Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundestrojaner / JAVA/Jogek.QK

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.01.2013, 14:06   #1
yota
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hallo,

und schönes neues Jahr zusammen!

gestern habe ich meinen Rechner mit einem Verschlüsselungs-Trojaner infiziert.

Ich benutze windows 7 / 64 bit home premium.
Sicherheitssoftware: zone alarm internet security suite
Avira Free Antivirus
Spybot search and destroy

Hier ist das logfile von otl:
OTL Extras logfile created on: 01.01.2013 14:24:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,50% Memory free
14,83 Gb Paging File | 12,25 Gb Available in Paging File | 82,62% Paging File free
Paging file location(s): c:\pagefile.sys 7000 20000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 185,53 Gb Free Space | 77,83% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 160,26 Gb Free Space | 53,76% Space Free | Partition Type: NTFS
Drive G: | 279,46 Gb Total Space | 93,14 Gb Free Space | 33,33% Space Free | Partition Type: NTFS
Drive N: | 3,73 Gb Total Space | 3,55 Gb Free Space | 95,31% Space Free | Partition Type: FAT32

Computer Name: K******* | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D79EC34-7A8D-4ADF-BE0E-D6E3F4B743B6}" = rport=139 | protocol=6 | dir=out | app=system |
"{1FD8A543-28A8-46D9-8B37-44EDC5B20651}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1\rpcagentsrv.exe |
"{20D40265-9982-4499-A593-80E63739A582}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{375023AB-994A-421B-B83A-7E5E11DF177D}" = rport=445 | protocol=6 | dir=out | app=system |
"{3C859CDB-16D7-486B-AB58-827A802F3EA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CD8A92C-D9C4-4D42-B723-175047AC45D4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{42478138-A6B2-4C73-BB6E-880ED359D0B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{437566A6-702C-42F8-8717-7E135AD7F8F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{537799EA-6207-4DBB-87C8-F8FED668CB3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{571BD598-5643-4D3A-8AA7-AAD42FC9AC5D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61CCE494-E745-46D2-AF48-BB6B27058212}" = lport=2869 | protocol=6 | dir=in | app=system |
"{61DE5B79-BEF1-4614-AB9A-040EE2931B57}" = rport=10243 | protocol=6 | dir=out | app=system |
"{664BC9A3-E51D-4BBC-A2EE-7800F13228D4}" = lport=137 | protocol=17 | dir=in | app=system |
"{682422A2-1443-4DB5-B2B0-D32FC1F07EC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{683E58DA-AF45-4924-B1DC-9CB19B41F061}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7046EAA1-3531-4C78-9574-5EF339994F29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{866A00A1-4C9B-47FF-8F2A-6734645732E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8696160E-008D-4AAB-8816-F89CED515763}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EF78508-5082-4D5E-ABC0-1300DF640FF1}" = rport=138 | protocol=17 | dir=out | app=system |
"{90D64034-164A-4C71-8543-F42D6E28AE95}" = lport=138 | protocol=17 | dir=in | app=system |
"{9400B287-B293-4124-90EA-15BE519DCA26}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{A47579FA-5044-4EF7-9838-C1781231732B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BCF019DF-975F-4085-99CE-53970AEE53C9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1\wnt500x64\rpcsandrasrv.exe |
"{CF66093E-D9AB-47EA-AF5D-181FE183DBC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3926AB4-7754-4806-94B9-C7164F9D53AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC26DDD8-4612-4364-B231-106D44FBD68B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E3AF3BAA-DA8C-45A8-8FA3-AB0425AFACD1}" = rport=137 | protocol=17 | dir=out | app=system |
"{F90B7C90-F1E0-4CFC-A29A-383517746658}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0178DE39-51A5-4819-A72E-28A50B27FE99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05328237-14CE-4859-8605-0213AE7D7002}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{070898B0-4EA5-4E46-8121-AF6678AFAE6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11F69B0A-50F1-4C22-BF49-E381FDF986EA}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{143B88B2-662C-4BCF-87EF-52610E79AA3D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{16AD03B3-1C3B-4854-AD9D-C10A838DA72C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18506981-F275-4A9D-9DCD-6622B619A3BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E076B79-3692-4ADB-A712-0B237303A0CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2818BD9D-0512-4525-BAAD-F8A2EE009131}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35BCF6E5-D10B-4D07-B514-FB796D70B540}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3EE2AAA4-9571-4E81-9ECC-45A7A280BDCE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3FE59D2B-EDB6-4A77-8E98-4CD357B0598B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{44FBAED3-FB95-4616-89BC-64C6821F05FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4943E3EF-7972-40EE-970F-E5B49B2BC345}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{4F021C8B-119F-4A31-A0F2-2858166634C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5186467E-B821-418F-ABA0-C01560DDE252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52552195-D6ED-4F16-8906-9145E2806337}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{58F605A5-00A8-4674-90F4-FAB0236A523D}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{5C453780-B22A-4C8B-AB51-524F65A7D975}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{5DAF7F2A-AC71-4F22-A139-6B6677C5B4C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6410C264-8FC2-4A0E-AF7C-F62D9EB24EC6}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{652BA1EE-C71E-49D8-A5A4-07C2D9A514B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6641CC72-EDE2-4EA0-85E1-371ADF601E1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6DD423BA-8600-4BE7-A9FB-7944C20F30E0}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{722E736A-F945-4D9A-A7B9-33A6B8510F6E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{754B108F-3AE5-477E-B674-24F1213E8731}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{75A9C82B-EFFF-4A64-AC29-92E77D8726FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7AC0927C-89E8-4E63-AE28-783AFBA2F676}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{853F556B-3F91-4348-ACDE-A1A435CA6410}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93933D42-B1A0-4B84-B96F-A31B1E55FAF6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{99E996EA-8DE3-4E7A-A8B2-3665D6D2B7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AD3F485D-CB58-4D6B-93B0-13911ED4DC08}" = protocol=6 | dir=out | app=system |
"{B1D1013C-D277-4E47-B9FF-2926CFF879C6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B9ABF1D7-C7D4-4978-8A57-75A860F6104C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{BEFF1739-F72D-457E-9091-312823DB271D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C25D0A22-F99A-4EFF-BB80-5BAAB0C2B987}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC077D3B-7F6B-4468-AA02-077553FDDB39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CE5CFD2D-13F8-4D6C-94BF-611125BDF141}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D7D85E26-402D-4B84-82BD-308BB5E03E96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7E78397-E68D-47A8-A4B4-64A7EA5EEB06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E9F0E1B7-56F6-4C0C-AE9E-D0E3E2B848FC}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"TCP Query User{8193FC04-B784-440F-A110-BD0FD23FAFD3}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
"UDP Query User{DE579F62-CB7C-4644-BAF0-775033A75CF5}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{69EE6860-60BB-4F22-A839-DF2E0C3F17D1}" = FastPictureViewer Professional 1.9.261.0 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.2.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.62 (64-bit)
"TeraCopy_is1" = TeraCopy 2.27
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0A07E5D2-DAFB-42A9-8927-05C5F8E35F1A}" = Serif PagePlus 11
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{245F5D2D-6F34-4970-B8D7-D6F3C3C07575}" = ZoneAlarm Firewall
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2c132a50-3e12-4f5c-813d-a5579a94af25}" = Nero 9
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.103.12040
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{868AAEB3-5BDD-410F-8F7A-71D4C62D824C}" = ZoneAlarm Antivirus
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89880DE8-2BAE-43B4-982B-EE0AA3C8753D}" = Timex Trainer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6231F-D670-4AFD-9512-957515E2E1DF}" = Timex Data Link USB
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96ACE4A4-C769-47D2-9FCE-4F46754857E7}" = ZoneAlarm Security
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF399570-0FB0-122E-0C35-849F15AFAB19}" = Application Profiles
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B638BA42-AE8C-4A1C-89C9-A7801F8BBBB9}" = HD Writer AE 2.6T
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9A391A7-E3C0-45B3-9A8E-1D878C9A3997}" = Serif PagePlus 11 Ressourcen
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CF566D77-F6F4-420C-91D5-3C4808547443}" = NWZ-S760 WALKMAN Guide
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9BAA0FD-3D69-43C2-B587-B153E402EFA3}" = Chipkartenleser Treiberinstallation
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"9781408216477-SPKOUTUIAB" = Speakout Upper-intermediate ActiveBook
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DivX Setup" = DivX-Setup
"Easy File Undelete" = Easy File Undelete
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"iCare Data Recovery_is1" = iCare Data Recovery 4.6.4
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full)
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MTG Card Images for Magic Workstation_is1" = MTG Card Images for Magic Workstation
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"MyTomTom" = MyTomTom 3.1.0.530
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PowerLame" = PowerLame (remove only)
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"xp-AntiSpy" = xp-AntiSpy 3.98-2
"ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite
"ZoneAlarm_Deutsch Toolbar" = ZoneAlarm Deutsch Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29.09.2012 03:01:29 | Computer Name = K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29.09.2012 03:01:29 | Computer Name = K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3027

Error - 29.09.2012 03:01:29 | Computer Name = K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3027

Error - 29.09.2012 03:01:30 | Computer Name = K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29.09.2012 03:01:30 | Computer Name = K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4025

Error - 29.09.2012 03:01:30 | Computer Name = K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4025

Error - 14.10.2012 16:44:24 | Computer Name = K******* | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: navigator.exe, Version: 0.0.0.0,
Zeitstempel: 0x47bb0e68 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0551125a ID des fehlerhaften
Prozesses: 0x430 Startzeit der fehlerhaften Anwendung: 0x01cdaa4bb32281f3 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Netscape\Navigator 9\navigator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: efecc894-163f-11e2-bda0-0011f602ff12

Error - 15.10.2012 10:18:30 | Computer Name =*******| Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: navigator.exe, Version: 0.0.0.0,
Zeitstempel: 0x47bb0e68 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x07cad1ca ID des fehlerhaften
Prozesses: 0x518 Startzeit der fehlerhaften Anwendung: 0x01cdaaded430d7b3 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Netscape\Navigator 9\navigator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 3157e163-16d3-11e2-8fbf-0011f602ff12

Error - 16.10.2012 14:34:17 | Computer Name = K*******| Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 16.10.2012 14:34:43 | Computer Name = K*******| Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 02.07.2012 02:49:41 | Computer Name = K*******| Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error - 02.07.2012 02:50:23 | Computer Name = K*******| Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2

Error - 02.07.2012 03:12:21 | Computer Name = K******* | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.

Error - 02.07.2012 03:26:30 | Computer Name = K*******| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.

Error - 02.07.2012 16:41:54 | Computer Name = K*******| Source = DCOM | ID = 10010
Description =

Error - 03.07.2012 04:46:10 | Computer Name = K*******| Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error - 03.07.2012 04:46:51 | Computer Name = K*******| Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%2

Error - 03.07.2012 05:31:30 | Computer Name = KK*******| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.

Error - 03.07.2012 05:31:43 | Computer Name = K*******| Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.

Error - 03.07.2012 06:04:03 | Computer Name = K*******| Source = DCOM | ID = 10010
Description =


< End of report >

Nachdem der Rechner eingefroren war habe ich diesen im abgesicherten Modus gestartet.
Danach habe ich Malwarebytes antimalware installiert und den Rechner gescannt.
Hier das Ergebnis:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.31.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Hannes :: K*******-SD [Administrator]

Schutz: Deaktiviert

31.12.2012 14:33:13
mbam-log-2012-12-31 (14-33-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206176
Laufzeit: 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Hannes\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Danach hatte ich wieder Zugriff auf den Rechner.

Einen weiteren Scan habe ich dann mit Avira laufen lassen:



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 31. Dezember 2012 14:38


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : K*******

Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 15:54:56
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 15:54:56
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 15:55:03
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 10.12.2012 12:42:59
AVREG.DLL : 13.6.0.406 248096 Bytes 10.12.2012 12:42:59
avlode.dll : 13.6.1.402 428832 Bytes 10.12.2012 12:42:59
avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 12:42:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 16:38:33
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 16:38:33
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 16:38:34
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 16:38:34
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 16:38:34
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 16:38:34
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 16:38:34
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 16:38:34
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 06:28:04
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 14:31:58
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 18:50:37
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 16:41:14
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 17:01:26
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 20:48:22
VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 19:25:47
VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 15:41:29
VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 05:31:09
VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 20:24:55
VBASE025.VDF : 7.11.53.237 152064 Bytes 14.12.2012 03:49:56
VBASE026.VDF : 7.11.54.23 149504 Bytes 17.12.2012 16:03:30
VBASE027.VDF : 7.11.54.67 130048 Bytes 18.12.2012 19:24:55
VBASE028.VDF : 7.11.54.153 292352 Bytes 21.12.2012 10:08:16
VBASE029.VDF : 7.11.55.1 300032 Bytes 28.12.2012 19:25:52
VBASE030.VDF : 7.11.55.2 2048 Bytes 28.12.2012 19:25:52
VBASE031.VDF : 7.11.55.50 96768 Bytes 31.12.2012 11:42:28
Engineversion : 8.2.10.224
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55
AESCRIPT.DLL : 8.1.4.78 467323 Bytes 20.12.2012 15:13:22
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 20:54:48
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 14:18:14
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 15:13:22
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:25:00
AEHEUR.DLL : 8.1.4.168 5628280 Bytes 20.12.2012 15:13:22
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 15:52:32
AEGEN.DLL : 8.1.6.12 434549 Bytes 13.12.2012 20:54:47
AEEXP.DLL : 8.3.0.4 184692 Bytes 20.12.2012 15:13:22
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 20:54:47
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:24:58
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 18:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 15:54:56
AVREP.DLL : 13.4.0.360 177952 Bytes 10.12.2012 12:42:59
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 15:54:54
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 15:54:55
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 18:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 15:55:03
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 15:54:53
RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 15:54:53

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, F:, G:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Montag, 31. Dezember 2012 14:38

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD7
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SbieSvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'IswSvc.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'ForceField.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'DAODx.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'DVMExportService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'SbieCtrl.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'uTorrent.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSMMgr.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'Scan2Pc.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'caller64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'mantispm.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'WMIADAP.EXE' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('20' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3883' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Systemdatenträger>
[0] Archivtyp: RSRC
--> C:\Users\Hannes\AppData\Local\Temp\jar_cache8716195070358665106.tmp
[1] Archivtyp: ZIP
--> ewjvaiwebvhtuai124a.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QJ
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> test.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Hannes\AppData\Local\Temp\jar_cache8716195070358665106.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
Beginne mit der Suche in 'F:\' <SICHERUNG>
Beginne mit der Suche in 'G:\' <Volume>

Beginne mit der Desinfektion:
C:\Users\Hannes\AppData\Local\Temp\jar_cache8716195070358665106.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.QK
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!


