktiviert war. Ich habe ihn nun (hoffentlich) korrekt deaktiviert und lasse noch einmal Combofix laufen. Den Log haenge ich dann einfach hier an (falls noch moeglich)


Geändert von tubtub (13.03.2013 um 14:56 Uhr) Grund: Aufgefallen, dass Windows-Defender nicht deaktiviert

Alt 13.03.2013, 15:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> Von Trojaner in Groupon Mail erwischt!

Alt 13.03.2013, 17:57   #7
tubtub
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Du bist ja echt auf zack! ;-)

Hier der Log vom zweiten ComboFix mit deaktiviertem Windows Defender:
Code:
ATTFilter
ComboFix 13-03-12.02 - *** 13.03.2013  15:54:42.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3039.1647 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-13 bis 2013-03-13  ))))))))))))))))))))))))))))))
.
.
2013-03-13 15:02 . 2013-03-13 15:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-13 13:43 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C622075-BBB5-40B9-8028-E862E2828923}\mpengine.dll
2013-03-10 08:25 . 2012-08-23 14:10	12288	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-03-10 08:24 . 2012-05-04 09:59	514560	----a-w-	c:\windows\system32\qdvd.dll
2013-03-10 08:24 . 2012-08-24 17:05	136560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-03-10 08:24 . 2012-08-24 16:57	247808	----a-w-	c:\windows\system32\schannel.dll
2013-03-10 08:24 . 2012-08-24 17:02	369856	----a-w-	c:\windows\system32\drivers\cng.sys
2013-03-10 08:24 . 2012-08-24 16:56	1039360	----a-w-	c:\windows\system32\lsasrv.dll
2013-03-10 08:21 . 2013-03-12 21:45	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 08:21 . 2013-03-12 21:45	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-10 08:20 . 2013-03-10 08:20	--------	d-----w-	c:\program files\Common Files\Java
2013-03-10 08:19 . 2013-03-10 08:19	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 15:26 . 2013-03-09 21:29	--------	d-----w-	c:\users\***\AppData\Roaming\Qeevt
2013-03-09 15:26 . 2013-03-09 15:26	--------	d-----w-	c:\users\***\AppData\Roaming\Ifeso
2013-03-09 15:26 . 2013-03-09 15:26	--------	d-----w-	c:\users\***\AppData\Roaming\Ufuv
2013-03-09 14:43 . 2013-03-09 14:43	103680	----a-w-	C:\pwldrpow.sys
2013-03-09 09:32 . 2013-03-09 09:32	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-03-09 09:32 . 2013-03-09 09:32	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-09 09:32 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-09 09:32 . 2013-03-09 09:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-09 09:31 . 2013-03-09 09:31	--------	d-----w-	c:\users\***\AppData\Local\Programs
2013-03-06 17:13 . 2013-03-09 09:45	--------	d-----w-	c:\users\***\AppData\Roaming\Opxuxa
2013-03-06 17:13 . 2013-03-06 17:17	--------	d-----w-	c:\users\***\AppData\Roaming\Pyinfa
2013-03-06 17:13 . 2013-03-06 17:13	--------	d-----w-	c:\users\***\AppData\Roaming\Iqdeeg
2013-03-06 17:13 . 2013-03-10 08:43	--------	d-----w-	c:\users\***\AppData\Roaming\Fzsrlmkpwmk
2013-02-28 06:01 . 2013-01-13 19:53	187392	----a-w-	c:\windows\system32\UIAnimation.dll
2013-02-15 18:58 . 2013-02-15 18:58	106088	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 18:58 . 2013-02-15 18:58	106088	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 05:57 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-14 05:57 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 05:57 . 2013-01-04 03:00	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 05:57 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 05:57 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 05:57 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-10 08:18 . 2012-12-25 08:48	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-10 08:18 . 2010-09-16 13:19	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2010-01-10 01:15	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-21 12:20	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:20	34304	----a-w-	c:\windows\system32\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-10 1573576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39	41208	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series]
2006-09-22 02:01	139264	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 15:13	54576	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33	141624	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 10:12	288080	----a-w-	c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-11-16 08:27	240992	----a-w-	c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-01 16:47	90448	----a-w-	c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12	26192168	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-10 21:45]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 10:14]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 10:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.icq.com/search/results.php?q=www%20.my2peu&ch_id=rsrh&icid=rs_ra
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 83.169.184.225
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_ptnrs=U3&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4&apn_dtid=OSJ000YYDE&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*®*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*®*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-13  16:07:50
ComboFix-quarantined-files.txt  2013-03-13 15:07
.
Vor Suchlauf: 9 Verzeichnis(se), 270.941.921.280 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 270.902.153.216 Bytes frei
.
