Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Mediashifting.com Virus / Backdoor.Agent

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 31.12.2011, 00:20   #1
Michel123
 
Mediashifting.com Virus / Backdoor.Agent - Standard

Mediashifting.com Virus / Backdoor.Agent



Hallo zusammen,

ich weiß das es zu diesem Thema schon mehrere Threads gibt, aber es heißt ja überall das nicht alle Lösungsvorschläge so einfach übertrag sind.

Hoffe die ersten Schritte schon erledigt zu haben:

Malwarebytes-Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.30.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
pgranow :: PGRANOW-HP [Administrator]

Schutz: Aktiviert

30.12.2011 21:40:15
mbam-log-2011-12-30 (21-40-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 447972
Laufzeit: 1 Stunde(n), 52 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\pgranow\AppData\Local\ac09b2e3\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.30.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
pgranow :: PGRANOW-HP [Administrator]

Schutz: Aktiviert

30.12.2011 23:39:54
mbam-log-2011-12-30 (23-39-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 180193
Laufzeit: 6 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\pgranow\AppData\Local\ac09b2e3\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
2011/12/30 21:40:06 +0100	computername	benutzer	MESSAGE	Starting protection
2011/12/30 21:40:08 +0100	computername	benutzer	MESSAGE	Protection started successfully
2011/12/30 21:40:11 +0100	computername	benutzer	MESSAGE	Starting IP protection
2011/12/30 21:40:12 +0100	computername	benutzer	MESSAGE	IP Protection started successfully
2011/12/30 21:49:24 +0100	computername	benutzer	MESSAGE	Executing scheduled update:  Daily
2011/12/30 21:49:24 +0100	computername	benutzer	MESSAGE	Database already up-to-date
2011/12/30 21:52:05 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 59717, Process: svchost.exe)
2011/12/30 21:52:05 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 59720, Process: svchost.exe)
2011/12/30 21:52:05 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 59721, Process: svchost.exe)
2011/12/30 21:52:05 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 59722, Process: svchost.exe)
2011/12/30 21:52:05 +0100	computername	benutzer	IP-BLOCK	206.161.121.2 (Type: outgoing, Port: 59723, Process: svchost.exe)
2011/12/30 21:52:05 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 59724, Process: svchost.exe)
2011/12/30 21:52:05 +0100	computername	benutzer	IP-BLOCK	206.161.121.2 (Type: outgoing, Port: 59725, Process: svchost.exe)
2011/12/30 21:52:06 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 59726, Process: svchost.exe)
2011/12/30 21:52:06 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 59727, Process: svchost.exe)
2011/12/30 21:52:06 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 59728, Process: svchost.exe)
2011/12/30 21:52:06 +0100	computername	benutzer	IP-BLOCK	199.80.55.123 (Type: outgoing, Port: 59730, Process: svchost.exe)
2011/12/30 21:52:06 +0100	computername	benutzer	IP-BLOCK	199.80.55.123 (Type: outgoing, Port: 59732, Process: svchost.exe)
2011/12/30 21:52:06 +0100	computername	benutzer	IP-BLOCK	94.100.26.54 (Type: outgoing, Port: 59733, Process: svchost.exe)
2011/12/30 22:08:41 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 61032, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 61033, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	206.161.121.2 (Type: outgoing, Port: 61034, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 61035, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 61036, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 61037, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 61038, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 61039, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 61040, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 61041, Process: svchost.exe)
2011/12/30 22:08:42 +0100	computername	benutzer	IP-BLOCK	199.80.55.123 (Type: outgoing, Port: 61043, Process: svchost.exe)
2011/12/30 22:08:52 +0100	computername	benutzer	IP-BLOCK	94.100.26.54 (Type: outgoing, Port: 61058, Process: svchost.exe)