Ende des Suchlaufs: Dienstag, 1. Januar 2013 02:16
Benötigte Zeit: 3:33:38 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

33692 Verzeichnisse wurden überprüft
762207 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
762204 Dateien ohne Befall
15419 Archive wurden durchsucht
2 Warnungen
3 Hinweise
1153356 Objekte wurden beim Rootkitscan durchsucht
2 Versteckte Objekte wurden gefunden

Ein weiterer Scan mit Zone Alarm Internet Security brachte keine Ergebnisse.
Ein weiterer Scan mit Malwarebytes anti-rootkit brachte ebenfalls keine Ergebnisse.

Meine Frage ist nun:

Was sollte ich noch tun um ein sauberes System zu gewährleisten?
Was hat es mit den beiden versteckten Registry (Avira log-file) Einträgen auf sich?

Ich benutze einen Netgear W-Lan Router mit WPA-PSK [TKIP] + WPA2-PSK [AES] Verschlüsselung.
Von meinem Rechner hatte ich nach dem Trojaner Befall den Netzwerkadapter deaktiviert.
Im logfile des Routers tauchen folgende Einträge auf:

Tuesday, Jan 01,2013 03:30:21 [LAN access from remote] from 94.245.121.251:3544 to 192.168.1.3:54942 Tuesday, Jan 01,2013 03:16:46 [LAN access from remote] from 78.99.143.0:42173 to 192.168.1.3:54942

Was bedeutet dies? Hat jemand Fernzugriff auf mein Netzwerk?
Wenn ja, was kann ich dagegen unternehmen?

Danke für Eure Hilfe!

Alt 02.01.2013, 15:30   #2
markusg
/// Malware-holic
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hi
otl.txt fehlt noch :-)
__________________

__________________

Alt 02.01.2013, 17:40   #3
yota
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hallo,

danke für den Hinweis, hatte ich vergessen!!!
Hier ist das Ergebnis:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.01.2013 14:24:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,50% Memory free
14,83 Gb Paging File | 12,25 Gb Available in Paging File | 82,62% Paging File free
Paging file location(s): c:\pagefile.sys 7000 20000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 185,53 Gb Free Space | 77,83% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 160,26 Gb Free Space | 53,76% Space Free | Partition Type: NTFS
Drive G: | 279,46 Gb Total Space | 93,14 Gb Free Space | 33,33% Space Free | Partition Type: NTFS
Drive N: | 3,73 Gb Total Space | 3,55 Gb Free Space | 95,31% Space Free | Partition Type: FAT32
 
Computer Name: KATZEBOHMHMM-SD | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D79EC34-7A8D-4ADF-BE0E-D6E3F4B743B6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1FD8A543-28A8-46D9-8B37-44EDC5B20651}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1\rpcagentsrv.exe | 
"{20D40265-9982-4499-A593-80E63739A582}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{375023AB-994A-421B-B83A-7E5E11DF177D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3C859CDB-16D7-486B-AB58-827A802F3EA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3CD8A92C-D9C4-4D42-B723-175047AC45D4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{42478138-A6B2-4C73-BB6E-880ED359D0B7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{437566A6-702C-42F8-8717-7E135AD7F8F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{537799EA-6207-4DBB-87C8-F8FED668CB3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{571BD598-5643-4D3A-8AA7-AAD42FC9AC5D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{61CCE494-E745-46D2-AF48-BB6B27058212}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{61DE5B79-BEF1-4614-AB9A-040EE2931B57}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{664BC9A3-E51D-4BBC-A2EE-7800F13228D4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{682422A2-1443-4DB5-B2B0-D32FC1F07EC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{683E58DA-AF45-4924-B1DC-9CB19B41F061}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7046EAA1-3531-4C78-9574-5EF339994F29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{866A00A1-4C9B-47FF-8F2A-6734645732E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8696160E-008D-4AAB-8816-F89CED515763}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8EF78508-5082-4D5E-ABC0-1300DF640FF1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{90D64034-164A-4C71-8543-F42D6E28AE95}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9400B287-B293-4124-90EA-15BE519DCA26}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{A47579FA-5044-4EF7-9838-C1781231732B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BCF019DF-975F-4085-99CE-53970AEE53C9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp1\wnt500x64\rpcsandrasrv.exe | 
"{CF66093E-D9AB-47EA-AF5D-181FE183DBC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3926AB4-7754-4806-94B9-C7164F9D53AF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DC26DDD8-4612-4364-B231-106D44FBD68B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E3AF3BAA-DA8C-45A8-8FA3-AB0425AFACD1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F90B7C90-F1E0-4CFC-A29A-383517746658}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0178DE39-51A5-4819-A72E-28A50B27FE99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{05328237-14CE-4859-8605-0213AE7D7002}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{070898B0-4EA5-4E46-8121-AF6678AFAE6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{11F69B0A-50F1-4C22-BF49-E381FDF986EA}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{143B88B2-662C-4BCF-87EF-52610E79AA3D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{16AD03B3-1C3B-4854-AD9D-C10A838DA72C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{18506981-F275-4A9D-9DCD-6622B619A3BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1E076B79-3692-4ADB-A712-0B237303A0CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2818BD9D-0512-4525-BAAD-F8A2EE009131}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{35BCF6E5-D10B-4D07-B514-FB796D70B540}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3EE2AAA4-9571-4E81-9ECC-45A7A280BDCE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3FE59D2B-EDB6-4A77-8E98-4CD357B0598B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{44FBAED3-FB95-4616-89BC-64C6821F05FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4943E3EF-7972-40EE-970F-E5B49B2BC345}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{4F021C8B-119F-4A31-A0F2-2858166634C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5186467E-B821-418F-ABA0-C01560DDE252}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52552195-D6ED-4F16-8906-9145E2806337}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{58F605A5-00A8-4674-90F4-FAB0236A523D}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{5C453780-B22A-4C8B-AB51-524F65A7D975}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{5DAF7F2A-AC71-4F22-A139-6B6677C5B4C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6410C264-8FC2-4A0E-AF7C-F62D9EB24EC6}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{652BA1EE-C71E-49D8-A5A4-07C2D9A514B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6641CC72-EDE2-4EA0-85E1-371ADF601E1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DD423BA-8600-4BE7-A9FB-7944C20F30E0}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{722E736A-F945-4D9A-A7B9-33A6B8510F6E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{754B108F-3AE5-477E-B674-24F1213E8731}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{75A9C82B-EFFF-4A64-AC29-92E77D8726FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7AC0927C-89E8-4E63-AE28-783AFBA2F676}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{853F556B-3F91-4348-ACDE-A1A435CA6410}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{93933D42-B1A0-4B84-B96F-A31B1E55FAF6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{99E996EA-8DE3-4E7A-A8B2-3665D6D2B7AC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{AD3F485D-CB58-4D6B-93B0-13911ED4DC08}" = protocol=6 | dir=out | app=system | 
"{B1D1013C-D277-4E47-B9FF-2926CFF879C6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B9ABF1D7-C7D4-4978-8A57-75A860F6104C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{BEFF1739-F72D-457E-9091-312823DB271D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C25D0A22-F99A-4EFF-BB80-5BAAB0C2B987}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC077D3B-7F6B-4468-AA02-077553FDDB39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CE5CFD2D-13F8-4D6C-94BF-611125BDF141}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D7D85E26-402D-4B84-82BD-308BB5E03E96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7E78397-E68D-47A8-A4B4-64A7EA5EEB06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E9F0E1B7-56F6-4C0C-AE9E-D0E3E2B848FC}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"TCP Query User{8193FC04-B784-440F-A110-BD0FD23FAFD3}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | 
"UDP Query User{DE579F62-CB7C-4644-BAF0-775033A75CF5}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{69EE6860-60BB-4F22-A839-DF2E0C3F17D1}" = FastPictureViewer Professional 1.9.261.0 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.2.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.62 (64-bit)
"TeraCopy_is1" = TeraCopy 2.27
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0A07E5D2-DAFB-42A9-8927-05C5F8E35F1A}" = Serif PagePlus 11
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{245F5D2D-6F34-4970-B8D7-D6F3C3C07575}" = ZoneAlarm Firewall
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2c132a50-3e12-4f5c-813d-a5579a94af25}" = Nero 9
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = EOS Capture 1.5
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.103.12040
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{868AAEB3-5BDD-410F-8F7A-71D4C62D824C}" = ZoneAlarm Antivirus
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89880DE8-2BAE-43B4-982B-EE0AA3C8753D}" = Timex Trainer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6231F-D670-4AFD-9512-957515E2E1DF}" = Timex Data Link USB
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96ACE4A4-C769-47D2-9FCE-4F46754857E7}" = ZoneAlarm Security
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF399570-0FB0-122E-0C35-849F15AFAB19}" = Application Profiles
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B638BA42-AE8C-4A1C-89C9-A7801F8BBBB9}" = HD Writer AE 2.6T
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9A391A7-E3C0-45B3-9A8E-1D878C9A3997}" = Serif PagePlus 11 Ressourcen
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CF566D77-F6F4-420C-91D5-3C4808547443}" = NWZ-S760 WALKMAN Guide
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9BAA0FD-3D69-43C2-B587-B153E402EFA3}" = Chipkartenleser Treiberinstallation
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"9781408216477-SPKOUTUIAB" = Speakout Upper-intermediate ActiveBook
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DivX Setup" = DivX-Setup
"Easy File Undelete" = Easy File Undelete
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Free Audio Converter_is1" = Free Audio Converter version 5.0.15.706
"iCare Data Recovery_is1" = iCare Data Recovery 4.6.4
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}" = Canon Utilities Digital Photo Professional 2.0
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}" = Canon Utilities EOS Capture 1.5
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full)
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MTG Card Images for Magic Workstation_is1" = MTG Card Images for Magic Workstation
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"MyTomTom" = MyTomTom 3.1.0.530
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PowerLame" = PowerLame (remove only)
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"xp-AntiSpy" = xp-AntiSpy 3.98-2
"ZoneAlarm Internet Security Suite" = ZoneAlarm Internet Security Suite
"ZoneAlarm_Deutsch Toolbar" = ZoneAlarm Deutsch Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.09.2012 03:01:29 | Computer Name = K*******| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.09.2012 03:01:29 | Computer Name = K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3027
 
Error - 29.09.2012 03:01:29 | Computer Name = K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3027
 
Error - 29.09.2012 03:01:30 | Computer Name =  K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.09.2012 03:01:30 | Computer Name =  K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4025
 
Error - 29.09.2012 03:01:30 | Computer Name =  K******* | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4025
 
Error - 14.10.2012 16:44:24 | Computer Name =  K******* | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: navigator.exe, Version: 0.0.0.0, 
Zeitstempel: 0x47bb0e68  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0551125a  ID des fehlerhaften
 Prozesses: 0x430  Startzeit der fehlerhaften Anwendung: 0x01cdaa4bb32281f3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Netscape\Navigator 9\navigator.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: efecc894-163f-11e2-bda0-0011f602ff12
 
Error - 15.10.2012 10:18:30 | Computer Name =  K******* | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: navigator.exe, Version: 0.0.0.0, 
Zeitstempel: 0x47bb0e68  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x07cad1ca  ID des fehlerhaften
 Prozesses: 0x518  Startzeit der fehlerhaften Anwendung: 0x01cdaaded430d7b3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Netscape\Navigator 9\navigator.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 3157e163-16d3-11e2-8fbf-0011f602ff12
 
Error - 16.10.2012 14:34:17 | Computer Name =  K*******  | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 16.10.2012 14:34:43 | Computer Name =  K******* | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 02.07.2012 02:49:41 | Computer Name =  K******* | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 02.07.2012 02:50:23 | Computer Name =  K******* | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:   %%2
 
Error - 02.07.2012 03:12:21 | Computer Name =  K*******  | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 02.07.2012 03:26:30 | Computer Name =  K*******  | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 02.07.2012 16:41:54 | Computer Name =  K******* | Source = DCOM | ID = 10010
Description = 
 
Error - 03.07.2012 04:46:10 | Computer Name =  K******* | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 03.07.2012 04:46:51 | Computer Name = K******* | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:   %%2
 
Error - 03.07.2012 05:31:30 | Computer Name =  K******* | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 03.07.2012 05:31:43 | Computer Name =  K******* | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 03.07.2012 06:04:03 | Computer Name =  K******* | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


Danke!

Yota
__________________

Alt 02.01.2013, 19:20   #4
markusg
/// Malware-holic
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hi
lies doch bitte die erste Zeile der logs, das is schon wieder die Extras.txt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.01.2013, 23:45   #5
yota
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



...tschuldigung!!!

Dies ist die richtige?!OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.01.2013 14:24:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,80 Gb Available Physical Memory | 72,50% Memory free
14,83 Gb Paging File | 12,25 Gb Available in Paging File | 82,62% Paging File free
Paging file location(s): c:\pagefile.sys 7000 20000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 185,53 Gb Free Space | 77,83% Space Free | Partition Type: NTFS
Drive F: | 298,09 Gb Total Space | 160,26 Gb Free Space | 53,76% Space Free | Partition Type: NTFS
Drive G: | 279,46 Gb Total Space | 93,14 Gb Free Space | 33,33% Space Free | Partition Type: NTFS
Drive N: | 3,73 Gb Total Space | 3,55 Gb Free Space | 95,31% Space Free | Partition Type: FAT32
 
Computer Name: KATZEBOHMHMM-SD | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.01 14:21:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
PRC - [2012.12.23 17:23:10 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.11 16:55:03 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 16:54:55 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 16:54:55 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011.12.18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2009.10.16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.27 05:03:15 | 000,552,960 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.01.30 12:41:45 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009.02.27 05:03:15 | 000,552,960 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.01.30 12:41:45 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
MOD - [2008.06.26 03:46:07 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll
MOD - [2008.06.26 03:45:06 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.16 17:29:06 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.11 16:55:03 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 16:54:55 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.23 14:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.11.03 15:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.17 16:19:34 | 003,007,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.12 03:20:08 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.11 16:55:06 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 16:55:06 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.26 13:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.17 18:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.14 17:08:38 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010.10.14 17:08:36 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.09.21 16:51:56 | 000,362,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010.06.09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010.04.27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.28 02:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.11 12:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2007.10.22 07:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007.10.22 07:55:45 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2012.08.26 13:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.11.23 14:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.11.03 15:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Program Files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF EC 10 0E 52 C9 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Program Files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0EBA1D41-8539-4F49-AF0A-7AABA703F253}
IE - HKCU\..\SearchScopes\{0EBA1D41-8539-4F49-AF0A-7AABA703F253}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{7A9E7282-1268-4DC8-812D-DDC2B752A224}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{B087261F-AF69-42FE-A5A0-CE3D64B7F6A5}: "URL" = hxxp://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
IE - HKCU\..\SearchScopes\{BC5001FC-643F-494D-B057-7308AD334742}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.03.10 08:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.01.02 18:51:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.08 12:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files (x86)\Netscape\Navigator 9\components [2012.02.27 20:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files (x86)\Netscape\Navigator 9\plugins [2012.08.21 15:00:29 | 000,000,000 | ---D | M]
 