- - End Of File - - 8E2FC879EFD967978BFC7A3645357268
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Professional x86
Ran by *** on 13.03.2013 at 17:11:23,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2974786000-2785407337-354256279-1001\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"



~~~ FireFox

Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\user.js
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\prefs.js

user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_ptnrs=U3&apn_sauid=5EB70DA8-B5E
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=");



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 17:14:15,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 13/03/2013 um 17:20:43 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - ***VAIO
# Bootmodus : Normal
# Ausgef¸hrt unter : C:\Users\***\Desktop\Downloads\adwcleaner.exe
# Option [Lˆschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelˆscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\searchplugins\icqplugin.xml
Datei Gelˆscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\searchplugins\icqplugin-1.xml
Datei Gelˆscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\searchplugins\icqplugin-2.xml
Ordner Gelˆscht : C:\Program Files\Ask.com
Ordner Gelˆscht : C:\ProgramData\Ask
Ordner Gelˆscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelˆscht : C:\Users\***\AppData\Local\APN
Ordner Gelˆscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelˆscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schl¸ssel Gelˆscht : HKCU\Software\APN
Schl¸ssel Gelˆscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schl¸ssel Gelˆscht : HKCU\Software\Ask.com
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schl¸ssel Gelˆscht : HKLM\Software\APN
Schl¸ssel Gelˆscht : HKLM\Software\AskToolbar
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelˆscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v3.5.10 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\0cajgco0.default\prefs.js

Gelˆscht : user_pref("browser.startup.homepage", "hxxp://start.icq.com/");
Gelˆscht : user_pref("icqtoolbar.allowSendURL", false);
Gelˆscht : user_pref("icqtoolbar.engineVerified", false);
Gelˆscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelˆscht : user_pref("icqtoolbar.history", "salamander||shopsalamnder||i%20love%20sex%20and%20the%20city%20shir[...]
Gelˆscht : user_pref("icqtoolbar.installTime", "1284643745");
Gelˆscht : user_pref("icqtoolbar.itbsitescount", 0);
Gelˆscht : user_pref("icqtoolbar.newtab_state", "1");
Gelˆscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelˆscht : user_pref("icqtoolbar.previousFFVersion", "3.5.10");
Gelˆscht : user_pref("icqtoolbar.removedsitescount", 52);
Gelˆscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelˆscht : user_pref("icqtoolbar.suggestions", false);
Gelˆscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelˆscht : user_pref("icqtoolbar.uniqueID", "126660359312666035931266677200690");
Gelˆscht : user_pref("icqtoolbar.usageStatstTimestamp", 1286700450);
Gelˆscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelˆscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelˆscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelˆscht : user_pref("icqtoolbar.voucherWasShown", 2);
Gelˆscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelˆscht : user_pref("icqtoolbar.xmlLanguage", "de");

-\\ Google Chrome v25.0.1364.152

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelˆscht [l.1892] : homepage = "hxxp://start.icq.com/",

*************************

AdwCleaner[S1].txt - [8003 octets] - [13/03/2013 17:20:43]

########## EOF - C:\AdwCleaner[S1].txt - [8063 octets] ##########
         

OTL:
Code:
ATTFilter
OTL logfile created on: 13.03.2013 18:44:16 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 71,37% Memory free
5,93 Gb Paging File | 4,85 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 251,69 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
 
Computer Name: ***VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\***\Desktop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 24 6F E9 91 91 CA 01  [binary data]
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.12.24 16:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.12.24 16:23:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.17 16:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.10 09:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.24 07:36:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M]
 
[2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.13 17:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions
[2010.09.16 14:26:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.13 09:01:56 | 000,000,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif
[2010.05.13 09:01:56 | 000,000,618 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src
[2012.12.25 09:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.01.10 02:41:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.03.13 15:02:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD24621-C4EB-44F2-A186-64C0C34F0CA6}: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00F7F23-CF56-4DE2-9F0B-64D90B5216B3}: DhcpNameServer = 192.168.1.1 83.169.184.225
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.13 17:11:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.13 17:11:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.13 16:07:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.13 15:07:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2013.03.13 14:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.13 14:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.13 14:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.13 14:51:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.13 14:51:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.10 09:25:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.03.10 09:25:49 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.03.10 09:25:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.03.10 09:25:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.03.10 09:25:45 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.03.10 09:25:39 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.03.10 09:25:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.03.10 09:25:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.03.10 09:25:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.03.10 09:25:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.03.10 09:25:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.03.10 09:25:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.03.10 09:25:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.03.10 09:25:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.03.10 09:25:38 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.03.10 09:24:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013.03.10 09:21:17 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.10 09:21:17 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.10 09:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.10 09:19:29 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.10 09:19:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.10 09:19:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.10 09:19:18 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ufuv
