Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: neuer Postbank-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.01.2013, 21:20   #1
Yettex
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



Moin,
ganz kurz: neue Postbankmasche. Auf ein Email-Postfach wurde eine Mail, dargestellt als offizielles von der Postbank, geschickt, mit externem Link (als Button). Auf der Seite soll nur die Mailadresse des Postbank-Kunden eingegeben werden. (keine Bankdaten! Linkadresse habe ich nicht.)

Ich vermute, dass
a) ein Programm vorher den Firefox Browser ausspioniert hat (wegen Postbank + Mailadresse rausgefunden) und
b) durch das unaufmerksame klicken auf den Link ein neuer Trojaner heruntergeladen wurde.

Avira hab ich durchlaufen lassen (freeware, aktuellste Version), den Verlauf habe ich unten gepostet. (Ist das auch ein sog. Log?) Oder soll ich Malwarebytes auch durchlaufen lassen?
Wollt ihr evtl auch einen Screenshot von der Mail?

Ich habe berechtigte bedenken, ob der PC nicht noch weiter verseucht ist. (nicht meiner, sondern der vom Vater) Daher der Vollscan "mit Anleitung von Profis". Ich hoffe ich hab mit kurz genug gebunden.
Vielen Dank schonmal für eure Hilfe!

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 8. Januar 2013  17:50


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : Uwe
Computername   : UWE-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.2890    48567 Bytes  05.12.2012 17:11:00
AVSCAN.EXE     : 13.6.0.402    639264 Bytes  11.12.2012 12:02:45
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  11.12.2012 12:02:45
LUKE.DLL       : 13.6.0.400     67360 Bytes  11.12.2012 12:02:51
AVSCPLR.DLL    : 13.6.0.402     93984 Bytes  10.12.2012 17:45:17
AVREG.DLL      : 13.6.0.406    248096 Bytes  10.12.2012 17:45:17
avlode.dll     : 13.6.1.402    428832 Bytes  10.12.2012 11:45:16
avlode.rdf     : 13.0.0.26       7958 Bytes  10.12.2012 11:45:16
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 13:50:29
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 13:50:31
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 13:50:34
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 13:50:36
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 13:50:37
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 13:42:40
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 13:42:40
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 14:46:37
VBASE008.VDF   : 7.11.55.142  2214912 Bytes  03.01.2013 11:49:12
VBASE009.VDF   : 7.11.55.143     2048 Bytes  03.01.2013 11:49:12
VBASE010.VDF   : 7.11.55.144     2048 Bytes  03.01.2013 11:49:12
VBASE011.VDF   : 7.11.55.145     2048 Bytes  03.01.2013 11:49:12
VBASE012.VDF   : 7.11.55.146     2048 Bytes  03.01.2013 11:49:12
VBASE013.VDF   : 7.11.55.196   260096 Bytes  04.01.2013 11:59:24
VBASE014.VDF   : 7.11.56.23    206848 Bytes  07.01.2013 18:38:07
VBASE015.VDF   : 7.11.56.24      2048 Bytes  07.01.2013 18:38:07
VBASE016.VDF   : 7.11.56.25      2048 Bytes  07.01.2013 18:38:07
VBASE017.VDF   : 7.11.56.26      2048 Bytes  07.01.2013 18:38:07
VBASE018.VDF   : 7.11.56.27      2048 Bytes  07.01.2013 18:38:07
VBASE019.VDF   : 7.11.56.28      2048 Bytes  07.01.2013 18:38:07
VBASE020.VDF   : 7.11.56.29      2048 Bytes  07.01.2013 18:38:07
VBASE021.VDF   : 7.11.56.30      2048 Bytes  07.01.2013 18:38:07
VBASE022.VDF   : 7.11.56.31      2048 Bytes  07.01.2013 18:38:07
VBASE023.VDF   : 7.11.56.32      2048 Bytes  07.01.2013 18:38:07
VBASE024.VDF   : 7.11.56.33      2048 Bytes  07.01.2013 18:38:07
VBASE025.VDF   : 7.11.56.34      2048 Bytes  07.01.2013 18:38:07
VBASE026.VDF   : 7.11.56.35      2048 Bytes  07.01.2013 18:38:07
VBASE027.VDF   : 7.11.56.36      2048 Bytes  07.01.2013 18:38:07
VBASE028.VDF   : 7.11.56.37      2048 Bytes  07.01.2013 18:38:07
VBASE029.VDF   : 7.11.56.38      2048 Bytes  07.01.2013 18:38:08
VBASE030.VDF   : 7.11.56.39      2048 Bytes  07.01.2013 18:38:08
VBASE031.VDF   : 7.11.56.68    111104 Bytes  08.01.2013 11:36:56
Engineversion  : 8.2.10.224
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55
AESCRIPT.DLL   : 8.1.4.78      467323 Bytes  20.12.2012 19:48:34
AESCN.DLL      : 8.1.10.0      131445 Bytes  13.12.2012 18:50:24
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL      : 8.2.0.74      643445 Bytes  11.11.2012 14:44:09
AEPACK.DLL     : 8.3.1.2       819574 Bytes  20.12.2012 19:48:34
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 15:41:48
AEHEUR.DLL     : 8.1.4.168    5628280 Bytes  20.12.2012 19:48:34
AEHELP.DLL     : 8.1.25.2      258423 Bytes  16.10.2012 11:58:10
AEGEN.DLL      : 8.1.6.12      434549 Bytes  13.12.2012 18:50:24
AEEXP.DLL      : 8.3.0.4       184692 Bytes  20.12.2012 19:48:34
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55
AECORE.DLL     : 8.1.30.0      201079 Bytes  13.12.2012 18:50:24
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 15:41:45
AVWINLL.DLL    : 13.4.0.163     25888 Bytes  19.09.2012 17:09:30
AVPREF.DLL     : 13.4.0.360     50464 Bytes  11.12.2012 12:02:45
AVREP.DLL      : 13.4.0.360    177952 Bytes  10.12.2012 17:45:17
AVARKT.DLL     : 13.6.0.402    260384 Bytes  11.12.2012 12:02:43
AVEVTLOG.DLL   : 13.6.0.400    167200 Bytes  11.12.2012 12:02:44
SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL     : 13.4.0.163     62240 Bytes  19.09.2012 17:08:54
NETNT.DLL      : 13.4.0.360     15648 Bytes  11.12.2012 12:02:51
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  11.12.2012 12:02:21
RCTEXT.DLL     : 13.4.0.360     68384 Bytes  11.12.2012 12:02:21