[2012.05.07 14:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions
[2012.05.07 14:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.12.16 12:26:22 | 000,444,933 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15280 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Deutsch Toolbar) - {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Program Files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Deutsch Toolbar) - {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Program Files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Deutsch Toolbar) - {F361B100-73C5-4793-8BCC-6E5C41510210} - C:\Program Files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E68B764D-F3D4-48E0-B64A-1EBFB51C8D7A}: NameServer = 83.169.185.225,83.169.185.161
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a2d20c72-353f-11e1-b4e2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a2d20c72-353f-11e1-b4e2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{c503aea3-3542-11e1-b93d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c503aea3-3542-11e1-b93d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{c503aea4-3542-11e1-b93d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c503aea4-3542-11e1-b93d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setupx.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.01 14:21:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.12.31 16:07:23 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Documents\Network Monitor 3
[2012.12.31 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012.12.31 16:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2012.12.31 14:32:39 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\Programs
[2012.12.31 14:32:25 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes
[2012.12.31 14:32:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.31 14:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.31 14:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.31 14:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.27 12:29:32 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\{689CEC50-A88E-4A8C-875A-C8B90B6F8A80}
[2012.12.27 11:42:32 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\Zeichnungen_Wahrstorf
[2012.12.23 17:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012.12.23 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\uTorrent
[2012.12.09 17:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.12.09 17:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012.12.09 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.01 14:21:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2013.01.01 14:21:15 | 000,000,000 | ---- | M] () -- C:\Users\Hannes\defogger_reenable
[2013.01.01 13:59:51 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.01.01 13:56:52 | 000,023,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 13:56:52 | 000,023,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 13:55:11 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.01 13:55:11 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.01 13:55:11 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.01 13:55:11 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.01 13:55:11 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.01 13:49:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.01 13:49:33 | 2146,000,895 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.31 16:05:57 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012.12.31 14:25:16 | 000,514,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.31 12:59:29 | 000,002,914 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.30 12:56:16 | 000,119,648 | ---- | M] () -- C:\Users\Hannes\Documents\Readiris.DUS
[2012.12.30 12:44:52 | 000,004,420 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\wklnhst.dat
[2012.12.28 20:33:31 | 000,000,282 | ---- | M] () -- C:\Users\Hannes\Desktop\shockwave-flash.reg
[2012.12.25 12:44:48 | 000,165,715 | ---- | M] () -- C:\Users\Hannes\Desktop\hohe_taegliche_aufnahmemengen_von_zimt_gesundheitsrisiko_kann_nicht_ausgeschlossen_werden.pdf
[2012.12.23 17:17:40 | 000,000,962 | ---- | M] () -- C:\Users\Hannes\Documents\cc_20121223_171735.reg
[2012.12.19 21:31:09 | 000,001,332 | ---- | M] () -- C:\Users\Hannes\Documents\cc_20121219_213103.reg
[2012.12.16 16:38:57 | 000,441,797 | ---- | M] () -- C:\Users\Hannes\Desktop\Transportrechnng 28.02.2011.pdf
[2012.12.16 12:26:22 | 000,444,933 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121231-155754.backup
[2012.12.16 12:26:22 | 000,444,933 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 16:23:20 | 000,006,378 | ---- | M] () -- C:\Users\Hannes\Documents\cc_20121212_162316.reg
[2012.12.12 16:19:56 | 000,041,159 | -HS- | M] () -- C:\Users\Hannes\Desktop\Folder.jpg
[2012.12.12 16:19:56 | 000,009,296 | -HS- | M] () -- C:\Users\Hannes\Desktop\AlbumArtSmall.jpg
[2012.12.11 22:28:19 | 000,001,361 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.12.11 16:55:06 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.11 16:55:06 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.01 14:21:15 | 000,000,000 | ---- | C] () -- C:\Users\Hannes\defogger_reenable
[2012.12.31 16:05:57 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012.12.31 14:25:11 | 000,514,304 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.31 12:59:29 | 000,002,914 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 20:33:31 | 000,000,282 | ---- | C] () -- C:\Users\Hannes\Desktop\shockwave-flash.reg
[2012.12.25 12:44:48 | 000,165,715 | ---- | C] () -- C:\Users\Hannes\Desktop\hohe_taegliche_aufnahmemengen_von_zimt_gesundheitsrisiko_kann_nicht_ausgeschlossen_werden.pdf
[2012.12.23 17:17:38 | 000,000,962 | ---- | C] () -- C:\Users\Hannes\Documents\cc_20121223_171735.reg
[2012.12.19 21:31:07 | 000,001,332 | ---- | C] () -- C:\Users\Hannes\Documents\cc_20121219_213103.reg
[2012.12.16 16:38:57 | 000,441,797 | ---- | C] () -- C:\Users\Hannes\Desktop\Transportrechnng 28.02.2011.pdf
[2012.12.12 16:23:18 | 000,006,378 | ---- | C] () -- C:\Users\Hannes\Documents\cc_20121212_162316.reg
[2012.12.12 16:15:30 | 000,041,159 | -HS- | C] () -- C:\Users\Hannes\Desktop\Folder.jpg
[2012.12.12 16:15:30 | 000,009,296 | -HS- | C] () -- C:\Users\Hannes\Desktop\AlbumArtSmall.jpg
[2012.12.11 22:28:19 | 000,001,361 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.07.10 12:06:48 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.07.05 10:31:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.07.05 10:31:33 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.07.05 10:31:13 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.07.05 10:31:13 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.07.05 09:04:44 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2012.07.04 21:45:00 | 000,000,650 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\default.rss
[2012.07.03 11:33:03 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.03 11:33:03 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.03 11:33:02 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.06.29 10:20:46 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.04.30 08:18:04 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.04.18 15:51:12 | 000,200,524 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.27 20:56:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.01.15 18:04:15 | 011,296,768 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\Sandra.mdb
[2012.01.04 14:43:52 | 000,001,784 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.01.02 17:56:09 | 000,004,420 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\wklnhst.dat
[2012.01.02 15:07:29 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.01.02 15:07:24 | 000,011,196 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\SmarThruOptions.xml
[2012.01.02 15:07:13 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2012.01.02 15:07:09 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2012.01.02 15:07:04 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2012.01.02 15:07:02 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2012.01.02 15:05:57 | 000,110,592 | R--- | C] () -- C:\Windows\Wiainst.exe
[2012.01.02 14:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.02 13:55:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.02 13:55:14 | 000,032,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.01 14:22:17 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\#ISW.FS#
[2012.02.22 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Amazon
[2012.01.22 17:58:59 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\CAD-KAS
[2012.07.05 09:13:06 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Canon
[2012.01.02 18:51:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\CheckPoint
[2012.01.22 18:58:39 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Downloaded Installations
[2012.07.11 18:12:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoft
[2012.01.15 17:56:19 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\IrfanView
[2012.01.04 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Leadertech
[2012.01.03 10:55:13 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MailFrontier
[2012.12.25 10:34:22 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MOBackup
[2012.02.27 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Netscape
[2012.01.22 18:11:20 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Nitro PDF
[2012.01.22 12:53:38 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Nokia
[2012.01.22 12:53:38 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Nokia Suite
[2012.07.30 16:57:51 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Opera
[2012.05.15 20:04:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PC Suite
[2012.12.30 14:15:56 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\PDF Editor 64bit 3
[2012.01.22 18:40:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Serif
[2012.01.02 15:07:26 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\SmarThru4
[2012.07.07 15:00:22 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Sony
[2012.10.16 16:41:50 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Sony Network Entertainment International LLC
[2012.01.02 17:56:09 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Template
[2012.06.26 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TeraCopy
[2012.05.07 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TomTom
[2013.01.01 14:30:54 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
VG

Yota


Alt 03.01.2013, 17:22   #6
markusg
/// Malware-holic
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hi
du hast doch Sandboxie instaliert, nutzt du das gar nicht, denn so hätte die Infektion vermieden werden können.
zumindest wenn sie über den Browser kam
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> Bundestrojaner / JAVA/Jogek.QK

Alt 04.01.2013, 11:18   #7
yota
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hallo,

ja, das mit der Sandbox habe ich in letzter Zeit vernachlässigt...
Hier ist der Scan:

12:09:02.0676 6228 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:09:03.0113 6228 ============================================================
12:09:03.0113 6228 Current date / time: 2013/01/04 12:09:03.0113
12:09:03.0113 6228 SystemInfo:
12:09:03.0114 6228
12:09:03.0114 6228 OS Version: 6.1.7601 ServicePack: 1.0
12:09:03.0114 6228 Product type: Workstation
12:09:03.0114 6228 ComputerName: KATZEBOHMHMM-SD
12:09:03.0115 6228 UserName: Hannes
12:09:03.0115 6228 Windows directory: C:\Windows
12:09:03.0115 6228 System windows directory: C:\Windows
12:09:03.0115 6228 Running under WOW64
12:09:03.0115 6228 Processor architecture: Intel x64
12:09:03.0115 6228 Number of processors: 4
12:09:03.0115 6228 Page size: 0x1000
12:09:03.0115 6228 Boot type: Normal boot
12:09:03.0115 6228 ============================================================
12:09:03.0621 6228 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:03.0636 6228 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:03.0646 6228 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:03.0680 6228 Drive \Device\Harddisk7\DR7 - Size: 0xEF600000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:09:03.0682 6228 ============================================================
12:09:03.0682 6228 \Device\Harddisk0\DR0:
12:09:03.0682 6228 MBR partitions:
12:09:03.0682 6228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:09:03.0682 6228 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
12:09:03.0682 6228 \Device\Harddisk1\DR1:
12:09:03.0682 6228 MBR partitions:
12:09:03.0682 6228 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22EEB000
12:09:03.0682 6228 \Device\Harddisk2\DR2:
12:09:03.0688 6228 MBR partitions:
12:09:03.0688 6228 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
12:09:03.0688 6228 \Device\Harddisk7\DR7:
12:09:03.0689 6228 MBR partitions:
12:09:03.0689 6228 \Device\Harddisk7\DR7\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x779000
12:09:03.0689 6228 ============================================================
12:09:03.0690 6228 C: <-> \Device\Harddisk0\DR0\Partition2
12:09:03.0709 6228 F: <-> \Device\Harddisk2\DR2\Partition1
12:09:03.0761 6228 G: <-> \Device\Harddisk1\DR1\Partition1
12:09:03.0761 6228 ============================================================
12:09:03.0761 6228 Initialize success
12:09:03.0761 6228 ============================================================
12:09:42.0490 3204 ============================================================
12:09:42.0490 3204 Scan started
12:09:42.0490 3204 Mode: Manual; SigCheck; TDLFS;
12:09:42.0490 3204 ============================================================
12:09:42.0677 3204 ================ Scan system memory ========================
12:09:42.0677 3204 System memory - ok
12:09:42.0678 3204 ================ Scan services =============================
12:09:42.0707 3204 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:09:42.0913 3204 1394ohci - ok
12:09:42.0918 3204 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:09:42.0967 3204 ACPI - ok
12:09:42.0970 3204 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:09:43.0053 3204 AcpiPmi - ok
12:09:43.0058 3204 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:09:43.0073 3204 AdobeARMservice - ok
12:09:43.0080 3204 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:09:43.0141 3204 adp94xx - ok
12:09:43.0147 3204 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:09:43.0203 3204 adpahci - ok
12:09:43.0208 3204 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:09:43.0264 3204 adpu320 - ok
12:09:43.0269 3204 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:09:43.0359 3204 AeLookupSvc - ok
12:09:43.0366 3204 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:09:43.0434 3204 AFD - ok
12:09:43.0438 3204 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:09:43.0493 3204 agp440 - ok
12:09:43.0497 3204 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:09:43.0531 3204 ALG - ok
12:09:43.0534 3204 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:09:43.0588 3204 aliide - ok
12:09:43.0593 3204 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:09:43.0659 3204 AMD External Events Utility - ok
12:09:43.0663 3204 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:09:43.0716 3204 amdide - ok
12:09:43.0720 3204 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
12:09:43.0780 3204 amdiox64 - ok
12:09:43.0784 3204 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:09:43.0851 3204 AmdK8 - ok
12:09:43.0927 3204 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:09:44.0099 3204 amdkmdag - ok
12:09:44.0109 3204 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:09:44.0171 3204 amdkmdap - ok
12:09:44.0174 3204 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:09:44.0196 3204 AmdPPM - ok
12:09:44.0200 3204 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
12:09:44.0245 3204 amdsata - ok
12:09:44.0250 3204 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:09:44.0306 3204 amdsbs - ok
12:09:44.0310 3204 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
12:09:44.0353 3204 amdxata - ok
12:09:44.0360 3204 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:09:44.0373 3204 AntiVirSchedulerService - ok
12:09:44.0376 3204 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:09:44.0388 3204 AntiVirService - ok
12:09:44.0393 3204 [ B5C0F65D6657C6ADD9ED75EC7583390B ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
12:09:44.0449 3204 AnyDVD - ok
12:09:44.0452 3204 AODDriver4.01 - ok
12:09:44.0456 3204 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:09:44.0566 3204 AppID - ok
12:09:44.0569 3204 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:09:44.0614 3204 AppIDSvc - ok
12:09:44.0617 3204 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:09:44.0650 3204 Appinfo - ok
12:09:44.0654 3204 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:09:44.0707 3204 arc - ok
12:09:44.0711 3204 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:09:44.0765 3204 arcsas - ok
12:09:44.0781 3204 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
12:09:44.0829 3204 AsIO - ok
12:09:44.0832 3204 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
12:09:44.0880 3204 AsUpIO - ok
12:09:44.0883 3204 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:09:44.0920 3204 AsyncMac - ok
12:09:44.0924 3204 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:09:44.0943 3204 atapi - ok
12:09:44.0948 3204 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:09:45.0004 3204 AtiHDAudioService - ok
12:09:45.0008 3204 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:09:45.0070 3204 AtiHdmiService - ok
12:09:45.0073 3204 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:09:45.0115 3204 AtiPcie - ok
12:09:45.0123 3204 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:09:45.0172 3204 AudioEndpointBuilder - ok
12:09:45.0180 3204 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:09:45.0211 3204 AudioSrv - ok
12:09:45.0215 3204 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:09:45.0237 3204 avgntflt - ok
12:09:45.0240 3204 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:09:45.0264 3204 avipbb - ok
12:09:45.0267 3204 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:09:45.0287 3204 avkmgr - ok
12:09:45.0290 3204 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:09:45.0328 3204 AxInstSV - ok
12:09:45.0335 3204 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:09:45.0403 3204 b06bdrv - ok
12:09:45.0410 3204 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:09:45.0469 3204 b57nd60a - ok
12:09:45.0475 3204 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:09:45.0509 3204 BDESVC - ok
12:09:45.0512 3204 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:09:45.0611 3204 Beep - ok
12:09:45.0621 3204 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:09:45.0756 3204 BFE - ok
12:09:45.0766 3204 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:09:45.0842 3204 BITS - ok
12:09:45.0846 3204 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:09:45.0993 3204 blbdrive - ok
12:09:46.0000 3204 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:09:46.0035 3204 Bonjour Service - ok
12:09:46.0039 3204 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:09:46.0436 3204 bowser - ok
12:09:46.0439 3204 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:09:46.0617 3204 BrFiltLo - ok
12:09:46.0620 3204 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:09:46.0764 3204 BrFiltUp - ok
12:09:46.0768 3204 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:09:46.0818 3204 Browser - ok
12:09:46.0824 3204 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:09:46.0912 3204 Brserid - ok
12:09:46.0916 3204 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:09:47.0014 3204 BrSerWdm - ok
12:09:47.0017 3204 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:09:47.0110 3204 BrUsbMdm - ok
12:09:47.0114 3204 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:09:47.0223 3204 BrUsbSer - ok
12:09:47.0226 3204 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:09:47.0327 3204 BthEnum - ok
12:09:47.0331 3204 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:09:47.0443 3204 BTHMODEM - ok
12:09:47.0447 3204 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:09:47.0523 3204 BthPan - ok
12:09:47.0530 3204 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:09:47.0674 3204 BTHPORT - ok
12:09:47.0678 3204 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:09:47.0767 3204 bthserv - ok
12:09:47.0771 3204 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:09:47.0865 3204 BTHUSB - ok
12:09:47.0869 3204 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:09:47.0939 3204 cdfs - ok
12:09:47.0943 3204 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:09:48.0002 3204 cdrom - ok
12:09:48.0005 3204 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:09:48.0072 3204 CertPropSvc - ok
12:09:48.0076 3204 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:09:48.0132 3204 circlass - ok
12:09:48.0138 3204 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:09:48.0189 3204 CLFS - ok
12:09:48.0196 3204 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:09:48.0255 3204 clr_optimization_v2.0.50727_32 - ok
12:09:48.0262 3204 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:09:48.0317 3204 clr_optimization_v2.0.50727_64 - ok
12:09:48.0325 3204 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:09:48.0372 3204 clr_optimization_v4.0.30319_32 - ok
12:09:48.0379 3204 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:09:48.0425 3204 clr_optimization_v4.0.30319_64 - ok
12:09:48.0429 3204 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:09:48.0484 3204 CmBatt - ok
12:09:48.0487 3204 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:09:48.0541 3204 cmdide - ok
12:09:48.0548 3204 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
12:09:48.0607 3204 CNG - ok
12:09:48.0610 3204 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:09:48.0663 3204 Compbatt - ok
12:09:48.0666 3204 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:09:48.0743 3204 CompositeBus - ok
12:09:48.0746 3204 COMSysApp - ok
12:09:48.0750 3204 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:09:48.0856 3204 crcdisk - ok
12:09:48.0861 3204 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:09:48.0968 3204 CryptSvc - ok
12:09:48.0976 3204 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:09:49.0120 3204 DcomLaunch - ok
12:09:49.0126 3204 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:09:49.0198 3204 defragsvc - ok
12:09:49.0202 3204 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:09:49.0258 3204 DfsC - ok
12:09:49.0261 3204 [ CFBB4907C7542180B5E0282301240006 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
12:09:49.0288 3204 DgiVecp - ok
12:09:49.0293 3204 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:09:49.0345 3204 Dhcp - ok
12:09:49.0349 3204 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:09:49.0417 3204 discache - ok
12:09:49.0422 3204 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:09:49.0515 3204 Disk - ok
12:09:49.0520 3204 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:09:49.0552 3204 Dnscache - ok
12:09:49.0557 3204 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:09:49.0615 3204 dot3svc - ok
12:09:49.0619 3204 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:09:49.0681 3204 DPS - ok
12:09:49.0684 3204 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:09:49.0758 3204 drmkaud - ok
12:09:49.0766 3204 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
12:09:49.0798 3204 DvmMDES ( UnsignedFile.Multi.Generic ) - warning
12:09:49.0798 3204 DvmMDES - detected UnsignedFile.Multi.Generic (1)
12:09:49.0809 3204 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:09:49.0931 3204 DXGKrnl - ok
12:09:49.0936 3204 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:09:49.0991 3204 EapHost - ok
12:09:50.0017 3204 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:09:50.0122 3204 ebdrv - ok
12:09:50.0127 3204 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:09:50.0188 3204 EFS - ok
12:09:50.0198 3204 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:09:50.0309 3204 ehRecvr - ok
12:09:50.0313 3204 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:09:50.0422 3204 ehSched - ok
12:09:50.0426 3204 [ 9387A484D31209D7FC3F795A787294DB ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
12:09:50.0541 3204 ElbyCDFL - ok
12:09:50.0545 3204 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
12:09:50.0662 3204 ElbyCDIO - ok
12:09:50.0669 3204 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:09:50.0786 3204 elxstor - ok
12:09:50.0789 3204 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:09:50.0981 3204 ErrDev - ok
12:09:50.0992 3204 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:09:51.0036 3204 EventSystem - ok
12:09:51.0042 3204 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:09:51.0106 3204 exfat - ok
12:09:51.0111 3204 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:09:51.0176 3204 fastfat - ok
12:09:51.0185 3204 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:09:51.0268 3204 Fax - ok
12:09:51.0272 3204 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:09:51.0319 3204 fdc - ok
12:09:51.0322 3204 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:09:51.0363 3204 fdPHost - ok
12:09:51.0367 3204 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:09:51.0407 3204 FDResPub - ok
12:09:51.0411 3204 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:09:51.0459 3204 FileInfo - ok
12:09:51.0462 3204 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:09:51.0525 3204 Filetrace - ok
12:09:51.0528 3204 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:09:51.0575 3204 flpydisk - ok
12:09:51.0581 3204 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:09:51.0692 3204 FltMgr - ok
12:09:51.0704 3204 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:09:51.0810 3204 FontCache - ok
12:09:51.0814 3204 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:09:51.0920 3204 FontCache3.0.0.0 - ok
12:09:51.0923 3204 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:09:51.0954 3204 FsDepends - ok
12:09:51.0958 3204 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:09:52.0012 3204 Fs_Rec - ok
12:09:52.0017 3204 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:09:52.0061 3204 fvevol - ok
12:09:52.0065 3204 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:09:52.0097 3204 gagp30kx - ok
12:09:52.0107 3204 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:09:52.0175 3204 gpsvc - ok
12:09:52.0179 3204 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:09:52.0215 3204 hcw85cir - ok
12:09:52.0220 3204 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:09:52.0285 3204 HdAudAddService - ok
12:09:52.0289 3204 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:09:52.0335 3204 HDAudBus - ok
12:09:52.0339 3204 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:09:52.0373 3204 HidBatt - ok
12:09:52.0377 3204 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:09:52.0429 3204 HidBth - ok
12:09:52.0432 3204 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:09:52.0468 3204 HidIr - ok
12:09:52.0471 3204 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:09:52.0531 3204 hidserv - ok
12:09:52.0534 3204 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:09:52.0609 3204 HidUsb - ok
12:09:52.0613 3204 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:09:52.0680 3204 hkmsvc - ok
12:09:52.0685 3204 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:09:52.0720 3204 HomeGroupListener - ok
12:09:52.0725 3204 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:09:52.0756 3204 HomeGroupProvider - ok
12:09:52.0759 3204 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:09:52.0815 3204 HpSAMD - ok
12:09:52.0824 3204 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:09:52.0888 3204 HTTP - ok
12:09:52.0892 3204 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:09:52.0932 3204 hwpolicy - ok
12:09:52.0936 3204 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:09:52.0993 3204 i8042prt - ok
12:09:53.0000 3204 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:09:53.0036 3204 iaStorV - ok
12:09:53.0046 3204 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:09:53.0118 3204 idsvc - ok
12:09:53.0122 3204 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:09:53.0152 3204 iirsp - ok
12:09:53.0162 3204 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:09:53.0213 3204 IKEEXT - ok
12:09:53.0217 3204 IntcAzAudAddService - ok
12:09:53.0220 3204 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:09:53.0274 3204 intelide - ok
12:09:53.0277 3204 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:09:53.0311 3204 intelppm - ok
12:09:53.0315 3204 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:09:53.0365 3204 IPBusEnum - ok
12:09:53.0369 3204 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:09:53.0440 3204 IpFilterDriver - ok
12:09:53.0448 3204 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:09:53.0507 3204 iphlpsvc - ok
12:09:53.0511 3204 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:09:53.0570 3204 IPMIDRV - ok
12:09:53.0574 3204 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:09:53.0623 3204 IPNAT - ok
12:09:53.0626 3204 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:09:53.0683 3204 IRENUM - ok
12:09:53.0686 3204 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:09:53.0741 3204 isapnp - ok
12:09:53.0747 3204 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:09:53.0807 3204 iScsiPrt - ok
12:09:53.0811 3204 [ BF65E6D039AE37C988D5B2B680E7D718 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
12:09:53.0835 3204 ISWKL - ok
12:09:53.0845 3204 [ 99148599FE4D0A5CD7C7EB74ED5A63E4 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
12:09:53.0865 3204 IswSvc - ok
12:09:53.0870 3204 [ 4A8A242FDA43765F4F73ECDE2BA0D62A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
12:09:53.0915 3204 JRAID - ok
12:09:53.0918 3204 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:09:53.0973 3204 kbdclass - ok
12:09:53.0976 3204 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:09:54.0033 3204 kbdhid - ok
12:09:54.0036 3204 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:09:54.0049 3204 KeyIso - ok
12:09:54.0056 3204 [ 8D7120743A0973CEAB548B475C9D4289 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
12:09:54.0087 3204 KL1 - ok
12:09:54.0091 3204 [ CD146D8E525D6EEBDCAF24120A8AB9CE ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
12:09:54.0114 3204 kl2 - ok
12:09:54.0120 3204 [ A4813EE804A1D96DCB01AEFD7F565C6B ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:09:54.0151 3204 KLIF - ok
12:09:54.0155 3204 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:09:54.0211 3204 KSecDD - ok
12:09:54.0215 3204 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:09:54.0264 3204 KSecPkg - ok
12:09:54.0267 3204 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:09:54.0313 3204 ksthunk - ok
12:09:54.0319 3204 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:09:54.0377 3204 KtmRm - ok
12:09:54.0382 3204 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:09:54.0430 3204 LanmanServer - ok
12:09:54.0434 3204 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:09:54.0486 3204 LanmanWorkstation - ok
12:09:54.0491 3204 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:09:54.0544 3204 LHidFilt - ok
12:09:54.0549 3204 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:09:54.0580 3204 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:09:54.0580 3204 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:09:54.0584 3204 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:09:54.0631 3204 lltdio - ok
12:09:54.0637 3204 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:09:54.0709 3204 lltdsvc - ok
12:09:54.0712 3204 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:09:54.0772 3204 lmhosts - ok
12:09:54.0776 3204 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:09:54.0829 3204 LMouFilt - ok
12:09:54.0834 3204 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:09:54.0866 3204 LSI_FC - ok
12:09:54.0870 3204 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:09:54.0903 3204 LSI_SAS - ok
12:09:54.0906 3204 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:09:54.0938 3204 LSI_SAS2 - ok
12:09:54.0942 3204 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:09:54.0989 3204 LSI_SCSI - ok
12:09:54.0992 3204 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:09:55.0056 3204 luafv - ok
12:09:55.0059 3204 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:09:55.0175 3204 MBAMProtector - ok
12:09:55.0181 3204 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:09:55.0212 3204 MBAMScheduler - ok
12:09:55.0221 3204 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:09:55.0254 3204 MBAMService - ok
12:09:55.0258 3204 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:09:55.0335 3204 Mcx2Svc - ok
12:09:55.0339 3204 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:09:55.0384 3204 megasas - ok
12:09:55.0389 3204 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:09:55.0443 3204 MegaSR - ok
12:09:55.0449 3204 Microsoft SharePoint Workspace Audit Service - ok
12:09:55.0452 3204 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:09:55.0544 3204 MMCSS - ok
12:09:55.0548 3204 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:09:55.0610 3204 Modem - ok
12:09:55.0613 3204 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:09:55.0641 3204 monitor - ok
12:09:55.0645 3204 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:09:55.0763 3204 mouclass - ok
12:09:55.0766 3204 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:09:55.0815 3204 mouhid - ok
12:09:55.0819 3204 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:09:55.0903 3204 mountmgr - ok
12:09:55.0907 3204 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:09:56.0028 3204 mpio - ok
12:09:56.0032 3204 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:09:56.0095 3204 mpsdrv - ok
12:09:56.0106 3204 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:09:56.0233 3204 MpsSvc - ok
12:09:56.0238 3204 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:09:56.0374 3204 MRxDAV - ok
12:09:56.0378 3204 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:09:56.0640 3204 mrxsmb - ok
12:09:56.0646 3204 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:09:56.0827 3204 mrxsmb10 - ok
12:09:56.0831 3204 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:09:57.0012 3204 mrxsmb20 - ok
12:09:57.0015 3204 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:09:57.0130 3204 msahci - ok
12:09:57.0140 3204 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:09:57.0259 3204 msdsm - ok
12:09:57.0263 3204 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:09:57.0331 3204 MSDTC - ok
12:09:57.0337 3204 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:09:57.0399 3204 Msfs - ok
12:09:57.0402 3204 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:09:57.0464 3204 mshidkmdf - ok
12:09:57.0467 3204 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:09:57.0582 3204 msisadrv - ok
12:09:57.0587 3204 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:09:57.0655 3204 MSiSCSI - ok
12:09:57.0658 3204 msiserver - ok
12:09:57.0662 3204 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:09:57.0723 3204 MSKSSRV - ok
12:09:57.0725 3204 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:09:57.0786 3204 MSPCLOCK - ok
12:09:57.0789 3204 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:09:57.0849 3204 MSPQM - ok
12:09:57.0855 3204 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:09:57.0967 3204 MsRPC - ok
12:09:57.0972 3204 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:09:58.0095 3204 mssmbios - ok
12:09:58.0098 3204 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:09:58.0159 3204 MSTEE - ok
12:09:58.0162 3204 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:09:58.0207 3204 MTConfig - ok
12:09:58.0210 3204 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
12:09:58.0318 3204 MTsensor - ok
12:09:58.0322 3204 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:09:58.0368 3204 Mup - ok
12:09:58.0375 3204 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:09:58.0440 3204 napagent - ok
12:09:58.0446 3204 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:09:58.0501 3204 NativeWifiP - ok