[2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qeevt
[2013.03.09 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ifeso
[2013.03.09 15:43:22 | 000,103,680 | ---- | C] (GMER) -- C:\pwldrpow.sys
[2013.03.09 10:32:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.03.09 10:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.09 10:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.09 10:32:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.09 10:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.09 10:31:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Pyinfa
[2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opxuxa
[2013.03.06 18:13:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Iqdeeg
[2013.03.06 18:13:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Fzsrlmkpwmk
[2013.02.28 07:01:14 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.28 07:00:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.28 07:00:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 07:00:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 07:00:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 07:00:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 07:00:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 07:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 07:00:52 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.28 07:00:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.28 07:00:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.28 07:00:52 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.28 07:00:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.28 07:00:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.28 07:00:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.28 07:00:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.28 07:00:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.28 07:00:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.28 07:00:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.28 07:00:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.28 07:00:50 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.24 10:50:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.15 11:41:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.15 11:41:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.15 11:41:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.15 11:41:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.15 11:41:29 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.15 11:41:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.15 11:41:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.15 11:41:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 06:57:47 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.14 06:57:46 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.14 06:57:39 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.14 06:57:37 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.14 06:57:35 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 18:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.13 18:23:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job
[2013.03.13 17:58:05 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 17:58:05 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 17:50:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 17:50:12 | 2389,991,424 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 17:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job
[2013.03.13 15:02:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.12 22:45:11 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.12 22:45:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.10 09:28:37 | 000,286,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.10 09:19:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.10 09:18:59 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.03.10 09:18:59 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.10 09:18:59 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.10 09:18:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.10 09:18:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.10 09:13:27 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.03.10 02:05:39 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.10 02:05:39 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.10 02:05:39 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.10 02:05:39 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.09 15:54:11 | 277,580,427 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.09 15:43:22 | 000,103,680 | ---- | M] (GMER) -- C:\pwldrpow.sys
 
========== Files Created - No Company Name ==========
 
[2013.03.13 14:51:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.13 14:51:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.13 14:51:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.13 14:51:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.13 14:51:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.10 09:21:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.10 09:13:27 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.03.10 09:13:27 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.02.24 10:50:06 | 277,580,427 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.24 16:10:49 | 000,233,428 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.06.25 07:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.07.23 20:10:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 13.03.2013 18:44:16 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 71,37% Memory free
5,93 Gb Paging File | 4,85 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 251,69 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
 
Computer Name: ***VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094996CA-E65F-44C8-835F-1C367872391C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{136DDA6F-E8EF-4DDD-8A0C-CB6ACFCCA7FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{23F99119-898B-4280-B9D0-F0BCEDD67985}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2EBD564A-BB12-4DAB-9CA3-EB227AE3FC9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37A3B365-793C-423E-8256-C5CE6952D0F6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{3ECBE7EA-B7ED-4C26-B07A-3CB4ED69381D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{4C2AA18A-C09C-4AA2-ABBF-A6C53DE6AEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52AACB24-71F4-4F18-9F2E-78A7CEE86F47}" = lport=137 | protocol=17 | dir=in | app=system | 
"{58D1B7EC-E59B-411B-9581-58232AEE8E49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59BFBA95-E959-4740-9C93-10F2B78CC668}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5C773D43-62C7-46C2-8C3D-732C94537034}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5D6C1BB8-9656-449E-A4E8-5CE1E69B5A51}" = lport=445 | protocol=6 | dir=in | app=system | 
"{60A080A5-9451-4975-B537-C92088D350C6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{75BC0315-C35D-4F6C-B74D-8B132964B754}" = rport=445 | protocol=6 | dir=out | app=system | 
"{820FD69A-E5E4-412A-8583-E82C91F85C13}" = rport=138 | protocol=17 | dir=out | app=system | 