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 8. Januar 2013  17:50

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'Taskmgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess '[verify-U]-Service.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess '64barsvc.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WlanNetService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'netzmanager.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'FacebookMessenger.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess '[verify-U]-Software.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMERunner.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ManyCam.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdSync.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess '64brmon.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess '64SrchMn.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1553' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
    [0] Archivtyp: RSRC
    --> C:\Users\Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQHTHUT2\Firefox_Setup_6.0[1].exe
        [1] Archivtyp: Runtime Packed
      --> Object
          [WARNUNG]   Die Datei konnte nicht gelesen werden!
C:\Users\Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQHTHUT2\Firefox_Setup_6.0[1].exe
  [WARNUNG]   Die Datei konnte nicht gelesen werden!
    --> C:\Users\Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQHTHUT2\Firefox_Setup_6.0[2].exe
        [1] Archivtyp: Runtime Packed
      --> Object
          [WARNUNG]   Die Datei konnte nicht gelesen werden!
C:\Users\Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQHTHUT2\Firefox_Setup_6.0[2].exe
  [WARNUNG]   Die Datei konnte nicht gelesen werden!
C:\Users\Uwe\AppData\Local\Temp\YontooSetup-Silent.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
    --> C:\Users\Uwe\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
        [1] Archivtyp: Runtime Packed
      --> C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\22e43b9c-46004ee3
          [2] Archivtyp: ZIP
        --> H_e2a/H_e2a.class
            [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.EZ.1
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> H_e2a/H_e2c.class
            [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.A.310
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> H_e2a/H_e2b.class
            [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Karame.AJ
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> H_e2a/H_e2d.class
            [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.FA.1
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\22e43b9c-46004ee3
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.FA.1
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'E:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\Uwe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\22e43b9c-46004ee3
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.FA.1
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57b3fd66.qua' verschoben!
C:\Users\Uwe\AppData\Local\Temp\YontooSetup-Silent.exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f2fd29e.qua' verschoben!