12:09:58.0512 3204 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
12:09:58.0593 3204 NAUpdate - ok
12:09:58.0609 3204 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:09:58.0656 3204 NDIS - ok
12:09:58.0659 3204 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:09:58.0722 3204 NdisCap - ok
12:09:58.0725 3204 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:09:58.0773 3204 NdisTapi - ok
12:09:58.0776 3204 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:09:58.0844 3204 Ndisuio - ok
12:09:58.0849 3204 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:09:58.0919 3204 NdisWan - ok
12:09:58.0922 3204 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:09:58.0991 3204 NDProxy - ok
12:09:59.0003 3204 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:09:59.0046 3204 Nero BackItUp Scheduler 4.0 - ok
12:09:59.0050 3204 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:09:59.0098 3204 NetBIOS - ok
12:09:59.0103 3204 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:09:59.0161 3204 NetBT - ok
12:09:59.0164 3204 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:09:59.0179 3204 Netlogon - ok
12:09:59.0184 3204 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:09:59.0224 3204 Netman - ok
12:09:59.0232 3204 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:09:59.0288 3204 netprofm - ok
12:09:59.0292 3204 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:09:59.0347 3204 NetTcpPortSharing - ok
12:09:59.0351 3204 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:09:59.0381 3204 nfrd960 - ok
12:09:59.0386 3204 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:09:59.0434 3204 NlaSvc - ok
12:09:59.0440 3204 [ F554C5FD7BD1EFA4DA5CFE2EED86391F ] nm3 C:\Windows\system32\DRIVERS\nm3.sys
12:09:59.0483 3204 nm3 - ok
12:09:59.0486 3204 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:09:59.0533 3204 Npfs - ok
12:09:59.0536 3204 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:09:59.0597 3204 nsi - ok
12:09:59.0600 3204 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:09:59.0665 3204 nsiproxy - ok
12:09:59.0682 3204 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:09:59.0754 3204 Ntfs - ok
12:09:59.0758 3204 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:09:59.0804 3204 Null - ok
12:09:59.0808 3204 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
12:09:59.0854 3204 nusb3hub - ok
12:09:59.0858 3204 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:09:59.0906 3204 nusb3xhc - ok
12:09:59.0910 3204 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:09:59.0944 3204 nvraid - ok
12:09:59.0949 3204 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:09:59.0983 3204 nvstor - ok
12:09:59.0986 3204 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:10:00.0059 3204 nv_agp - ok
12:10:00.0062 3204 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:10:00.0121 3204 ohci1394 - ok
12:10:00.0125 3204 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:10:00.0155 3204 ose - ok
12:10:00.0192 3204 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:10:00.0252 3204 osppsvc - ok
12:10:00.0261 3204 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:10:00.0295 3204 p2pimsvc - ok
12:10:00.0302 3204 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:10:00.0328 3204 p2psvc - ok
12:10:00.0332 3204 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:10:00.0367 3204 Parport - ok
12:10:00.0371 3204 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:10:00.0444 3204 partmgr - ok
12:10:00.0449 3204 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:10:00.0508 3204 PcaSvc - ok
12:10:00.0516 3204 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
12:10:00.0592 3204 pccsmcfd - ok
12:10:00.0596 3204 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:10:00.0655 3204 pci - ok
12:10:00.0658 3204 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:10:00.0714 3204 pciide - ok
12:10:00.0719 3204 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:10:00.0755 3204 pcmcia - ok
12:10:00.0759 3204 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:10:00.0790 3204 pcw - ok
12:10:00.0798 3204 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:10:00.0857 3204 PEAUTH - ok
12:10:00.0875 3204 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:10:00.0917 3204 PerfHost - ok
12:10:00.0935 3204 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:10:00.0998 3204 pla - ok
12:10:01.0005 3204 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:10:01.0041 3204 PlugPlay - ok
12:10:01.0045 3204 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:10:01.0088 3204 PNRPAutoReg - ok
12:10:01.0094 3204 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:10:01.0110 3204 PNRPsvc - ok
12:10:01.0118 3204 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:10:01.0187 3204 PolicyAgent - ok
12:10:01.0193 3204 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:10:01.0259 3204 Power - ok
12:10:01.0263 3204 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:10:01.0331 3204 PptpMiniport - ok
12:10:01.0335 3204 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:10:01.0368 3204 Processor - ok
12:10:01.0373 3204 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:10:01.0448 3204 ProfSvc - ok
12:10:01.0451 3204 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:10:01.0466 3204 ProtectedStorage - ok
12:10:01.0470 3204 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:10:01.0529 3204 Psched - ok
12:10:01.0533 3204 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:10:01.0583 3204 PxHlpa64 - ok
12:10:01.0597 3204 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:10:01.0650 3204 ql2300 - ok
12:10:01.0654 3204 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:10:01.0688 3204 ql40xx - ok
12:10:01.0693 3204 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:10:01.0772 3204 QWAVE - ok
12:10:01.0775 3204 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:10:01.0879 3204 QWAVEdrv - ok
12:10:01.0882 3204 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:10:01.0942 3204 RasAcd - ok
12:10:01.0946 3204 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:10:02.0073 3204 RasAgileVpn - ok
12:10:02.0077 3204 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:10:02.0164 3204 RasAuto - ok
12:10:02.0168 3204 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:10:02.0293 3204 Rasl2tp - ok
12:10:02.0299 3204 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:10:02.0428 3204 RasMan - ok
12:10:02.0432 3204 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:10:02.0497 3204 RasPppoe - ok
12:10:02.0501 3204 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:10:02.0564 3204 RasSstp - ok
12:10:02.0570 3204 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:10:02.0696 3204 rdbss - ok
12:10:02.0700 3204 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:10:02.0750 3204 rdpbus - ok
12:10:02.0753 3204 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:10:02.0869 3204 RDPCDD - ok
12:10:02.0874 3204 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:10:02.0992 3204 RDPENCDD - ok
12:10:02.0996 3204 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:10:03.0111 3204 RDPREFMP - ok
12:10:03.0116 3204 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:10:03.0241 3204 RdpVideoMiniport - ok
12:10:03.0246 3204 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:10:03.0436 3204 RDPWD - ok
12:10:03.0441 3204 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:10:03.0551 3204 rdyboost - ok
12:10:03.0555 3204 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:10:03.0629 3204 RemoteAccess - ok
12:10:03.0634 3204 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:10:03.0723 3204 RemoteRegistry - ok
12:10:03.0728 3204 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:10:03.0821 3204 RFCOMM - ok
12:10:03.0825 3204 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:10:03.0914 3204 RpcEptMapper - ok
12:10:03.0917 3204 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:10:04.0030 3204 RpcLocator - ok
12:10:04.0037 3204 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:10:04.0068 3204 RpcSs - ok
12:10:04.0072 3204 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:10:04.0135 3204 rspndr - ok
12:10:04.0143 3204 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:10:04.0266 3204 RTL8167 - ok
12:10:04.0270 3204 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:10:04.0283 3204 SamSs - ok
12:10:04.0288 3204 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013a\WNt500x64\Sandra.sys
12:10:04.0367 3204 SANDRA - ok
12:10:04.0370 3204 [ 40CBBCAFFDCFD3661119A2D3F892820C ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013a\RpcAgentSrv.exe
12:10:04.0449 3204 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
12:10:04.0449 3204 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
12:10:04.0454 3204 [ CCBF62280DAF6D94A4C73E391CDAC68C ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
12:10:04.0542 3204 SbieDrv - ok
12:10:04.0545 3204 [ 8A1F63C6EC01C56C9EC4C681E593FE34 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
12:10:04.0573 3204 SbieSvc - ok
12:10:04.0577 3204 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:10:04.0694 3204 sbp2port - ok
12:10:04.0699 3204 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:10:04.0786 3204 SCardSvr - ok
12:10:04.0790 3204 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:10:04.0910 3204 scfilter - ok
12:10:04.0922 3204 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:10:04.0980 3204 Schedule - ok
12:10:04.0984 3204 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:10:05.0091 3204 SCPolicySvc - ok
12:10:05.0096 3204 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:10:05.0228 3204 SDRSVC - ok
12:10:05.0241 3204 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
12:10:05.0280 3204 SDScannerService - ok
12:10:05.0293 3204 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
12:10:05.0336 3204 SDUpdateService - ok
12:10:05.0341 3204 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
12:10:05.0352 3204 SDWSCService - ok
12:10:05.0356 3204 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:10:05.0403 3204 secdrv - ok
12:10:05.0406 3204 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:10:05.0445 3204 seclogon - ok
12:10:05.0449 3204 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:10:05.0491 3204 SENS - ok
12:10:05.0494 3204 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:10:05.0558 3204 SensrSvc - ok
12:10:05.0561 3204 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:10:05.0593 3204 Serenum - ok
12:10:05.0597 3204 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:10:05.0632 3204 Serial - ok
12:10:05.0635 3204 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:10:05.0691 3204 sermouse - ok
12:10:05.0701 3204 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
12:10:05.0719 3204 ServiceLayer - ok
12:10:05.0728 3204 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:10:05.0798 3204 SessionEnv - ok
12:10:05.0801 3204 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:10:05.0859 3204 sffdisk - ok
12:10:05.0862 3204 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:10:05.0919 3204 sffp_mmc - ok
12:10:05.0921 3204 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:10:05.0979 3204 sffp_sd - ok
12:10:05.0982 3204 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:10:06.0015 3204 sfloppy - ok
12:10:06.0021 3204 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:10:06.0075 3204 SharedAccess - ok
12:10:06.0082 3204 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:10:06.0124 3204 ShellHWDetection - ok
12:10:06.0127 3204 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:10:06.0158 3204 SiSRaid2 - ok
12:10:06.0161 3204 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:10:06.0192 3204 SiSRaid4 - ok
12:10:06.0196 3204 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:10:06.0245 3204 Smb - ok
12:10:06.0250 3204 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:10:06.0292 3204 SNMPTRAP - ok
12:10:06.0295 3204 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:10:06.0326 3204 spldr - ok
12:10:06.0334 3204 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:10:06.0378 3204 Spooler - ok
12:10:06.0406 3204 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:10:06.0490 3204 sppsvc - ok
12:10:06.0495 3204 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:10:06.0551 3204 sppuinotify - ok
12:10:06.0558 3204 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:10:06.0606 3204 srv - ok
12:10:06.0612 3204 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:10:06.0649 3204 srv2 - ok
12:10:06.0654 3204 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:10:06.0687 3204 srvnet - ok
12:10:06.0692 3204 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:10:06.0730 3204 SSDPSRV - ok
12:10:06.0733 3204 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
12:10:06.0782 3204 SSPORT - ok
12:10:06.0786 3204 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:10:06.0841 3204 SstpSvc - ok
12:10:06.0844 3204 Steam Client Service - ok
12:10:06.0848 3204 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:10:06.0879 3204 stexstor - ok
12:10:06.0888 3204 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:10:06.0952 3204 stisvc - ok
12:10:06.0955 3204 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:10:07.0009 3204 swenum - ok
12:10:07.0016 3204 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:10:07.0063 3204 swprv - ok
12:10:07.0079 3204 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:10:07.0163 3204 SysMain - ok
12:10:07.0167 3204 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:10:07.0225 3204 TabletInputService - ok
12:10:07.0231 3204 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:10:07.0302 3204 TapiSrv - ok
12:10:07.0306 3204 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:10:07.0370 3204 TBS - ok
12:10:07.0387 3204 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:10:07.0468 3204 Tcpip - ok
12:10:07.0485 3204 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:10:07.0513 3204 TCPIP6 - ok
12:10:07.0519 3204 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:10:07.0566 3204 tcpipreg - ok
12:10:07.0571 3204 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:10:07.0616 3204 TDPIPE - ok
12:10:07.0620 3204 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:10:07.0676 3204 TDTCP - ok
12:10:07.0680 3204 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:10:07.0749 3204 tdx - ok
12:10:07.0753 3204 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:10:07.0807 3204 TermDD - ok
12:10:07.0816 3204 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:10:07.0896 3204 TermService - ok
12:10:07.0899 3204 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:10:07.0949 3204 Themes - ok
12:10:07.0952 3204 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:10:07.0981 3204 THREADORDER - ok
12:10:07.0985 3204 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:10:08.0048 3204 TrkWks - ok
12:10:08.0052 3204 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:10:08.0106 3204 TrustedInstaller - ok
12:10:08.0111 3204 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:10:08.0177 3204 tssecsrv - ok
12:10:08.0181 3204 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:10:08.0244 3204 TsUsbFlt - ok
12:10:08.0249 3204 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:10:08.0319 3204 tunnel - ok
12:10:08.0322 3204 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:10:08.0361 3204 uagp35 - ok
12:10:08.0367 3204 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:10:08.0494 3204 udfs - ok
12:10:08.0501 3204 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:10:08.0570 3204 UI0Detect - ok
12:10:08.0573 3204 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:10:08.0691 3204 uliagpkx - ok
12:10:08.0694 3204 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:10:08.0814 3204 umbus - ok
12:10:08.0819 3204 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:10:08.0866 3204 UmPass - ok
12:10:08.0872 3204 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:10:08.0920 3204 upnphost - ok
12:10:08.0924 3204 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:10:09.0017 3204 usbaudio - ok
12:10:09.0021 3204 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:10:09.0113 3204 usbccgp - ok
12:10:09.0117 3204 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:10:09.0238 3204 usbcir - ok
12:10:09.0241 3204 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:10:09.0290 3204 usbehci - ok
12:10:09.0295 3204 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:10:09.0349 3204 usbhub - ok
12:10:09.0352 3204 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:10:09.0399 3204 usbohci - ok
12:10:09.0402 3204 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:10:09.0454 3204 usbprint - ok
12:10:09.0457 3204 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
12:10:09.0592 3204 usbser - ok
12:10:09.0596 3204 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:10:09.0684 3204 USBSTOR - ok
12:10:09.0687 3204 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:10:09.0732 3204 usbuhci - ok
12:10:09.0736 3204 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:10:09.0862 3204 UxSms - ok
12:10:09.0865 3204 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:10:09.0879 3204 VaultSvc - ok
12:10:09.0882 3204 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
12:10:10.0054 3204 VClone - ok
12:10:10.0057 3204 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:10:10.0170 3204 vdrvroot - ok
12:10:10.0178 3204 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:10:10.0308 3204 vds - ok
12:10:10.0311 3204 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:10:10.0358 3204 vga - ok
12:10:10.0361 3204 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:10:10.0423 3204 VgaSave - ok
12:10:10.0427 3204 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:10:10.0547 3204 vhdmp - ok
12:10:10.0550 3204 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:10:10.0669 3204 viaide - ok
12:10:10.0672 3204 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:10:10.0788 3204 volmgr - ok
12:10:10.0794 3204 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:10:10.0872 3204 volmgrx - ok
12:10:10.0878 3204 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:10:11.0001 3204 volsnap - ok
12:10:11.0009 3204 [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
12:10:11.0188 3204 Vsdatant - ok
12:10:11.0192 3204 vsmon - ok
12:10:11.0196 3204 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:10:11.0242 3204 vsmraid - ok
12:10:11.0257 3204 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:10:11.0320 3204 VSS - ok
12:10:11.0323 3204 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:10:11.0369 3204 vwifibus - ok
12:10:11.0375 3204 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:10:11.0510 3204 W32Time - ok
12:10:11.0516 3204 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:10:11.0561 3204 WacomPen - ok
12:10:11.0565 3204 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:10:11.0688 3204 WANARP - ok
12:10:11.0690 3204 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:10:11.0717 3204 Wanarpv6 - ok
12:10:11.0731 3204 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:10:11.0877 3204 wbengine - ok
12:10:11.0883 3204 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:10:11.0921 3204 WbioSrvc - ok
12:10:11.0927 3204 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:10:12.0001 3204 wcncsvc - ok
12:10:12.0005 3204 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:10:12.0194 3204 WcsPlugInService - ok
12:10:12.0198 3204 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:10:12.0241 3204 Wd - ok
12:10:12.0251 3204 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:10:12.0384 3204 Wdf01000 - ok
12:10:12.0388 3204 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:10:12.0502 3204 WdiServiceHost - ok
12:10:12.0505 3204 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:10:12.0523 3204 WdiSystemHost - ok
12:10:12.0528 3204 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:10:12.0644 3204 WebClient - ok
12:10:12.0650 3204 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:10:12.0778 3204 Wecsvc - ok
12:10:12.0782 3204 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:10:12.0895 3204 wercplsupport - ok
12:10:12.0899 3204 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:10:13.0008 3204 WerSvc - ok
12:10:13.0011 3204 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:10:13.0071 3204 WfpLwf - ok
12:10:13.0074 3204 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:10:13.0121 3204 WIMMount - ok
12:10:13.0123 3204 WinDefend - ok
12:10:13.0128 3204 WinHttpAutoProxySvc - ok
12:10:13.0138 3204 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:10:13.0196 3204 Winmgmt - ok
12:10:13.0214 3204 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:10:13.0362 3204 WinRM - ok
12:10:13.0369 3204 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:10:13.0491 3204 WinUsb - ok
12:10:13.0515 3204 [ C5A88770B321C956109AA08EE0440B2A ] WiselinkPro C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
12:10:13.0606 3204 WiselinkPro ( UnsignedFile.Multi.Generic ) - warning
12:10:13.0606 3204 WiselinkPro - detected UnsignedFile.Multi.Generic (1)
12:10:13.0619 3204 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:10:13.0662 3204 Wlansvc - ok
12:10:13.0683 3204 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:10:13.0721 3204 wlidsvc - ok
12:10:13.0725 3204 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:10:13.0829 3204 WmiAcpi - ok
12:10:13.0836 3204 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:10:13.0887 3204 wmiApSrv - ok
12:10:13.0890 3204 WMPNetworkSvc - ok
12:10:13.0894 3204 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:10:13.0998 3204 WPCSvc - ok
12:10:14.0002 3204 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:10:14.0052 3204 WPDBusEnum - ok
12:10:14.0055 3204 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:10:14.0115 3204 ws2ifsl - ok
12:10:14.0119 3204 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:10:14.0236 3204 wscsvc - ok
12:10:14.0238 3204 WSearch - ok
12:10:14.0260 3204 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:10:14.0364 3204 wuauserv - ok
12:10:14.0369 3204 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:10:14.0469 3204 WudfPf - ok
12:10:14.0474 3204 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:10:14.0562 3204 WUDFRd - ok
12:10:14.0566 3204 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:10:14.0653 3204 wudfsvc - ok
12:10:14.0658 3204 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:10:14.0693 3204 WwanSvc - ok
12:10:14.0698 3204 ================ Scan global ===============================
12:10:14.0700 3204 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:10:14.0796 3204 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:10:14.0879 3204 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:10:14.0883 3204 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:10:14.0981 3204 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:10:15.0064 3204 [Global] - ok
12:10:15.0065 3204 ================ Scan MBR ==================================
12:10:15.0067 3204 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:10:15.0141 3204 \Device\Harddisk0\DR0 - ok
12:10:15.0148 3204 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:10:15.0206 3204 \Device\Harddisk1\DR1 - ok
12:10:15.0218 3204 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk2\DR2
12:10:15.0422 3204 \Device\Harddisk2\DR2 - ok
12:10:15.0432 3204 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk7\DR7
12:10:15.0569 3204 \Device\Harddisk7\DR7 - ok
12:10:15.0570 3204 ================ Scan VBR ==================================
12:10:15.0575 3204 [ 6B21BA14AF8DC0E1DC09D03B43A06E0A ] \Device\Harddisk0\DR0\Partition1
12:10:15.0578 3204 \Device\Harddisk0\DR0\Partition1 - ok
12:10:15.0586 3204 [ AFA6DC23AFCC8ADFB1F509A2A0825A40 ] \Device\Harddisk0\DR0\Partition2
12:10:15.0588 3204 \Device\Harddisk0\DR0\Partition2 - ok
12:10:15.0613 3204 [ 6CAD1F9CBC48A689747C076DD489D54A ] \Device\Harddisk1\DR1\Partition1
12:10:15.0614 3204 \Device\Harddisk1\DR1\Partition1 - ok
12:10:15.0617 3204 [ B458D84F9A0F6B053719697376AF4BA9 ] \Device\Harddisk2\DR2\Partition1
12:10:15.0618 3204 \Device\Harddisk2\DR2\Partition1 - ok
12:10:15.0623 3204 [ 9A5FF26C0A0355111550A77956EB6482 ] \Device\Harddisk7\DR7\Partition1
12:10:15.0624 3204 \Device\Harddisk7\DR7\Partition1 - ok
12:10:15.0624 3204 ============================================================
12:10:15.0624 3204 Scan finished
12:10:15.0624 3204 ============================================================
12:10:15.0632 1836 Detected object count: 4
12:10:15.0632 1836 Actual detected object count: 4
12:10:43.0352 1836 DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
12:10:43.0352 1836 DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:10:43.0355 1836 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:10:43.0355 1836 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:10:43.0359 1836 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:10:43.0359 1836 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:10:43.0362 1836 WiselinkPro ( UnsignedFile.Multi.Generic ) - skipped by user
12:10:43.0363 1836 WiselinkPro ( UnsignedFile.Multi.Generic ) - User select action: Skip