"{84183F74-09C6-4D51-9113-53E4E24AE2E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{87ABC2F3-E4F3-424B-81C9-108E6FF907CC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8FC87411-A396-475D-9DCB-98DE816286FC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{8FCDD4C6-756C-41D1-887C-D799AEA4BB72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{90B5C03C-A4BB-418F-A945-FC3C8A1E62B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A4688F0-4AA6-4CE0-9029-3EF1F88A97C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B646A19B-DB53-4747-9972-63444F300E7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D14012FD-843B-458A-B70A-FE603B489546}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E0E71539-6B6D-446B-9D2C-8539F9DDE526}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E226B3FE-D929-4B74-A9BB-77F63A33BCD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E73BE68A-D554-4FEF-B59B-3EB2188121EC}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{EAB9748B-E62B-46D2-A48E-C66A5B19FB69}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F627807C-D229-49A5-A56E-DE6B6C543FC1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ED89ED-6DB0-4E3F-A568-0DE5A4759125}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{02E59A63-8B64-4D17-95CF-57E7BE9E7F37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{088B899C-C32D-44B6-BF66-C6C253DFA2BC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{08D1FE0E-702A-412B-A063-267D34F17471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{0E679BDB-25EF-4DDA-BBEF-29C66500BA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0EAFEF0B-6C81-4B7F-84C0-B51B41BC17EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21110A92-AF21-4086-8AF9-3A458028E0CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{225AC6B8-34BD-4933-A4D5-219CEDD057AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25D9DE28-7A74-4CEB-849E-67CA37A03BE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{358F7079-8C20-4C36-AA51-442BC76A2800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40F6A69E-D5F5-4B7F-9761-DDD1DCA574B4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{426C8F29-A45D-4E6A-A1C0-D4F69A6934E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{581544E0-82D7-47B4-91A6-D0B4C8413143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5B776B19-39D8-4EF6-B17F-799B70432865}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5CB671D1-D686-4D35-AB1E-B1638D72622F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{5E0DF78D-4DBA-4F8D-9A9C-5A6F98893DD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67E89227-B7B9-41A8-A172-5141E1487191}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{80AF329B-E351-45FE-8882-61143EA0550D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{826F2BC6-1106-4DB1-A485-0132878A8C75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{82EDF5DD-A661-46A3-9E93-FDFB45650CC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{875782A3-DBE0-400E-AB13-79398CE8406B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{908EAF06-0CCD-4DAE-9240-053CCC04EE8D}" = dir=in | app=d:\setup\hpznui01.exe | 
"{917F978C-9A19-4CDC-BEFD-A6CA35DBF06F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{9825950B-032D-4F47-A5E4-05985E2BC4FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{A22F3D72-576C-4485-9DB3-264922CC472D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A30508AC-AE40-4C44-ADD2-83AE99368595}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{A76C0F74-5ACF-4331-9729-4B60DEBAF778}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{AA264C12-D44E-4BA6-AFCA-39B5F2E48A99}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB30FA70-36E4-4D08-829F-E191572A6E54}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{B122B6F6-83F6-4A2D-A0B4-B9EB17DC6A2B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{B2FBE510-8E94-460A-A9AC-64756BF5A2DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{B75FE7C3-B654-4F16-A109-EC53684875A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD4935B2-D217-4CE5-BF66-5E5F621CC329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C376CA4F-78AC-41BE-ADDC-C5BEF387CF31}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{C9080702-6DC2-4B00-8D8B-1997835C9060}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD823D72-85CB-45C4-BB48-306AB57C6BAC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{CD9B3420-7237-4229-92DB-677ADC966293}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D9E9D88C-FE42-447A-B0E1-A9ACA3AECB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB718348-5EA9-4984-B6E6-8BCD23FA74E6}" = protocol=6 | dir=out | app=system | 
"{EB9EC25B-9F4C-4341-B422-A08D91BEB16A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EEB12239-5200-4F0E-8752-74523DD036A3}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{FD5CD563-7FBE-40B1-BB17-166E003C8785}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{FEC4EA92-D755-4913-8526-D976E3F4FC35}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"TCP Query User{90588771-C430-49C5-9F4D-9BFD73DFDABD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{D00D5291-8C66-47A5-9BA8-0EC67DAA22B7}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{E384F343-898A-4B12-A569-57D4B6A46E5B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F671D4FA-5F6D-4FE3-A8B0-0055714CEF0A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{FBC7383F-8398-4F44-BAFB-490DB0B60FB4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{3C673A55-CD7B-4CF2-9E0A-FE83DD99B956}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{6A426BC9-A06E-4053-90B0-4D7B98A376A9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{802B94D4-0BCE-4580-A566-53D071E93AE5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DEE0ECEC-D4E7-464E-A39F-15B50893093B}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{E4DBD2E1-D827-4279-9683-4E5AD78B142D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.0.3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect VPN Client Events ]
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
[ System Events ]
Error - 13.03.2013 12:50:20 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 13.03.2013 12:50:20 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
noch einmal

Alt 14.03.2013, 09:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5E2DE535-4CBB-4B9C-9F24-8FB3FF32CE2B&apn_sauid=5EB70DA8-B5ED-45CA-9CBE-98BCAAF8FFD4
FF - user.js - File not found
[2010.05.13 09:01:56 | 000,000,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif
[2010.05.13 09:01:56 | 000,000,618 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src
:Files
C:\Users\***\AppData\Roaming\Ufuv
C:\Users\***\AppData\Roaming\Qeevt
C:\Users\***\AppData\Roaming\Ifeso
C:\Users\***\AppData\Roaming\Pyinfa
C:\Users\***\AppData\Roaming\Opxuxa
C:\Users\***\AppData\Roaming\Iqdeeg
C:\Users\***\AppData\Roaming\Fzsrlmkpwmk
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.03.2013, 17:56   #9
tubtub
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Habe beim 1. Fix dummerweise vergessen den User-Namen einzutragen - deswegen nun 2 Logs


OTL-Fix-Log #1
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Internet Explorer\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}\ not found.