2011/12/30 22:29:45 +0100	computername	benutzer	IP-BLOCK	94.100.26.54 (Type: outgoing, Port: 62766, Process: svchost.exe)
2011/12/30 22:32:51 +0100	computername	benutzer	IP-BLOCK	109.95.114.31 (Type: outgoing, Port: 62981, Process: explorer.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.2 (Type: outgoing, Port: 63797, Process: svchost.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 63798, Process: svchost.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 63799, Process: svchost.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 63800, Process: svchost.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 63801, Process: svchost.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 63802, Process: svchost.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 63805, Process: svchost.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 63804, Process: svchost.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 63807, Process: svchost.exe)
2011/12/30 22:46:15 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 63806, Process: svchost.exe)
2011/12/30 22:46:16 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 63808, Process: svchost.exe)
2011/12/30 22:46:16 +0100	computername	benutzer	IP-BLOCK	199.80.55.123 (Type: outgoing, Port: 63809, Process: svchost.exe)
2011/12/30 23:02:56 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 64836, Process: svchost.exe)
2011/12/30 23:02:56 +0100	computername	benutzer	IP-BLOCK	206.161.121.2 (Type: outgoing, Port: 64837, Process: svchost.exe)
2011/12/30 23:02:56 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 64838, Process: svchost.exe)
2011/12/30 23:02:56 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 64839, Process: svchost.exe)
2011/12/30 23:02:56 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 64840, Process: svchost.exe)
2011/12/30 23:02:56 +0100	computername	benutzer	IP-BLOCK	206.161.121.2 (Type: outgoing, Port: 64841, Process: svchost.exe)
2011/12/30 23:02:56 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 64842, Process: svchost.exe)
2011/12/30 23:02:56 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 64843, Process: svchost.exe)
2011/12/30 23:02:56 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 64844, Process: svchost.exe)
2011/12/30 23:02:57 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 64845, Process: svchost.exe)
2011/12/30 23:02:57 +0100	computername	benutzer	IP-BLOCK	206.161.121.5 (Type: outgoing, Port: 64846, Process: svchost.exe)
2011/12/30 23:02:57 +0100	computername	benutzer	IP-BLOCK	199.80.55.117 (Type: outgoing, Port: 64848, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.2 (Type: outgoing, Port: 49572, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 49573, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 49574, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 49575, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 49577, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 49578, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 49579, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 49580, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.3 (Type: outgoing, Port: 49581, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	206.161.121.4 (Type: outgoing, Port: 49582, Process: svchost.exe)
2011/12/30 23:19:33 +0100	computername	benutzer	IP-BLOCK	199.80.55.123 (Type: outgoing, Port: 49589, Process: svchost.exe)
2011/12/30 23:20:07 +0100	computername	benutzer	IP-BLOCK	76.73.79.37 (Type: outgoing, Port: 49849, Process: svchost.exe)
2011/12/30 23:24:07 +0100	computername	benutzer	IP-BLOCK	76.73.79.37 (Type: outgoing, Port: 51106, Process: svchost.exe)
2011/12/30 23:25:14 +0100	computername	benutzer	IP-BLOCK	76.73.79.37 (Type: outgoing, Port: 51345, Process: svchost.exe)
2011/12/30 23:37:14 +0100	computername	benutzer	MESSAGE	Starting protection
2011/12/30 23:37:16 +0100	computername	benutzer	MESSAGE	Protection started successfully
2011/12/30 23:37:19 +0100	computername	benutzer	MESSAGE	Starting IP protection
2011/12/30 23:37:19 +0100	computername	benutzer	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
         