Das sind die "Funde".


VG

Yota

Alt 04.01.2013, 13:44   #8
markusg
/// Malware-holic
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hi,
Tja, und so was rächt sich natürlich...
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.01.2013, 18:55   #9
yota
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hallo,

danke für die Hilfe.

Obwohl ich SBSD über den TM deaktiviert hatte kam von Combo eine Medlung, dass der Task noch aktiv wäre.
Ehe ich den Task terminieren konnte fing Combo dann an zu scannen.
Windows Defender hatte ich generell deaktiviert, darum wundert es mich, dass im logfile die Software als aktiv angegeben wird. Kam auch keine Fehlermeldung wie bei SBSD.

Hier ist das logfile:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-04.03 - Hannes 04.01.2013  19:36:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8190.6362 [GMT 1:00]
ausgeführt von:: c:\users\Hannes\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\users\Hannes\Documents\Readiris.DUS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-04 bis 2013-01-04  ))))))))))))))))))))))))))))))
.
.
2013-01-04 18:39 . 2013-01-04 18:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-04 18:36 . 2013-01-04 18:36	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FE3A4B5-5967-4A49-A3BE-9E34FA9BF290}\offreg.dll
2013-01-04 10:58 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FE3A4B5-5967-4A49-A3BE-9E34FA9BF290}\mpengine.dll
2013-01-02 23:58 . 2013-01-02 23:58	404920	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-02 12:15 . 2013-01-02 12:15	--------	d-----w-	c:\program files\SiSoftware
2013-01-02 11:30 . 2009-01-25 11:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-01-02 11:30 . 2013-01-02 11:30	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-02 11:12 . 2013-01-02 11:12	308200	----a-w-	c:\windows\system32\javaws.exe
2013-01-02 11:12 . 2013-01-02 11:12	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-02 11:12 . 2013-01-02 11:12	188392	----a-w-	c:\windows\system32\javaw.exe
2013-01-02 11:12 . 2013-01-02 11:12	188392	----a-w-	c:\windows\system32\java.exe
2013-01-02 11:12 . 2013-01-02 11:12	--------	d-----w-	c:\program files\Java
2013-01-02 11:08 . 2013-01-02 11:08	--------	d-----w-	c:\program files\FastPictureViewer
2013-01-02 11:08 . 2013-01-02 11:08	--------	d-----w-	c:\windows\WICCodecs
2013-01-01 17:36 . 2013-01-01 17:36	--------	d-----w-	c:\program files (x86)\FileHippo.com
2013-01-01 17:33 . 2013-01-01 17:33	--------	d-----w-	c:\programdata\Panda Security
2013-01-01 17:32 . 2013-01-01 17:32	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2012-12-31 15:05 . 2012-12-31 15:05	--------	d-----w-	c:\program files\Microsoft Network Monitor 3
2012-12-31 13:32 . 2012-12-31 13:32	--------	d-----w-	c:\users\Hannes\AppData\Local\Programs
2012-12-31 13:32 . 2012-12-31 13:32	--------	d-----w-	c:\users\Hannes\AppData\Roaming\Malwarebytes
2012-12-31 13:32 . 2012-12-31 13:32	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-31 13:32 . 2012-12-31 13:32	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-31 13:32 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-31 11:59 . 2012-12-31 11:59	2914	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-28 19:09 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-12-28 19:09 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-12-28 19:09 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-12-28 19:09 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-12-28 19:09 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-12-28 19:09 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-12-28 19:09 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-12-28 19:09 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-12-28 19:09 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-12-23 16:22 . 2012-12-23 19:59	--------	d-----w-	c:\program files (x86)\uTorrent
2012-12-23 16:21 . 2013-01-03 00:18	--------	d-----w-	c:\users\Hannes\AppData\Roaming\uTorrent
2012-12-22 11:06 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 11:06 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-22 11:06 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-22 11:06 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-12 15:00 . 2012-11-14 05:53	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-12-12 15:00 . 2012-11-14 05:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-12-12 15:00 . 2012-11-14 01:44	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-12-12 15:00 . 2012-11-14 07:11	182816	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-12-12 15:00 . 2012-11-14 06:00	304640	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-12-12 15:00 . 2012-11-14 05:57	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-12-12 15:00 . 2012-11-14 05:46	248320	----a-w-	c:\windows\system32\ieui.dll
2012-12-12 15:00 . 2012-11-14 02:56	149552	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-12-12 15:00 . 2012-11-14 01:51	194048	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2012-12-12 15:00 . 2012-11-14 01:48	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-12-12 14:29 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 14:29 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-12 14:29 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-12 14:29 . 2012-10-04 17:41	424960	----a-w-	c:\windows\system32\KernelBase.dll
2012-12-12 14:29 . 2012-10-04 17:41	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-12-12 14:29 . 2012-10-04 17:45	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-12-12 14:29 . 2012-10-04 15:21	338432	----a-w-	c:\windows\system32\conhost.exe
2012-12-12 14:29 . 2012-10-04 16:47	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-12-09 16:00 . 2012-12-09 16:00	--------	d-----w-	c:\program files (x86)\Common Files\Nokia
2012-12-09 16:00 . 2012-12-09 16:00	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 11:12 . 2012-07-11 17:45	959976	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-02 11:12 . 2012-07-11 17:45	1081320	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-12-12 15:01 . 2012-01-03 16:39	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 15:55 . 2012-11-02 15:30	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 15:55 . 2012-11-02 15:30	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-13 20:29 . 2012-11-13 20:29	354216	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-10-16 08:38 . 2012-11-28 13:19	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:19	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:19	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-16 17:50	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 17:50	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 17:50	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 17:50	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f361b100-73c5-4793-8bcc-6e5c41510210}"= "c:\program files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f361b100-73c5-4793-8bcc-6e5c41510210}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f361b100-73c5-4793-8bcc-6e5c41510210}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f361b100-73c5-4793-8bcc-6e5c41510210}"= "c:\program files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f361b100-73c5-4793-8bcc-6e5c41510210}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013a\RpcAgentSrv.exe [2008-12-07 68760]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WiselinkPro;SAMSUNG WiselinkPro Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-02-17 3007488]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-10-22 11576]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll
TCP: Interfaces\{E68B764D-F3D4-48E0-B64A-1EBFB51C8D7A}: NameServer = 83.169.185.225,83.169.185.161
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
WebBrowser-{F361B100-73C5-4793-8BCC-6E5C41510210} - (no file)
HKLM-Run-ISW - (no file)
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1074799425-1621402076-3425223262-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1074799425-1621402076-3425223262-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-1074799425-1621402076-3425223262-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1074799425-1621402076-3425223262-1000)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1074799425-1621402076-3425223262-1000)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:d4,4d,e7,95,20,5d,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:ca,e2,d3,97,20,5d,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:5d,a5,10,4b,20,5d,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-04  19:41:20
ComboFix-quarantined-files.txt  2013-01-04 18:41
.
Vor Suchlauf: 12 Verzeichnis(se), 187.789.164.544 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 187.259.785.216 Bytes frei
.
- - End Of File - - F51D8ABB9481AB40BD63934169053B3D
         
--- --- ---


VG

Yota

Alt 05.01.2013, 15:06   #10
markusg
/// Malware-holic
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2013, 18:06   #11
yota
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hallo,

hier die Datei:

Adobe AIR Adobe Systems Incorporated 28.12.2012 3.5.0.880 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 03.01.2013 6,00MB 10.3.183.48 notwendig
Adobe Reader XI Adobe Systems Incorporated 02.01.2013 120MB 11.0.00 notwendig
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 14.09.2012 11.6.6.636 notwendig
Amazon Kindle Amazon 02.01.2013 notwendig
Amazon MP3-Downloader 1.0.9 22.02.2012 notwendig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 05.07.2012 26,2MB 8.0.881.0 notwendig
AnyDVD SlySoft 18.11.2012 7.1.1.0 notwendig
Apple Application Support Apple Inc. 03.01.2012 61,2MB 2.1.6 notwendig
Apple Software Update Apple Inc. 03.01.2012 2,38MB 2.1.3.127 notwendig
Application Profiles Advanced Micro Devices, Inc. 03.01.2012 361KB 2.0.4357.40145 notwendig
ASUSUpdate ASUSTeK Computer Inc. 05.07.2012 7.18.03 notwendig
Avira Free Antivirus Avira 11.12.2012 124MB 13.0.0.2890 notwendig
Bonjour Apple Inc. 03.01.2012 2,00MB 3.0.0.10 notwendig
Canon Camera Support Core Library Canon 05.07.2012 1,37MB 7.3.0.4 notwendig
Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon 05.07.2012 5,26MB 5.4.4 notwendig
Canon Camera Window DSLR 5 for ZoomBrowser EX Canon 05.07.2012 13,2MB 5.3.1 notwendig
Canon EOS Kiss_N REBEL_XT 350D WIA Driver Canon 05.07.2012 1,75MB 5.6 notwendig
CANON iMAGE GATEWAY MyCamera Download Plugin Canon Inc. 05.07.2012 3.1.1.2 notwendig
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 05.07.2012 1.9.0.9 notwendig
Canon MOV Decoder Canon Inc. 05.07.2012 1.8.0.7 notwendig
Canon MOV Encoder Canon Inc. 05.07.2012 1.7.0.3 notwendig
Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 05.07.2012 3.8.0.5 notwendig
Canon PhotoRecord Cisra 05.07.2012 80,4MB 02.02.03002 notwendig
Canon RAW Image Task for ZoomBrowser EX Canon 05.07.2012 6,53MB 2.2 notwendig
Canon Utilities Digital Photo Professional 2.0 Canon 05.07.2012 45,5MB 2.0 notwendig
Canon Utilities EOS Capture 1.5 Canon 05.07.2012 2,63MB 1.5 notwendig
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Inc. 05.07.2012 1.0.0.10 notwendig
Canon Utilities PhotoStitch 3.1 Canon 05.07.2012 1,79MB 3.1.16 notwendig
Canon Utilities Picture Style Editor Canon Inc. 05.07.2012 1.9.0.0 notwendig
Canon Utilities ZoomBrowser EX Canon Inc. 05.07.2012 6.7.2.33 notwendig
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 05.07.2012 1.5.1.10 notwendig
CCleaner Piriform 19.12.2012 3.26 notwendig
Chipkartenleser Treiberinstallation 28.10.2012 unnötig
CloneCD SlySoft 30.04.2012 notwendig
CloneDVD2 Elaborate Bytes 30.04.2012 2.9.3.0 notwendig
DivX-Setup DivX, LLC 02.01.2013 2.6.1.22 notwendig
Easy File Undelete MunSoft 07.07.2012 3.0 notwendig
EPU 05.07.2012 1.02.20 unbekannt
Express Gate DeviceVM, Inc. 03.01.2012 842MB 1.5.17.9 notwendig
FastPictureViewer Professional 1.9.287.0 (64-bit) Axel Rietschin Software Developments 02.01.2013 83,0MB 1.9.287.0 notwendig
FileHippo.com Update Checker 01.01.2013 notwendig
Free Audio Converter version 5.0.15.706 DVDVideoSoft Ltd. 09.07.2012 81,4MB 5.0.15.706 notwendig
HD Writer AE 2.6T Panasonic Corporation 23.06.2012 2.06.110.1031 notwendig
iCare Data Recovery 4.6.4 iCare Software 08.07.2012 6,94MB unnötig
IrfanView (remove only) Irfan Skiljan 02.01.2013 2,00MB 4.35 notwendig
Java 7 Update 10 (64-bit) Oracle 02.01.2013 127MB 7.0.100 notwendig
Java 7 Update 9 Oracle 14.09.2012 128MB 7.0.90 notwendig
JMicron JMB36X Driver JMicron Technology Corp. 02.01.2012 notwendig 1.00.0000
K-Lite Codec Pack 6.2.0 (64-bit) 15.05.2012 42,7MB 6.2.0 notwendig
K-Lite Codec Pack 8.9.5 (Full) 10.07.2012 54,1MB 8.9.5notwendig
LightScribe System Software LightScribe 08.07.2012 26,3MB 1.18.24.1 notwendig
Magic Workstation 0.94f Magic Technology 06.06.2012 unnötig
Magic: The Gathering — Duels of the Planeswalkers 2012 29.01.2012 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 31.12.2012 18,4MB 1.70.0.1100 notwendig
Media Go Sony 07.07.2012 102MB 2.1.392 notwendig
Media Go Video Playback Engine 1.88.103.12040 Sony 07.07.2012 20,0MB 1.88.103.12040 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 03.01.2012 38,8MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 03.01.2012 2,93MB 4.0.30319 notwendig
Microsoft Network Monitor 3.4 Microsoft Corporation 31.12.2012 11,2MB 3.4.2350.0 notwendig
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 Microsoft Corporation 31.12.2012 20,3MB 3.4.2350.0 notwendig
Microsoft Office Professional Plus 2010 Microsoft Corporation 03.01.2012 14.0.6029.1000 notwendig
Microsoft Silverlight Microsoft Corporation 20.05.2012 50,6MB 5.1.10411.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 18.06.2012 1,69MB 3.1.0000 notwendig
Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Corporation 23.06.2012 3,39MB 3.5.8080.0 notwendig
Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Corporation 23.06.2012 4,51MB 3.5.8080.0 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.06.2012 298KB 8.0.59193 notwendig
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 07.07.2012 2,64MB 8.0.51011 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 04.01.2012 250KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 02.01.2012 788KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 03.01.2012 788KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.01.2012 594KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.06.2012 222KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 30.01.2012 600KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 04.01.2012 15,0MB 10.0.30319 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 03.01.2012 12,2MB 10.0.40219 notwendig
Microsoft Works Microsoft Corporation 03.01.2012 269MB 08.05.0822 notwendig
Microsoft Works Suite-Add-Ins für Microsoft Word Microsoft Corporation 02.01.2012 47,6MB 8.0.0.0000 notwendig
MOBackup - Datensicherung für Outlook (Vollversion) Heiko Schröder 21.10.2012 7.0 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 03.01.2012 1,27MB 4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 03.01.2012 1,33MB 4.20.9876.0 notwendig
MTG Card Images for Magic Workstation 06.06.2012 176MB unnötig
MTG GamePack for Magic Workstation Magic Technology 06.06.2012 unnötig
MyTomTom 3.1.0.530 TomTom 07.05.2012 3.1.0.530 notwendig
Nero 9 Nero AG 29.06.2012 notwendig
Nero BurnLite 10 Nero AG 02.01.2013 56,3MB 10.0.10600 notwendig
Nero Update Nero AG 02.01.2013 1,43MB 1.0.0018 notwendig
Netscape Navigator (9.0.0.6) Netscape 27.02.2012 9.0.0.6 (en-US) notwendig
Nokia Connectivity Cable Driver Nokia 09.12.2012 3,95MB 7.1.92.0 notwendig
Nokia Suite Nokia 09.12.2012 3.6.36.0 notwendig
NWZ-S760 WALKMAN Guide Sony Corporation 07.07.2012 688KB 2.0.2.04130 notwendig
Paint.NET v3.5.10 dotPDN LLC 01.07.2012 10,6MB 3.60.0 notwendig
Panda USB Vaccine 1.0.1.4 Panda Security 01.01.2013 notwendig
PC Connectivity Solution Nokia 09.12.2012 21,2MB 12.0.48.0 notwendig
PC Probe II ASUSTeK Computer Inc. 05.07.2012 1.04.86 notwendig
PDF24 Creator 3.5.3 PDF24.org 08.01.2012 33,3MB notwendig
PowerLame (remove only) Marcel Dyka 01.09.2012 4,55MB 4.0 notwendig
Readiris Pro 10 02.01.2012 notwendig
Realtek Ethernet Controller Driver For Windows 7 Realtek 02.01.2012 7.21.531.2010 notwendig
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 02.01.2012 1,02MB 2.0.4.0 notwendig
Safari Apple Inc. 22.05.2012 104MB 5.34.57.2 notwendig
Samsung CLX-3170 Series Samsung Electronics CO.,LTD 02.01.2012 notwendig
SAMSUNG PC Share Manager SAMSUNG 08.07.2012 16,3MB 2.3.0 notwendig
Sandboxie 3.76 (64-bit) SANDBOXIE L.T.D 02.01.2013 3.76 notwendig
Serif PagePlus 11 Serif (Europe) Ltd 22.01.2012 292MB 11.1.1.004 notwendig
Serif PagePlus 11 Ressourcen Serif (Europe) Ltd 22.01.2012 265MB 11.1.0.007 notwendig
Setup-Start von Microsoft Works Suite 2006 02.01.2012 notwendig
SiSoftware Sandra Lite 2013a SiSoftware 02.01.2013 98,8MB 19.19.2013.1 notwendig
SmarThru 4 02.01.2012 notwendig
SmarThru PC Fax 02.01.2012 notwendig
Speakout Upper-intermediate ActiveBook Pearson Education 04.11.2012 notwendig
Spybot - Search & Destroy Safer-Networking Ltd. 02.01.2013 135MB 2.0.12 notwendig
Steam Valve Corporation 29.01.2012 1,59MB 1.0.0.0 notwendig
TeraCopy 2.27 Code Sector 26.06.2012 5,49MB notwendig
Timex Data Link USB 26.05.2012 1.3.0.94 notwendig
Timex Trainer 26.05.2012 1.03.036 notwendig
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 07.05.2012 1,88MB 1.0.2 notwendig
VirtualCloneDrive Elaborate Bytes 30.04.2012 notwendig
Visual Studio C++ 10.0 Runtime TomTom International B.V. 07.05.2012 8,00KB 10.0.0 notwendig
Windows Live Essentials Microsoft Corporation 18.06.2012 15.4.3555.0308 notwendig
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Nokia 09.12.2012 05/31/2012 7.1.2.0 notwendig
WinRAR 4.20 (64-bit) win.rar GmbH 02.01.2013 4.20.0 notwendig
xp-AntiSpy 3.98-2 Christian Taubenheim 15.06.2012 unnötig
ZoneAlarm Internet Security Suite Check Point 02.01.2012 250MB 10.1.079.000 notwendig
µTorrent 23.12.2012 3.1.3 notwendig