File C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif not found.
File C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src not found.
========== FILES ==========
File\Folder C:\Users\***\AppData\Roaming\Ufuv not found.
File\Folder C:\Users\***\AppData\Roaming\Qeevt not found.
File\Folder C:\Users\***\AppData\Roaming\Ifeso not found.
File\Folder C:\Users\***\AppData\Roaming\Pyinfa not found.
File\Folder C:\Users\***\AppData\Roaming\Opxuxa not found.
File\Folder C:\Users\***\AppData\Roaming\Iqdeeg not found.
File\Folder C:\Users\***\AppData\Roaming\Fzsrlmkpwmk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Anna\Desktop\Downloads\Trojaner Fix\cmd.bat deleted successfully.
C:\Users\Anna\Desktop\Downloads\Trojaner Fix\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anna
->Temp folder emptied: 42627 bytes
->Temporary Internet Files folder emptied: 481672581 bytes
->Java cache emptied: 42711961 bytes
->FireFox cache emptied: 64973826 bytes
->Google Chrome cache emptied: 412006075 bytes
->Flash cache emptied: 691 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55276 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 955,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03142013_154324

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
OTL-Fix-Log #2
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Internet Explorer\SearchScopes\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73CBA9D6-B8BF-45BA-9CF3-759C778B4561}\ not found.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\0cajgco0.default\searchplugins\icqplugin.src moved successfully.
========== FILES ==========
C:\Users\***\AppData\Roaming\Ufuv folder moved successfully.
C:\Users\***\AppData\Roaming\Qeevt folder moved successfully.
C:\Users\***\AppData\Roaming\Ifeso folder moved successfully.
C:\Users\***\AppData\Roaming\Pyinfa folder moved successfully.
C:\Users\***\AppData\Roaming\Opxuxa folder moved successfully.
C:\Users\***\AppData\Roaming\Iqdeeg folder moved successfully.
C:\Users\***\AppData\Roaming\Fzsrlmkpwmk folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\Downloads\Trojaner Fix\cmd.bat deleted successfully.
C:\Users\***\Desktop\Downloads\Trojaner Fix\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 842 bytes
->Temporary Internet Files folder emptied: 52279 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6608729 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18203 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 03142013_180636

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Noch eine Frage: die Dateien im Ordner "C:\_OTL" sind die aus dem Fix Verschobenen. Kann ich diese loeschen?

Danke

Alt 14.03.2013, 22:52   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.03.2013, 18:00   #11
tubtub
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Hallo cosinus,

entschuldige bitte die spaete Antwort. Das ist die letzten Tage leider unter gegangen.

Hier die Logs

OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.03.2013 17:53:01 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Downloads\Trojaner Fix
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 72,24% Memory free
5,93 Gb Paging File | 4,89 Gb Available in Paging File | 82,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 251,67 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
 
Computer Name: ***VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\***\Desktop\Downloads\Trojaner Fix\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\***\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 24 6F E9 91 91 CA 01  [binary data]
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.12.24 16:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.12.24 16:23:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.17 16:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.10 09:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.24 07:36:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 16:21:45 | 000,000,000 | ---D | M]
 
[2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.10 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.13 17:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions
[2010.09.16 14:26:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0cajgco0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.12.25 09:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.01.10 02:41:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.09.16 14:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.04.23 12:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.03.13 15:02:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBD24621-C4EB-44F2-A186-64C0C34F0CA6}: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F00F7F23-CF56-4DE2-9F0B-64D90B5216B3}: DhcpNameServer = 192.168.1.1 83.169.184.225
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.15 05:09:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.14 20:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\mahjongg3d
[2013.03.14 18:32:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.03.14 18:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.14 18:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.03.14 18:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Schach
[2013.03.14 18:28:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2013.03.14 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MahJongg Solitaire 3D
[2013.03.14 18:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahJongg Solitaire 3D
[2013.03.14 18:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\MahJongg Solitaire 3D
[2013.03.14 18:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.14 18:22:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.14 18:22:54 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.14 18:22:54 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.14 18:22:54 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.14 18:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.14 18:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.14 15:43:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.13 19:36:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 19:36:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 19:36:17 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 19:36:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 19:36:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 19:36:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 19:36:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 19:36:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 17:11:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.13 17:11:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.13 16:07:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.13 15:07:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2013.03.13 14:51:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.13 14:51:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.13 14:51:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.13 14:51:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.13 14:51:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.10 09:25:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.03.10 09:25:49 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.03.10 09:25:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.03.10 09:25:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.03.10 09:25:45 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.03.10 09:25:39 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.03.10 09:25:39 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.03.10 09:25:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.03.10 09:25:39 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.03.10 09:25:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.03.10 09:25:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.03.10 09:25:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.03.10 09:25:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.03.10 09:25:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.03.10 09:25:38 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.03.10 09:24:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013.03.10 09:21:17 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.10 09:21:17 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.10 09:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.10 09:19:29 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.10 09:19:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.10 09:19:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.10 09:19:18 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.09 15:43:22 | 000,103,680 | ---- | C] (GMER) -- C:\pwldrpow.sys