OTL-Log:
Code:
ATTFilter
OTL logfile created on: 31.12.2011 00:17:59 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\pgranow\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 37,39% Memory free
7,90 Gb Paging File | 4,34 Gb Available in Paging File | 54,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,40 Gb Total Space | 326,62 Gb Free Space | 72,52% Space Free | Partition Type: NTFS
Drive D: | 15,06 Gb Total Space | 1,86 Gb Free Space | 12,36% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 731,91 Gb Free Space | 78,57% Space Free | Partition Type: NTFS
 
Computer Name: PGRANOW-HP | User Name: pgranow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.31 00:17:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\pgranow\Downloads\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2011.10.26 19:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.10.01 17:43:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.09.30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011.08.30 17:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.19 08:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 11:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011.08.12 11:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.08.12 11:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.08.04 15:18:12 | 003,225,504 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011.08.04 15:17:58 | 003,148,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
PRC - [2011.08.04 15:17:34 | 003,219,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
PRC - [2011.08.04 15:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011.08.04 15:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011.08.04 15:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.01.28 00:36:15 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.12.13 12:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.12.10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010.12.07 06:06:00 | 000,249,672 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2010.12.07 06:05:52 | 000,634,696 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2010.12.07 06:05:38 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010.11.23 19:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.11.23 19:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 18:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.10.29 21:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2010.10.25 14:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009.02.24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.02 19:11:14 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.01 17:43:32 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2011.09.14 16:03:14 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ca341d9ffade55c33113781b7f21ebb\IAStorUtil.ni.dll
MOD - [2011.09.14 16:03:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8175141441fbe3dddc109d5287c61e8a\IAStorCommon.ni.dll
MOD - [2011.09.14 07:57:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011.09.14 07:56:41 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011.09.14 07:56:28 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011.09.14 07:55:59 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011.09.14 07:55:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011.09.14 07:55:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011.09.14 07:55:39 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011.09.14 07:55:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011.08.28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.08.22 14:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.08.19 10:26:16 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll
MOD - [2011.08.12 11:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 11:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 11:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 11:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 11:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 11:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2011.08.12 11:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.07.26 10:56:16 | 000,576,512 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2011.01.28 00:27:19 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.01.28 00:27:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.10.29 21:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2010.10.29 21:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010.10.25 14:15:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2009.04.22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009.04.10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009.03.03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009.03.03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009.03.03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009.03.03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009.03.03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009.03.03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009.03.03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009.03.03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009.03.03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.12.31 02:10:00 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.08.12 16:24:30 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.08.05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010.07.21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.19 08:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.08.04 15:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011.08.04 15:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011.08.04 15:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011.08.04 15:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.12.07 06:06:00 | 000,249,672 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2010.12.02 05:44:08 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.11.23 19:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.11.23 19:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.11.09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.06.19 02:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.09 19:29:28 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.19 08:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)
DRV:64bit: - [2011.08.19 08:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.07.21 11:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.21 11:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.03.23 06:44:21 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.12.31 02:39:22 | 008,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.12.31 01:33:06 | 000,292,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.17 03:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.17 02:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.12.17 02:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.12.10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.08 22:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.02 05:44:08 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.11.19 19:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 19:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.19 20:56:44 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.10.15 09:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.12 16:24:30 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010.08.12 16:24:30 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.08.04 15:17:12 | 000,048,888 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys -- (SDHookDriver)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 8.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2011.11.08 21:35:23 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 8.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.10.25 19:46:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.10.25 21:22:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.01 17:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.31 00:12:59 | 000,000,000 | ---D | M]
 