Ende des Suchlaufs: Dienstag, 8. Januar 2013  18:59
Benötigte Zeit:  1:08:18 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  33108 Verzeichnisse wurden überprüft
 518812 Dateien wurden geprüft
      6 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 518806 Dateien ohne Befall
   4408 Archive wurden durchsucht
      6 Warnungen
      2 Hinweise
         

Alt 08.01.2013, 21:24   #2
markusg
/// Malware-holic
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



Hi
leite sie mir mal weiter, wie das geht, steht in meiner Sig.
__________________

__________________

Alt 08.01.2013, 21:38   #3
Yettex
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



Zitat:
Zitat von markusg Beitrag anzeigen
Hi
leite sie mir mal weiter, wie das geht, steht in meiner Sig.
Ist getan. LG
__________________

Alt 08.01.2013, 21:43   #4
markusg
/// Malware-holic
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



Hi
das mit der Postbank kann auch nen Zufall gewesen sein, leider funktioniert die Weiterleitung bei mir nicht mehr, aber der link führt auf jeden fall nicht zur postbank, wir gucken uns den PC mal an:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.01.2013, 22:40   #5
Yettex
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



viel text...
OTL.txt
Code:
ATTFilter
OTL logfile created on: 08.01.2013 22:17:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uwe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 68,83% Memory free
6,69 Gb Paging File | 5,69 Gb Available in Paging File | 85,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,27 Gb Total Space | 72,08 Gb Free Space | 32,00% Space Free | Partition Type: NTFS
Drive D: | 11,72 Gb Total Space | 11,61 Gb Free Space | 99,10% Space Free | Partition Type: NTFS
Drive E: | 59,15 Gb Total Space | 59,06 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: UWE-PC | User Name: Uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.08 22:09:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe
PRC - [2012.12.11 13:02:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 13:02:45 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.12.11 13:02:45 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.12.11 13:02:44 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 13:02:44 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.10.19 01:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.10.16 19:17:19 | 000,042,536 | ---- | M] (MindSpark) -- C:\Programme\TelevisionFanatic\bar\1.bin\64SrchMn.exe
PRC - [2012.10.16 19:17:19 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe
PRC - [2012.10.16 19:17:19 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe
PRC - [2012.10.10 08:39:42 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Programme\Ask.com\CallingIDSDK\CIDGlobalLight.exe
PRC - [2012.08.28 06:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.08.28 06:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.07.20 13:01:51 | 014,134,784 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.28 11:23:14 | 000,143,360 | ---- | M] (Cybit AG) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.14 14:04:02 | 000,475,136 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]-Software.exe
PRC - [2006.12.28 00:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.17 12:14:00 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0fe45f0908e1c17f9aca39670d35e3a7\System.Core.ni.dll
MOD - [2012.11.17 12:13:55 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012.11.17 12:12:53 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6be544795f68114304a2efdd502a52f0\System.IdentityModel.ni.dll
MOD - [2012.11.17 12:12:52 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\68c89abe0ec8381863d6bb18539504f9\System.Runtime.Serialization.ni.dll
MOD - [2012.11.17 12:12:49 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2d737eebab3321e31bf20296d04a0e1a\System.ServiceModel.ni.dll
MOD - [2012.11.17 12:12:49 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\949339bed597380b8fb6dd2dc97d8006\SMDiagnostics.ni.dll
MOD - [2012.11.17 12:12:21 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
MOD - [2012.11.17 12:12:11 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1f0ff07c7fa3ef235a9e2b3b6a49db04\System.EnterpriseServices.ni.dll
MOD - [2012.11.17 12:12:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\850a371af19c00078a8cfbee763fb449\System.Transactions.ni.dll
MOD - [2012.11.17 12:12:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012.11.17 12:10:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012.11.17 12:10:21 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012.11.17 12:10:12 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012.11.17 12:10:02 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll
MOD - [2012.11.17 12:09:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39cc0e726e5b80a46337fa969cde2b66\PresentationFramework.Aero.ni.dll
MOD - [2012.11.17 12:09:54 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fb15c044e4e7d611a5cbe5a1aa6db455\PresentationFramework.ni.dll
MOD - [2012.11.17 12:09:21 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\09ab834223f9c860f08de8d58688b1a3\PresentationCore.ni.dll
MOD - [2012.11.17 12:09:00 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\0e3cff5f58a9a75de7fcac112c8bbca0\WindowsBase.ni.dll
MOD - [2012.11.17 12:08:55 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012.11.17 12:08:38 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 05:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.02.18 19:39:53 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2008.03.04 12:11:54 | 000,856,576 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]_Software.dll
MOD - [2008.01.14 14:04:02 | 000,475,136 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]-Software.exe
MOD - [2006.12.10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.11 19:33:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.11 13:02:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 13:02:45 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.12.11 13:02:44 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.05 16:31:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.16 19:17:19 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Programme\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
SRV - [2012.08.28 06:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.29 15:15:07 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Programme\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.28 11:23:14 | 000,143,360 | ---- | M] (Cybit AG) [verify-U]) [verify-U]-Service [Auto | Running] -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe -- ([verify-U])
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.12.28 00:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.11 13:02:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 13:02:53 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.13 13:01:57 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.11.07 15:21:18 | 000,016,128 | ---- | M] (Cybits AG) [verify-U]_System) [verify-U]_System [Kernel | System | Running] -- C:\Windows\System32\drivers\[verify-U]-driver.sys -- ([verify-U]_System)
DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.04.06 01:06:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2005.01.31 09:13:22 | 000,163,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV532AV.SYS -- (PID_0920)
DRV - [2005.01.31 09:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.01.19 10:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80772
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80772&lng=de
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=61531&ptb=367EF4EA-7F80-412A-BBA6-960D8F1A72D4&psa=&ind=2012103113&st=sb&n=77ee41c9&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XPxdm049YYde&ptb=367EF4EA-7F80-412A-BBA6-960D8F1A72D4&si=61531
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {a5b9c0f5-5616-47cd-a95f-e43b488faccf}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=060612_5_&babsrc=SP_ss&mntrId=9072714d000000000000001a92b6d9a2
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=61531&ptb=367EF4EA-7F80-412A-BBA6-960D8F1A72D4&psa=&ind=2012103113&st=sb&n=77ee41c9&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{BFA0E7E0-0635-451D-AA0A-724E14F03050}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f2bd560a-bc59-462f-9a6f-d4accff60346&apn_sauid=08F2E1EA-D940-4FBD-ABB8-75212DC73A87
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80772&lng=de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Uwe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Uwe\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.03 16:09:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files\TelevisionFanatic\bar\1.bin [2012.10.16 19:17:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 16:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 16:31:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 16:31:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 16:31:00 | 000,000,000 | ---D | M]
 