[2013.03.09 10:32:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.03.09 10:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.09 10:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.09 10:32:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.09 10:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.09 10:31:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.02.28 07:01:14 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.28 07:00:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.28 07:00:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 07:00:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 07:00:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 07:00:54 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 07:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 07:00:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 07:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 07:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 07:00:52 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.28 07:00:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.28 07:00:52 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.28 07:00:52 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.28 07:00:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.28 07:00:52 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.28 07:00:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.28 07:00:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.28 07:00:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.28 07:00:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.28 07:00:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.28 07:00:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.28 07:00:50 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.24 10:50:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.17 17:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.17 17:23:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001UA.job
[2013.03.17 17:23:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2974786000-2785407337-354256279-1001Core.job
[2013.03.17 13:40:38 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 13:40:38 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 13:33:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.17 13:32:50 | 2389,991,424 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.14 18:32:38 | 000,001,927 | ---- | M] () -- C:\Users\***\Desktop\Skype.lnk
[2013.03.14 18:30:07 | 000,000,937 | ---- | M] () -- C:\Users\***\Desktop\Schach.lnk
[2013.03.14 18:28:40 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\MahJongg Solitaire 3D.lnk
[2013.03.14 18:15:13 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.14 18:15:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.14 18:15:13 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.14 18:15:12 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.13 15:02:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.12 22:45:11 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.12 22:45:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.10 09:28:37 | 000,286,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.10 09:19:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.10 09:18:59 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.03.10 09:18:59 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.10 09:18:59 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.10 09:18:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.10 09:18:59 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.10 09:13:27 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.03.10 02:05:39 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.10 02:05:39 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.10 02:05:39 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.10 02:05:39 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.09 15:54:11 | 277,580,427 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.09 15:43:22 | 000,103,680 | ---- | M] (GMER) -- C:\pwldrpow.sys
 
========== Files Created - No Company Name ==========
 
[2013.03.14 18:32:38 | 000,001,927 | ---- | C] () -- C:\Users\***\Desktop\Skype.lnk
[2013.03.14 18:30:07 | 000,000,937 | ---- | C] () -- C:\Users\***\Desktop\Schach.lnk
[2013.03.14 18:28:40 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\MahJongg Solitaire 3D.lnk
[2013.03.13 14:51:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.13 14:51:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.13 14:51:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.13 14:51:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.13 14:51:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.10 09:21:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.10 09:13:27 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.03.10 09:13:27 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.02.24 10:50:06 | 277,580,427 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.24 16:10:49 | 000,233,428 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.06.25 07:59:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.07.23 20:10:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

[/CODE]

OTL-Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.03.2013 17:53:01 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Downloads\Trojaner Fix
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 72,24% Memory free
5,93 Gb Paging File | 4,89 Gb Available in Paging File | 82,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 251,67 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
 
Computer Name: ***VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094996CA-E65F-44C8-835F-1C367872391C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{136DDA6F-E8EF-4DDD-8A0C-CB6ACFCCA7FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{23F99119-898B-4280-B9D0-F0BCEDD67985}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2EBD564A-BB12-4DAB-9CA3-EB227AE3FC9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37A3B365-793C-423E-8256-C5CE6952D0F6}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{3ECBE7EA-B7ED-4C26-B07A-3CB4ED69381D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{4C2AA18A-C09C-4AA2-ABBF-A6C53DE6AEA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52AACB24-71F4-4F18-9F2E-78A7CEE86F47}" = lport=137 | protocol=17 | dir=in | app=system | 
"{58D1B7EC-E59B-411B-9581-58232AEE8E49}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59BFBA95-E959-4740-9C93-10F2B78CC668}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5C773D43-62C7-46C2-8C3D-732C94537034}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5D6C1BB8-9656-449E-A4E8-5CE1E69B5A51}" = lport=445 | protocol=6 | dir=in | app=system | 
"{60A080A5-9451-4975-B537-C92088D350C6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{75BC0315-C35D-4F6C-B74D-8B132964B754}" = rport=445 | protocol=6 | dir=out | app=system | 
"{820FD69A-E5E4-412A-8583-E82C91F85C13}" = rport=138 | protocol=17 | dir=out | app=system | 