Adobe AIR Adobe Systems Incorporated 28.12.2012 3.5.0.880 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 03.01.2013 6,00MB 10.3.183.48 notwendig
Adobe Reader XI Adobe Systems Incorporated 02.01.2013 120MB 11.0.00 notwendig
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 14.09.2012 11.6.6.636 notwendig
Amazon Kindle Amazon 02.01.2013 notwendig
Amazon MP3-Downloader 1.0.9 22.02.2012 notwendig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 05.07.2012 26,2MB 8.0.881.0 notwendig
AnyDVD SlySoft 18.11.2012 7.1.1.0 notwendig
Apple Application Support Apple Inc. 03.01.2012 61,2MB 2.1.6 notwendig
Apple Software Update Apple Inc. 03.01.2012 2,38MB 2.1.3.127 notwendig
Application Profiles Advanced Micro Devices, Inc. 03.01.2012 361KB 2.0.4357.40145 notwendig
ASUSUpdate ASUSTeK Computer Inc. 05.07.2012 7.18.03 notwendig
Avira Free Antivirus Avira 11.12.2012 124MB 13.0.0.2890 notwendig
Bonjour Apple Inc. 03.01.2012 2,00MB 3.0.0.10 notwendig
Canon Camera Support Core Library Canon 05.07.2012 1,37MB 7.3.0.4 notwendig
Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon 05.07.2012 5,26MB 5.4.4 notwendig
Canon Camera Window DSLR 5 for ZoomBrowser EX Canon 05.07.2012 13,2MB 5.3.1 notwendig
Canon EOS Kiss_N REBEL_XT 350D WIA Driver Canon 05.07.2012 1,75MB 5.6 notwendig
CANON iMAGE GATEWAY MyCamera Download Plugin Canon Inc. 05.07.2012 3.1.1.2 notwendig
CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 05.07.2012 1.9.0.9 notwendig
Canon MOV Decoder Canon Inc. 05.07.2012 1.8.0.7 notwendig
Canon MOV Encoder Canon Inc. 05.07.2012 1.7.0.3 notwendig
Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 05.07.2012 3.8.0.5 notwendig
Canon PhotoRecord Cisra 05.07.2012 80,4MB 02.02.03002 notwendig
Canon RAW Image Task for ZoomBrowser EX Canon 05.07.2012 6,53MB 2.2 notwendig
Canon Utilities Digital Photo Professional 2.0 Canon 05.07.2012 45,5MB 2.0 notwendig
Canon Utilities EOS Capture 1.5 Canon 05.07.2012 2,63MB 1.5 notwendig
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Inc. 05.07.2012 1.0.0.10 notwendig
Canon Utilities PhotoStitch 3.1 Canon 05.07.2012 1,79MB 3.1.16 notwendig
Canon Utilities Picture Style Editor Canon Inc. 05.07.2012 1.9.0.0 notwendig
Canon Utilities ZoomBrowser EX Canon Inc. 05.07.2012 6.7.2.33 notwendig
Canon ZoomBrowser EX Memory Card Utility Canon Inc. 05.07.2012 1.5.1.10 notwendig
CCleaner Piriform 19.12.2012 3.26 notwendig
Chipkartenleser Treiberinstallation 28.10.2012 unnötig
CloneCD SlySoft 30.04.2012 notwendig
CloneDVD2 Elaborate Bytes 30.04.2012 2.9.3.0 notwendig
DivX-Setup DivX, LLC 02.01.2013 2.6.1.22 notwendig
Easy File Undelete MunSoft 07.07.2012 3.0 notwendig
EPU 05.07.2012 1.02.20 unbekannt
Express Gate DeviceVM, Inc. 03.01.2012 842MB 1.5.17.9 notwendig
FastPictureViewer Professional 1.9.287.0 (64-bit) Axel Rietschin Software Developments 02.01.2013 83,0MB 1.9.287.0 notwendig
FileHippo.com Update Checker 01.01.2013 notwendig
Free Audio Converter version 5.0.15.706 DVDVideoSoft Ltd. 09.07.2012 81,4MB 5.0.15.706 notwendig
HD Writer AE 2.6T Panasonic Corporation 23.06.2012 2.06.110.1031 notwendig
iCare Data Recovery 4.6.4 iCare Software 08.07.2012 6,94MB unnötig
IrfanView (remove only) Irfan Skiljan 02.01.2013 2,00MB 4.35 notwendig
Java 7 Update 10 (64-bit) Oracle 02.01.2013 127MB 7.0.100 notwendig
Java 7 Update 9 Oracle 14.09.2012 128MB 7.0.90 notwendig
JMicron JMB36X Driver JMicron Technology Corp. 02.01.2012 notwendig 1.00.0000
K-Lite Codec Pack 6.2.0 (64-bit) 15.05.2012 42,7MB 6.2.0 notwendig
K-Lite Codec Pack 8.9.5 (Full) 10.07.2012 54,1MB 8.9.5notwendig
LightScribe System Software LightScribe 08.07.2012 26,3MB 1.18.24.1 notwendig
Magic Workstation 0.94f Magic Technology 06.06.2012 unnötig
Magic: The Gathering — Duels of the Planeswalkers 2012 29.01.2012 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 31.12.2012 18,4MB 1.70.0.1100 notwendig
Media Go Sony 07.07.2012 102MB 2.1.392 notwendig
Media Go Video Playback Engine 1.88.103.12040 Sony 07.07.2012 20,0MB 1.88.103.12040 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 03.01.2012 38,8MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 03.01.2012 2,93MB 4.0.30319 notwendig
Microsoft Network Monitor 3.4 Microsoft Corporation 31.12.2012 11,2MB 3.4.2350.0 notwendig
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 Microsoft Corporation 31.12.2012 20,3MB 3.4.2350.0 notwendig
Microsoft Office Professional Plus 2010 Microsoft Corporation 03.01.2012 14.0.6029.1000 notwendig
Microsoft Silverlight Microsoft Corporation 20.05.2012 50,6MB 5.1.10411.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 18.06.2012 1,69MB 3.1.0000 notwendig
Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Corporation 23.06.2012 3,39MB 3.5.8080.0 notwendig
Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Corporation 23.06.2012 4,51MB 3.5.8080.0 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.06.2012 298KB 8.0.59193 notwendig
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 07.07.2012 2,64MB 8.0.51011 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 04.01.2012 250KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 02.01.2012 788KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 03.01.2012 788KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.01.2012 594KB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.06.2012 222KB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 30.01.2012 600KB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 04.01.2012 15,0MB 10.0.30319 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 03.01.2012 12,2MB 10.0.40219 notwendig
Microsoft Works Microsoft Corporation 03.01.2012 269MB 08.05.0822 notwendig
Microsoft Works Suite-Add-Ins für Microsoft Word Microsoft Corporation 02.01.2012 47,6MB 8.0.0.0000 notwendig
MOBackup - Datensicherung für Outlook (Vollversion) Heiko Schröder 21.10.2012 7.0 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 03.01.2012 1,27MB 4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 03.01.2012 1,33MB 4.20.9876.0 notwendig
MTG Card Images for Magic Workstation 06.06.2012 176MB unnötig
MTG GamePack for Magic Workstation Magic Technology 06.06.2012 unnötig
MyTomTom 3.1.0.530 TomTom 07.05.2012 3.1.0.530 notwendig
Nero 9 Nero AG 29.06.2012 notwendig
Nero BurnLite 10 Nero AG 02.01.2013 56,3MB 10.0.10600 notwendig
Nero Update Nero AG 02.01.2013 1,43MB 1.0.0018 notwendig
Netscape Navigator (9.0.0.6) Netscape 27.02.2012 9.0.0.6 (en-US) notwendig
Nokia Connectivity Cable Driver Nokia 09.12.2012 3,95MB 7.1.92.0 notwendig
Nokia Suite Nokia 09.12.2012 3.6.36.0 notwendig
NWZ-S760 WALKMAN Guide Sony Corporation 07.07.2012 688KB 2.0.2.04130 notwendig
Paint.NET v3.5.10 dotPDN LLC 01.07.2012 10,6MB 3.60.0 notwendig
Panda USB Vaccine 1.0.1.4 Panda Security 01.01.2013 notwendig
PC Connectivity Solution Nokia 09.12.2012 21,2MB 12.0.48.0 notwendig
PC Probe II ASUSTeK Computer Inc. 05.07.2012 1.04.86 notwendig
PDF24 Creator 3.5.3 PDF24.org 08.01.2012 33,3MB notwendig
PowerLame (remove only) Marcel Dyka 01.09.2012 4,55MB 4.0 notwendig
Readiris Pro 10 02.01.2012 notwendig
Realtek Ethernet Controller Driver For Windows 7 Realtek 02.01.2012 7.21.531.2010 notwendig
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 02.01.2012 1,02MB 2.0.4.0 notwendig
Safari Apple Inc. 22.05.2012 104MB 5.34.57.2 notwendig
Samsung CLX-3170 Series Samsung Electronics CO.,LTD 02.01.2012 notwendig
SAMSUNG PC Share Manager SAMSUNG 08.07.2012 16,3MB 2.3.0 notwendig
Sandboxie 3.76 (64-bit) SANDBOXIE L.T.D 02.01.2013 3.76 notwendig
Serif PagePlus 11 Serif (Europe) Ltd 22.01.2012 292MB 11.1.1.004 notwendig
Serif PagePlus 11 Ressourcen Serif (Europe) Ltd 22.01.2012 265MB 11.1.0.007 notwendig
Setup-Start von Microsoft Works Suite 2006 02.01.2012 notwendig
SiSoftware Sandra Lite 2013a SiSoftware 02.01.2013 98,8MB 19.19.2013.1 notwendig
SmarThru 4 02.01.2012 notwendig
SmarThru PC Fax 02.01.2012 notwendig
Speakout Upper-intermediate ActiveBook Pearson Education 04.11.2012 notwendig
Spybot - Search & Destroy Safer-Networking Ltd. 02.01.2013 135MB 2.0.12 notwendig
Steam Valve Corporation 29.01.2012 1,59MB 1.0.0.0 notwendig
TeraCopy 2.27 Code Sector 26.06.2012 5,49MB notwendig
Timex Data Link USB 26.05.2012 1.3.0.94 notwendig
Timex Trainer 26.05.2012 1.03.036 notwendig
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 07.05.2012 1,88MB 1.0.2 notwendig
VirtualCloneDrive Elaborate Bytes 30.04.2012 notwendig
Visual Studio C++ 10.0 Runtime TomTom International B.V. 07.05.2012 8,00KB 10.0.0 notwendig
Windows Live Essentials Microsoft Corporation 18.06.2012 15.4.3555.0308 notwendig
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Nokia 09.12.2012 05/31/2012 7.1.2.0 notwendig
WinRAR 4.20 (64-bit) win.rar GmbH 02.01.2013 4.20.0 notwendig
xp-AntiSpy 3.98-2 Christian Taubenheim 15.06.2012 unnötig
ZoneAlarm Internet Security Suite Check Point 02.01.2012 250MB 10.1.079.000 notwendig
µTorrent 23.12.2012 3.1.3 notwendig

VG

Yota

Alt 05.01.2013, 18:12   #12
markusg
/// Malware-holic
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Chipkartenleser
iCare
Java 7 Update 9
Magic Workstation
Spybot : verzichte drauf,nicht mehr hilfreich
ZoneAlarm : verzichte drauf, windows firewall ist gut genug + router, mehr ist nicht nötig

Öffne Ccleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2013, 20:46   #13
yota
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hallo,

hier die Datei:

# AdwCleaner v2.104 - Datei am 05/01/2013 um 21:39:23 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Hannes - K*******
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Windows\SysWOW64\conduitEngine.tmp
Ordner Gefunden : C:\Program Files (x86)\ZoneAlarm_Deutsch
Ordner Gefunden : C:\Users\Hannes\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Hannes\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Hannes\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Hannes\AppData\LocalLow\ZoneAlarm_Deutsch

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ZoneAlarm_Deutsch
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE835EBC-F85D-46AD-80B2-0FB4E3444E08}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F361B100-73C5-4793-8BCC-6E5C41510210}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE835EBC-F85D-46AD-80B2-0FB4E3444E08}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F361B100-73C5-4793-8BCC-6E5C41510210}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3123776
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE835EBC-F85D-46AD-80B2-0FB4E3444E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE835EBC-F85D-46AD-80B2-0FB4E3444E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F361B100-73C5-4793-8BCC-6E5C41510210}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{09E2FC20-F18C-41E2-8422-9D83F14FA9BA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{660C3182-C961-477D-BAE6-8D6A5AB6417F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F361B100-73C5-4793-8BCC-6E5C41510210}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm_Deutsch Toolbar
Schlüssel Gefunden : HKLM\Software\ZoneAlarm_Deutsch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKU\S-1-5-21-1074799425-1621402076-3425223262-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F361B100-73C5-4793-8BCC-6E5C41510210}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F361B100-73C5-4793-8BCC-6E5C41510210}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F361B100-73C5-4793-8BCC-6E5C41510210}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F361B100-73C5-4793-8BCC-6E5C41510210}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Hannes\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4678 octets] - [05/01/2013 21:39:23]

########## EOF - C:\AdwCleaner[R1].txt - [4738 octets] ##########


Bezüglich der zone alarm würde ich die gern draulassen.
Alternative zu Spybot?


VG

Yota

Alt 06.01.2013, 17:14   #14
markusg
/// Malware-holic
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



malwarebytes ist die Alternative.
naja, du musst ja wissen, wofür du die Resourcen deines PC's verschwendest, mit Zonealarm sind sie zumindest nicht sinnvoll genutzt.
geholfen hat die Software hier zumindest kein Stück.
Es ist nämlich quark, sich so viel "Sicherheitssoftware" wie möglich zu instalieren, eine vernünftige Konfiguration des PC's ist wesendlich wichtiger.
dazu später.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Neustarten bitte, testen, wie der PC läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 19:12   #15
yota
 
Bundestrojaner / JAVA/Jogek.QK - Standard

Bundestrojaner / JAVA/Jogek.QK



Hallo,

hm, das ist ein Argument.
Zone Alarm läuft noch ein paar Monate (kostenpflichtig) dann werde ich mir überlegen, es auslaufen zu lassen.
Und Spybot gegen AntiMalwarebytes, okay.
Avira Antivirus läuft bei mir als freeware. Gut? Oder Änderungen?

Hier die log-Datei:

# AdwCleaner v2.104 - Datei am 06/01/2013 um 20:01:08 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Hannes - KATZEBOHMHMM-SD
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files (x86)\ZoneAlarm_Deutsch
Ordner Gelöscht : C:\Users\Hannes\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Hannes\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Hannes\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Hannes\AppData\LocalLow\ZoneAlarm_Deutsch

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ZoneAlarm_Deutsch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE835EBC-F85D-46AD-80B2-0FB4E3444E08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F361B100-73C5-4793-8BCC-6E5C41510210}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE835EBC-F85D-46AD-80B2-0FB4E3444E08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F361B100-73C5-4793-8BCC-6E5C41510210}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3123776
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE835EBC-F85D-46AD-80B2-0FB4E3444E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE835EBC-F85D-46AD-80B2-0FB4E3444E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F361B100-73C5-4793-8BCC-6E5C41510210}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{09E2FC20-F18C-41E2-8422-9D83F14FA9BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{660C3182-C961-477D-BAE6-8D6A5AB6417F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F361B100-73C5-4793-8BCC-6E5C41510210}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm_Deutsch Toolbar
Schlüssel Gelöscht : HKLM\Software\ZoneAlarm_Deutsch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F361B100-73C5-4793-8BCC-6E5C41510210}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F361B100-73C5-4793-8BCC-6E5C41510210}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F361B100-73C5-4793-8BCC-6E5C41510210}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F361B100-73C5-4793-8BCC-6E5C41510210}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Hannes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Hannes\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4799 octets] - [05/01/2013 21:39:23]
AdwCleaner[S1].txt - [4578 octets] - [06/01/2013 20:01:08]

########## EOF - C:\AdwCleaner[S1].txt - [4638 octets] ##########


Habe nur einmal neu starten müssen.
Startvorgang aber im Moment langsam gegenüber früher trotz SSD.

VG

Yota

Antwort

Themen zu Bundestrojaner / JAVA/Jogek.QK
avira, bundestrojaner, converter, eingefroren, excel, exploit.drop.gsa, fernzugriff, format, frage, install.exe, java/jogek.qj, java/jogek.qk, logfile, netgear, ntdll.dll, programm, realtek, registry, richtlinie, rundll, security, server, svchost.exe, taskhost.exe, trojan.fakems, trojan.ransom.sugen, version., visual studio, warnung, windows, wuauclt.exe, zone alarm



Ähnliche Themen: Bundestrojaner / JAVA/Jogek.QK


  1. EXP/CVE-2013-0422.A1.Gen und JAVA/Jogek.ay* in tmp-Datei (musste Beitrag splitten, da zu lang)
    Log-Analyse und Auswertung - 10.10.2015 (8)
  2. Windows 7 - Avira meldet Java-Virus JAVA/Jogek.MQ
    Log-Analyse und Auswertung - 29.01.2014 (14)
  3. Bluescreen - JOGEK.AKA hat zugeschlagen
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (17)
  4. TR/Spy.Lurk.21 und JAVA/Jogek.auk.1 mehrfach gefunden
    Log-Analyse und Auswertung - 09.09.2013 (35)
  5. Windows 7 Java/Jogek EXP/CVE-2013-1493
    Log-Analyse und Auswertung - 09.08.2013 (1)
  6. Java Virus Java/Jogek.QK von Avira Antivirus gefunden Win 7 64 bit
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (7)
  7. TR/Ransom, JAVA/Jogek.xxx u.a.
    Log-Analyse und Auswertung - 22.06.2013 (7)
  8. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  9. Virus JAVA/Jogek.cjy unbekannt, Verbindung mit Polizeivirus?
    Log-Analyse und Auswertung - 24.05.2013 (7)
  10. Antivirus hat JAVA/Jogek.HR und JAVA/Jogek.btj gefunden
    Log-Analyse und Auswertung - 12.05.2013 (9)
  11. JAVA/Jogek und andere Nervensägen
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (7)
  12. Exploits EXP/CVE-2013-0422.I + Javavirus JAVA/Jogek.WW
    Log-Analyse und Auswertung - 21.02.2013 (19)
  13. Bekämpfung von JAVA/Jogek.HR
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (11)
  14. Java/Jogek.QK gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.02.2013 (11)
  15. JAVA/Jogek
    Log-Analyse und Auswertung - 31.01.2013 (14)
  16. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  17. Niederländischer Virus (ähnlich BKA Virus) und Java/jogek.qk und Java/jogek.qj
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (37)

Zum Thema Bundestrojaner / JAVA/Jogek.QK - Hallo, und schönes neues Jahr zusammen! gestern habe ich meinen Rechner mit einem Verschlüsselungs-Trojaner infiziert. Ich benutze windows 7 / 64 bit home premium. Sicherheitssoftware: zone alarm internet security suite - Bundestrojaner / JAVA/Jogek.QK...
Archiv
Du betrachtest: Bundestrojaner / JAVA/Jogek.QK auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.