[2011.09.09 16:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pgranow\AppData\Roaming\mozilla\Extensions
[2011.12.31 00:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pgranow\AppData\Roaming\mozilla\Firefox\Profiles\ogg325wi.default\extensions
[2011.10.29 21:37:47 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\pgranow\AppData\Roaming\mozilla\Firefox\Profiles\ogg325wi.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.09.09 16:55:01 | 000,002,057 | ---- | M] () -- C:\Users\pgranow\AppData\Roaming\Mozilla\Firefox\Profiles\ogg325wi.default\searchplugins\youtube-videosuche.xml
[2011.09.09 17:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.09 17:25:39 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
() (No name found) -- C:\USERS\PGRANOW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OGG325WI.DEFAULT\EXTENSIONS\{8A8C1ADA-2504-45C6-A2D2-265591ABBD00}.XPI
() (No name found) -- C:\USERS\PGRANOW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OGG325WI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\PGRANOW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OGG325WI.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2011.10.01 17:43:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.15 15:17:28 | 000,002,669 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 38 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Users\pgranow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox Pre.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDBC52A2-A732-499A-BA41-1C22EF47AB8F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\pgranow\AppData\Local\ac09b2e3\X) -C:\Users\pgranow\AppData\Local\ac09b2e3\X ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4928adc9-db00-11e0-b5fd-68b599e1462a}\Shell - "" = AutoRun
O33 - MountPoints2\{4928adc9-db00-11e0-b5fd-68b599e1462a}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{4928adc9-db00-11e0-b5fd-68b599e1462a}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{4928adc9-db00-11e0-b5fd-68b599e1462a}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.30 23:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.30 21:49:40 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Roaming\Avira
[2011.12.30 21:39:19 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Roaming\Malwarebytes
[2011.12.30 21:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.30 21:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.30 21:39:12 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.30 21:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.30 13:53:57 | 000,000,000 | -HSD | C] -- C:\Users\pgranow\AppData\Local\ac09b2e3
[2011.12.30 13:41:05 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{585CB0BC-FAF8-4474-88FB-51C049314C66}
[2011.12.30 13:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2011.12.30 13:32:36 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\SysWow64\BRCrypt.dll
[2011.12.30 13:32:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2011.12.30 13:32:28 | 000,179,712 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrfxDA5b.dll
[2011.12.30 13:32:28 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\SysWow64\BrMfNt.dll
[2011.12.30 13:32:26 | 000,207,872 | ---- | C] (brother) -- C:\Windows\SysNative\NSSRH64.dll
[2011.12.30 13:32:26 | 000,082,944 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll
[2011.12.30 13:32:26 | 000,058,368 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysNative\BrWiaNCp.dll
[2011.12.30 13:32:26 | 000,047,616 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysNative\Brnsplg.dll
[2011.12.30 13:32:25 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2011.12.30 13:32:25 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2011.12.30 13:32:25 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2011.12.30 13:32:25 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2011.12.30 13:32:23 | 001,560,576 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09b.dll
[2011.12.30 13:32:17 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2011.12.30 13:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2011.12.30 13:31:18 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Roaming\InstallShield
[2011.12.30 13:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011.12.28 23:52:18 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{82FE758D-E30A-47E4-B191-277540883FC9}
[2011.12.28 23:52:06 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{CDB4125F-3578-44CA-BFD9-BF96905473D4}
[2011.12.28 01:14:29 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{CF0F1962-8FC6-45CE-B216-A6299B2B9B5B}
[2011.12.28 01:14:16 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{63826C4C-D994-46CB-BE23-0D4B99B41F75}
[2011.12.23 22:38:15 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{F719F4D5-6C9F-440D-A634-4A376929ADCC}
[2011.12.23 22:38:03 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{D01A94DA-6123-456F-9040-E2B1646D57EE}
[2011.12.23 21:44:35 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{3F46BB45-61FF-4FB1-96C2-7A3315F23D0F}
[2011.12.23 21:44:23 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{ED18D3EA-F244-408A-A601-D50D7B8A3097}
[2011.12.19 21:37:08 | 000,000,000 | -H-D | C] -- C:\Users\pgranow\Desktop\.picasaoriginals
[2011.12.19 19:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Deutsche Post AG
[2011.12.19 19:26:18 | 000,000,000 | ---D | C] -- C:\Users\pgranow\Documents\Deutsche Post AG
[2011.12.19 19:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deutsche Post AG
[2011.12.17 00:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011.12.17 00:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2011.12.17 00:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2011.12.17 00:34:23 | 000,096,256 | ---- | C] (Google, inc) -- C:\Windows\AdbWinApi.dll
[2011.12.17 00:34:23 | 000,060,928 | ---- | C] (Google, inc) -- C:\Windows\AdbWinUsbApi.dll
[2011.12.17 00:34:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\sleep.exe
[2011.12.17 00:28:43 | 000,000,000 | ---D | C] -- C:\Users\pgranow\Desktop\Neuer Ordner
[2011.12.16 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{47D25D0F-AADA-44ED-931B-FD963BB4B816}
[2011.12.16 17:38:06 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{C4523BDB-6F87-44E2-BF09-4A630AFF86D3}
[2011.12.15 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{06DB1D73-C1D5-4841-80A1-3C00D5D354D5}