[2012.12.05 16:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.05 16:30:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.05 16:30:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.12.05 16:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.12.05 16:30:58 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012.12.05 16:31:08 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.23 14:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.06.21 11:31:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.10 15:39:17 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 06:41:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.21 11:31:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 11:31:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.09 17:47:30 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.21 11:31:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 11:31:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Programme\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Programme\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Programme\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Programme\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Programme\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Uwe\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Uwe\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Uwe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04DC836A-F433-4C99-AA57-A8E21682B1DD}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C028230E-41B1-47A0-9712-40A24CC8EADC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9F54CEF-CEA3-405C-A5F1-60D16E20C55D}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Uwe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5a2adb3f-63e1-11e1-aca2-001a92b6d9a2}\Shell - "" = AutoRun
O33 - MountPoints2\{5a2adb3f-63e1-11e1-aca2-001a92b6d9a2}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5a2adb59-63e1-11e1-aca2-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{5a2adb59-63e1-11e1-aca2-001e101f1ed9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c1482837-e370-11e0-bb80-001a92b6d9a2}\Shell - "" = AutoRun
O33 - MountPoints2\{c1482837-e370-11e0-bb80-001a92b6d9a2}\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {190B5DA7-2E6E-AC32-D7CB-43733961967B} - Internet Explorer
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.08 22:09:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe
[2013.01.08 21:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.08 21:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.08 17:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.01.06 23:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\10tons
[2013.01.06 23:37:15 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azkend 2 - The World Beneath
[2013.01.06 23:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Azkend 2 - The World Beneath
[2012.12.18 19:47:17 | 000,000,000 | ---D | C] -- C:\Users\Uwe\DxReport
[2012.12.10 17:13:46 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Apple Computer
[2012.12.10 17:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.10 17:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.10 17:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.10 17:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.12.10 17:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.12.10 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\Uwe\AppData\Local\Apple
[2012.12.10 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.12.10 17:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.12.10 17:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.12.10 17:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.08 22:09:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uwe\Desktop\OTL.exe
[2013.01.08 22:02:34 | 000,000,680 | ---- | M] () -- C:\Users\Uwe\AppData\Local\d3d9caps.dat
[2013.01.08 22:00:32 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 22:00:31 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 22:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.08 22:00:22 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.08 21:36:17 | 000,000,982 | ---- | M] () -- C:\Users\Uwe\Desktop\Achtung_-_Sicherheitsupdate.zip
[2013.01.08 21:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.08 20:16:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-635668198-3444527655-3652899419-1000UA.job
[2013.01.08 17:16:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-635668198-3444527655-3652899419-1000Core.job
[2013.01.06 23:38:40 | 000,000,937 | ---- | M] () -- C:\Users\Uwe\Desktop\Azkend 2 - The World Beneath.lnk
[2013.01.03 19:59:18 | 215,855,101 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.27 10:17:17 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.27 10:17:17 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.27 10:17:17 | 000,125,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.27 10:17:17 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.21 11:27:12 | 000,015,254 | ---- | M] () -- C:\Users\Uwe\Documents\kündiging tini.odt