"{84183F74-09C6-4D51-9113-53E4E24AE2E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{87ABC2F3-E4F3-424B-81C9-108E6FF907CC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8FC87411-A396-475D-9DCB-98DE816286FC}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{8FCDD4C6-756C-41D1-887C-D799AEA4BB72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{90B5C03C-A4BB-418F-A945-FC3C8A1E62B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A4688F0-4AA6-4CE0-9029-3EF1F88A97C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B646A19B-DB53-4747-9972-63444F300E7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D14012FD-843B-458A-B70A-FE603B489546}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E0E71539-6B6D-446B-9D2C-8539F9DDE526}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E226B3FE-D929-4B74-A9BB-77F63A33BCD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E73BE68A-D554-4FEF-B59B-3EB2188121EC}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{EAB9748B-E62B-46D2-A48E-C66A5B19FB69}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F627807C-D229-49A5-A56E-DE6B6C543FC1}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01ED89ED-6DB0-4E3F-A568-0DE5A4759125}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{02E59A63-8B64-4D17-95CF-57E7BE9E7F37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{088B899C-C32D-44B6-BF66-C6C253DFA2BC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{08D1FE0E-702A-412B-A063-267D34F17471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{0E679BDB-25EF-4DDA-BBEF-29C66500BA82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0EAFEF0B-6C81-4B7F-84C0-B51B41BC17EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{21110A92-AF21-4086-8AF9-3A458028E0CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{225AC6B8-34BD-4933-A4D5-219CEDD057AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25D9DE28-7A74-4CEB-849E-67CA37A03BE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{358F7079-8C20-4C36-AA51-442BC76A2800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40F6A69E-D5F5-4B7F-9761-DDD1DCA574B4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{426C8F29-A45D-4E6A-A1C0-D4F69A6934E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{581544E0-82D7-47B4-91A6-D0B4C8413143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5B776B19-39D8-4EF6-B17F-799B70432865}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5CB671D1-D686-4D35-AB1E-B1638D72622F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{5E0DF78D-4DBA-4F8D-9A9C-5A6F98893DD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67E89227-B7B9-41A8-A172-5141E1487191}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{80AF329B-E351-45FE-8882-61143EA0550D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{826F2BC6-1106-4DB1-A485-0132878A8C75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{82EDF5DD-A661-46A3-9E93-FDFB45650CC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{875782A3-DBE0-400E-AB13-79398CE8406B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{908EAF06-0CCD-4DAE-9240-053CCC04EE8D}" = dir=in | app=d:\setup\hpznui01.exe | 
"{917F978C-9A19-4CDC-BEFD-A6CA35DBF06F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{9825950B-032D-4F47-A5E4-05985E2BC4FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{A22F3D72-576C-4485-9DB3-264922CC472D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A30508AC-AE40-4C44-ADD2-83AE99368595}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{A76C0F74-5ACF-4331-9729-4B60DEBAF778}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{AA264C12-D44E-4BA6-AFCA-39B5F2E48A99}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB30FA70-36E4-4D08-829F-E191572A6E54}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{B122B6F6-83F6-4A2D-A0B4-B9EB17DC6A2B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{B2FBE510-8E94-460A-A9AC-64756BF5A2DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{B75FE7C3-B654-4F16-A109-EC53684875A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD4935B2-D217-4CE5-BF66-5E5F621CC329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C376CA4F-78AC-41BE-ADDC-C5BEF387CF31}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{C9080702-6DC2-4B00-8D8B-1997835C9060}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD823D72-85CB-45C4-BB48-306AB57C6BAC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{CD9B3420-7237-4229-92DB-677ADC966293}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D9E9D88C-FE42-447A-B0E1-A9ACA3AECB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB718348-5EA9-4984-B6E6-8BCD23FA74E6}" = protocol=6 | dir=out | app=system | 
"{EB9EC25B-9F4C-4341-B422-A08D91BEB16A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EEB12239-5200-4F0E-8752-74523DD036A3}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{FD5CD563-7FBE-40B1-BB17-166E003C8785}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{FEC4EA92-D755-4913-8526-D976E3F4FC35}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"TCP Query User{90588771-C430-49C5-9F4D-9BFD73DFDABD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{D00D5291-8C66-47A5-9BA8-0EC67DAA22B7}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{E384F343-898A-4B12-A569-57D4B6A46E5B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F671D4FA-5F6D-4FE3-A8B0-0055714CEF0A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{FBC7383F-8398-4F44-BAFB-490DB0B60FB4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{3C673A55-CD7B-4CF2-9E0A-FE83DD99B956}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{6A426BC9-A06E-4053-90B0-4D7B98A376A9}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{802B94D4-0BCE-4580-A566-53D071E93AE5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DEE0ECEC-D4E7-464E-A39F-15B50893093B}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{E4DBD2E1-D827-4279-9683-4E5AD78B142D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"MahJongg Solitaire 3D" = MahJongg Solitaire 3D
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.0.3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2974786000-2785407337-354256279-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2013 11:14:12 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research
 In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.03.2013 11:14:22 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.03.2013 11:15:13 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 16.03.2013 03:02:54 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research
 In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.03.2013 03:03:05 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.03.2013 03:04:03 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 17.03.2013 04:10:06 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research
 In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.03.2013 04:10:17 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.03.2013 04:11:11 | Computer Name = ***Vaio | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 08.04.2012 10:58:24 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 01.08.2012 13:06:56 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 01.08.2012 13:08:42 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 01.10.2012 15:31:15 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 29.11.2012 02:25:22 | Computer Name = ***Vaio | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
 964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
 fatal error, stopping service 
 
[ System Events ]
Error - 16.03.2013 14:22:56 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.03.2013 03:07:39 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 17.03.2013 03:07:39 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.03.2013 04:33:13 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.03.2013 05:08:31 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.03.2013 07:34:36 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.03.2013 07:54:59 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.03.2013 08:15:40 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.03.2013 08:33:00 | Computer Name = ***Vaio | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 17.03.2013 08:33:00 | Computer Name = ***Vaio | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---

[/CODE]


Tausend dank.