[2011.12.15 22:38:32 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{0E992A85-B179-4AED-815F-4D438EBCE3BB}
[2011.12.15 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{3EBE7A8D-E22D-4EBC-939F-3A11E97A5121}
[2011.12.15 15:26:15 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{7DD667D9-34FC-42AC-AF34-D0F29AF78953}
[2011.12.14 01:19:52 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2011.12.12 17:54:52 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{1C20A7D6-51D6-496E-B279-79B75516AEC9}
[2011.12.12 17:54:36 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{21F04712-A711-4FC9-99D5-C3EB0C0A2744}
[2011.12.11 17:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011.12.11 17:06:53 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\Google
[2011.12.11 17:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011.12.10 23:40:29 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{EF1AA207-D9C8-42D6-9BB3-59E910F55071}
[2011.12.10 23:40:15 | 000,000,000 | ---D | C] -- C:\Users\pgranow\AppData\Local\{B5A968AB-87A1-4DBB-9CBA-BE672365D3C4}
[2011.12.03 21:38:35 | 000,000,000 | ---D | C] -- C:\Users\pgranow\.jordan
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.31 00:09:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.30 23:44:23 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.30 23:44:23 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.30 23:43:58 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.30 23:43:58 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.30 23:43:58 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.30 23:43:58 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.30 23:43:58 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.30 23:37:01 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2011.12.30 23:36:35 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2011.12.30 23:36:35 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011.12.30 23:36:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.30 23:36:09 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.30 21:39:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.30 18:26:57 | 000,031,134 | ---- | M] () -- C:\Users\pgranow\Desktop\VM143486.pdf
[2011.12.30 13:42:49 | 000,282,819 | ---- | M] () -- C:\Users\pgranow\Desktop\212_5444_VEneu_ausgefüllt.pdf
[2011.12.30 13:34:16 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2011.12.30 13:33:55 | 000,000,254 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.12.30 13:33:55 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2011.12.30 13:33:27 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.12.30 13:33:27 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011.12.30 13:32:36 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2011.12.30 13:32:36 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08b.dat
[2011.12.24 13:13:27 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpgranow.job
[2011.12.16 22:38:18 | 000,708,539 | ---- | M] () -- C:\Users\pgranow\Desktop\Unbenannt-2.jpg
[2011.12.16 22:27:43 | 000,130,625 | ---- | M] () -- C:\Users\pgranow\Documents\Unbenannt-2.jpg
[2011.12.14 01:19:52 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2011.12.11 17:27:27 | 000,003,584 | ---- | M] () -- C:\Users\pgranow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.11 17:10:14 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.10 11:43:26 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPGRANOW-HP$.job
[2011.12.02 19:11:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2011.12.31 00:09:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.30 21:39:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.30 18:26:56 | 000,031,134 | ---- | C] () -- C:\Users\pgranow\Desktop\VM143486.pdf
[2011.12.30 13:42:48 | 000,282,819 | ---- | C] () -- C:\Users\pgranow\Desktop\212_5444_VEneu_ausgefüllt.pdf
[2011.12.30 13:34:16 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2011.12.30 13:33:55 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.12.30 13:33:55 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.12.30 13:33:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.12.30 13:33:26 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.30 13:32:36 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf08b.dat
[2011.12.30 13:32:28 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011.12.30 13:32:28 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.12.30 13:32:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.12.30 13:32:26 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\BrSNMP64.dll
[2011.12.19 21:37:09 | 000,708,539 | ---- | C] () -- C:\Users\pgranow\Desktop\Unbenannt-2.jpg
[2011.12.17 00:34:23 | 000,410,942 | ---- | C] () -- C:\Windows\adb.exe
[2011.12.17 00:34:23 | 000,401,408 | ---- | C] () -- C:\Windows\wget.exe
[2011.12.17 00:34:23 | 000,356,009 | ---- | C] () -- C:\Windows\fastboot.exe
[2011.12.17 00:34:23 | 000,063,488 | ---- | C] () -- C:\Windows\md5sum.exe
[2011.12.16 22:27:41 | 000,130,625 | ---- | C] () -- C:\Users\pgranow\Documents\Unbenannt-2.jpg
[2011.12.11 17:27:27 | 000,003,584 | ---- | C] () -- C:\Users\pgranow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.11 17:10:14 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011.11.07 20:08:26 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2011.09.29 16:33:51 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.19 08:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 08:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 08:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.03.23 06:46:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.23 06:33:21 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.03.23 06:32:25 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.23 06:32:24 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.23 06:32:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.03.23 06:32:23 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.23 06:24:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.27 16:38:29 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2011.01.27 16:32:15 | 000,009,644 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010.12.17 03:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010.09.24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.16 14:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2005.12.21 15:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005.12.21 15:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll

< End of report >
         
ESET:
Code:
ATTFilter
C:\Users\benutzer\AppData\Local\ac09b2e3\X	Win64/Sirefef.Q trojan	cleaned by deleting - quarantined
C:\Users\benutzer\AppData\Local\ac09b2e3\U\80000000.@	Win64/Sirefef.P trojan	cleaned by deleting - quarantined
C:\Users\benutzer\AppData\Local\ac09b2e3\U\800000cb.@	Win64/Sirefef.M trojan	cleaned by deleting - quarantined
C:\Users\benutzer\AppData\Local\ac09b2e3\U\800000cf.@	Win64/Sirefef.O trojan	cleaned by deleting - quarantined
C:\Users\benutzer\Downloads\SoftonicDownloader_fuer_jdownloader.exe	a variant of Win32/SoftonicDownloader.A application	cleaned by deleting - quarantined
         

Was ist nun zu tun?

Alt 31.12.2011, 08:02   #2
kira
/// Helfer-Team
 
Mediashifting.com Virus / Backdoor.Agent - Standard

Mediashifting.com Virus / Backdoor.Agent



ohje...ohje..da haben wir ein kleines Problemchen...
Das Installieren von "nicht legal erworbene Software" ist eine ziemlich sichere Methode, ein Rechner zu infizieren:
Zitat:
C:\Windows\AutoKMS.exe (RiskWare.Tool.CK)
Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, weil ja durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung*
Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können
Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, wir dürfen Dir nicht weiter helfen. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:-> Ich möchte dich darauf hinweisen, dass wir bei Verwendung von Keygens & Cracks keine Beihilfe leisten wollen! :-> Forumregel:- Cracks, Keygens und andere illegale Software
Also Du kannst Dir viel Ärger und unnötige Zeitverschwendung ersparen, indem du dein System und auch die externe potenziell verseuchte Platte, USB-Stick etc formatiers und Windows (ohne Cracks & Keygens) neu installierst! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...

Zitat:
Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.
__________________

__________________

Antwort

Themen zu Mediashifting.com Virus / Backdoor.Agent
administrator, adobe, antivir, autorun, avira, backdoor.agent, bho, dateisystem, desktop, deutsche post, document, explorer, failed, firefox, format, ftp, heuristiks/extra, heuristiks/shuriken, home, igdpmd64.sys, launch, logfile, mozilla, otl-log, port, programme, realtek, refresh, registry, senden, services.exe, software, starmoney, svchost.exe, usb, usb 3.0, version=1.0, virus, webcheck, win32/softonicdownloader.a



Ähnliche Themen: Mediashifting.com Virus / Backdoor.Agent


  1. Trojan.Agent und Backdoor.Agent eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (18)
  2. Trojanerproblem : Backdoor.Agent und Trojaner.Agent
    Log-Analyse und Auswertung - 06.06.2013 (8)
  3. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  4. mediashifting.com Virus / TR
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (18)
  5. Mediashifting Virus - Vorgehen
    Log-Analyse und Auswertung - 21.02.2012 (19)
  6. Virus? Mediashifting?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (5)
  7. mediashifting.com Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.01.2012 (19)
  8. Virus mediashifting
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (25)
  9. TR/ATRAPS.Gen2 gefunden; Backdoor Agent lässt sich nicht löschen; mediashifting.com öffnet sich
    Plagegeister aller Art und deren Bekämpfung - 23.01.2012 (29)
  10. Mediashifting-Problem -mediashifting.com/?search=A123&subid=73&key=aa72a328fb1b718e9e62&p=1
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (13)
  11. 95p.com und Mediashifting.com Redirect Rootkit/Backdoor
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (29)
  12. Mediashifting.com Virus
    Log-Analyse und Auswertung - 30.12.2011 (2)
  13. Mediashifting/p95 - Automatisches Öffnen von mediashifting.com+kein Öffnen von Suchergebniss möglich
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (8)
  14. mediashifting Trojaner/Virus
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (3)
  15. 95p/Mediashifting.com Virus
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (1)
  16. msn Virus Backdoor.Agent.ZCN
    Plagegeister aller Art und deren Bekämpfung - 10.02.2008 (1)
  17. Tips, Bypass, Agent: Virus /Trojaner/Backdoor-verseucht Windows ME
    Log-Analyse und Auswertung - 20.01.2007 (6)

Zum Thema Mediashifting.com Virus / Backdoor.Agent - Hallo zusammen, ich weiß das es zu diesem Thema schon mehrere Threads gibt, aber es heißt ja überall das nicht alle Lösungsvorschläge so einfach übertrag sind. Hoffe die ersten Schritte - Mediashifting.com Virus / Backdoor.Agent...
Archiv
Du betrachtest: Mediashifting.com Virus / Backdoor.Agent auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.