[2012.12.11 13:02:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.11 13:02:53 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.01.08 21:36:17 | 000,000,982 | ---- | C] () -- C:\Users\Uwe\Desktop\Achtung_-_Sicherheitsupdate.zip
[2013.01.06 23:37:16 | 000,000,937 | ---- | C] () -- C:\Users\Uwe\Desktop\Azkend 2 - The World Beneath.lnk
[2012.12.21 11:24:37 | 000,015,254 | ---- | C] () -- C:\Users\Uwe\Documents\kündiging tini.odt
[2012.12.14 06:28:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.14 06:28:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.10 17:11:33 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.12.01 15:18:35 | 000,000,001 | R--- | C] () -- C:\Users\Uwe\serverport
[2012.06.10 15:39:24 | 000,000,250 | ---- | C] () -- \user.js
[2011.09.22 10:09:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.09.22 10:09:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.09.22 05:01:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.09.20 11:51:54 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.08.29 15:48:59 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.08.29 15:48:48 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.08.16 22:46:14 | 000,000,552 | ---- | C] () -- C:\Users\Uwe\AppData\Local\d3d8caps.dat
[2011.07.22 23:58:36 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.07.22 23:58:36 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.07.22 23:58:36 | 000,125,676 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.07.22 23:58:36 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.07.22 14:12:50 | 000,005,632 | ---- | C] () -- C:\Users\Uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.22 14:09:09 | 000,000,680 | ---- | C] () -- C:\Users\Uwe\AppData\Local\d3d9caps.dat
[2006.11.02 11:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 07:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.07.22 14:09:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.12.10 17:13:51 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.07.22 14:07:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.20 12:21:12 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.08 21:31:28 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.06 23:37:29 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.07.22 14:07:01 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.01.08 22:19:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.22 14:09:08 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.03 19:59:18 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,510 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.01 19:05:08 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-635668198-3444527655-3652899419-1000Core.job
[2011.12.01 19:05:10 | 000,000,920 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-635668198-3444527655-3652899419-1000UA.job
[2012.04.24 19:48:34 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011.08.25 06:56:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.08.25 06:56:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.08.25 06:56:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.08.25 06:54:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011.08.25 06:54:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011.08.25 06:54:48 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011.08.28 21:42:22 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011.08.28 21:42:21 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011.08.25 06:54:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.08.25 05:45:56 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2011.08.25 05:45:56 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
< %USERPROFILE%\*.* >
[2013.01.08 22:35:40 | 002,621,440 | -HS- | M] () -- C:\Users\Uwe\NTUSER.DAT
[2013.01.08 22:35:40 | 000,262,144 | -H-- | M] () -- C:\Users\Uwe\ntuser.dat.LOG1
[2011.07.22 14:09:08 | 000,000,000 | -H-- | M] () -- C:\Users\Uwe\ntuser.dat.LOG2
[2013.01.08 21:42:56 | 000,065,536 | -HS- | M] () -- C:\Users\Uwe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2013.01.08 21:42:56 | 000,524,288 | -HS- | M] () -- C:\Users\Uwe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.07.22 14:45:51 | 000,524,288 | -HS- | M] () -- C:\Users\Uwe\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.07.22 14:09:08 | 000,000,020 | -HS- | M] () -- C:\Users\Uwe\ntuser.ini
[2012.12.02 15:09:38 | 000,000,001 | R--- | M] () -- C:\Users\Uwe\serverport
[2004.10.26 08:17:22 | 000,016,518 | ---- | M] () -- C:\Users\Uwe\zylom.ico
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 08.01.2013 22:17:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uwe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 68,83% Memory free
6,69 Gb Paging File | 5,69 Gb Available in Paging File | 85,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,27 Gb Total Space | 72,08 Gb Free Space | 32,00% Space Free | Partition Type: NTFS
Drive D: | 11,72 Gb Total Space | 11,61 Gb Free Space | 99,10% Space Free | Partition Type: NTFS
Drive E: | 59,15 Gb Total Space | 59,06 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
 