Alt 17.03.2013, 18:34   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 17:57   #13
tubtub
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Hi,

schaut alles ganz gut aus soweit.

Hier der ESET-Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=42557eaa7d197b47b317dde8ae7ecb9b
# engine=13429
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-19 05:47:17
# local_time=2013-03-19 06:47:17 (+0100, Mitteleurop‰ische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 13769 134382942 6539 0
# compatibility_mode=5893 16776574 100 94 528051 115346428 0 0
# scanned=123030
# found=0
# cleaned=0
# scan_time=2119
         

Ich habe schon eine kleine Spende vereinbart und werde diese die Tage in Auftrag geben.
Finde toll, dass ihr euch um die vielen User kuemmert ;-)

Vielen Dank noch einmal fuer deine tolle Hilfe

Alt 20.03.2013, 09:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Danke, aber was ist denn mit dem aanderen Log?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2013, 09:39   #15
tubtub
 
Von Trojaner in Groupon Mail erwischt! - Standard

Von Trojaner in Groupon Mail erwischt!



Meinst du den Log von MBAM? Kann ich nachmittags raussuchen, da der Laptop gerade nicht erreichbar ist.

Antwort

Themen zu Von Trojaner in Groupon Mail erwischt!
32 bit, adblock, administrator, antivir, avg, avira, bho, bonjour, defender, error, explorer, fatal error, fehler, firefox, flash player, format, groupon, helper, install.exe, object, opera, registry, rundll, security, software, svchost.exe, taskhost.exe, temp, trojan.downloader.gen, trojan.fakems.prgen, trojan.ransom.ed, trojaner, trojaner-board, udp



Ähnliche Themen: Von Trojaner in Groupon Mail erwischt!


  1. Windows 7 64bit - Bitdefender findet bereits 37 infizierte Dateien, Groupon E-Mail geöffnet
    Log-Analyse und Auswertung - 24.09.2013 (11)
  2. Groupon Virus/Trojaner
    Log-Analyse und Auswertung - 29.05.2013 (74)
  3. Groupon Trojaner
    Log-Analyse und Auswertung - 30.03.2013 (28)
  4. Groupon Trojaner
    Log-Analyse und Auswertung - 26.03.2013 (9)
  5. Groupon Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (29)
  6. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (11)
  7. Infizierung von Trojan.Agent.Gen nach Groupon Mail
    Log-Analyse und Auswertung - 21.03.2013 (7)
  8. Groupon-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (10)
  9. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2013 (16)
  10. Groupon AG Abrechnung - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (2)
  11. 2x | Groupon Trojaner
    Mülltonne - 13.03.2013 (5)
  12. Groupon E-mail mit Virus
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (36)
  13. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (24)
  14. Groupon E-mail Anhang mit dem Handy geöffnet
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (3)
  15. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (13)
  16. Groupon Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (5)
  17. Nun auch erwischt Trojaner durch Flirt Fever Mail :(
    Log-Analyse und Auswertung - 08.06.2012 (1)

Zum Thema Von Trojaner in Groupon Mail erwischt! - Hallo liebes Trojaner-Board, den Rechner der Schwiegermutter hat es leider mit dem Trojaner erwischt, der derzeit ueber gefaelsche Groupon-Mails verteilt wird. Der Trojaner ist ja derzeit hoch im Kurs, wie - Von Trojaner in Groupon Mail erwischt!...
Archiv
Du betrachtest: Von Trojaner in Groupon Mail erwischt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.