Computer Name: UWE-PC | User Name: Uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1085AC45-C2B4-47ED-92A7-CE9FC0FDAA5F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1BCF49A2-4C72-44AD-AA12-64BDBBC644B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{212812B0-05D5-49FE-AF4A-CCE8A4E395CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{26BBD3A1-67F0-436D-96B1-9BAF76AABB71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{44E023DA-98BB-4DC8-BFF1-656BCF430108}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD0FDA14-D063-43A2-BB31-0C7F6686E366}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E51004CA-0490-4440-B37F-4126F0FB97D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EEBEE4BD-0C8C-43E7-967B-69651DF4371C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1E72037-7C39-4B36-90E7-F2AD152B461C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07960EDD-9DC7-4F8F-B316-727864D993DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D41AC9D-9284-42AD-8B71-EB4A6710DAF2}" = dir=in | app=c:\users\uwe\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{229D83DC-9239-4BE5-AD3F-A722FA3F0BF6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{41EE0972-51D8-4754-8533-E4A64BFDBB22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4FE793D3-2271-474D-951E-2FEA66D91D1F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61734E40-D42F-42DD-AA80-0584B44B4621}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{793DDD4B-95E9-44BC-B55E-F727385F71D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{875EC0B8-F2F1-43C3-9580-400350E9F241}" = protocol=6 | dir=out | app=system | 
"{8DABF636-1511-477C-BC6D-4EACF1E37A60}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{986DE082-8FDE-4301-9942-65EE908D1562}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E0A178D-DED5-4BA8-AE1B-9D4ABBA9BD8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CD284B53-B64B-48CC-89A6-D0719FBA13B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D987F76C-50BF-49B7-B53A-7BF2A77822DB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{ED8211BB-7494-47C6-B603-87E37AC7068D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F01D4C51-58C7-4011-872F-5F6E57A0A641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F57219F9-51AC-4BAD-BE33-66FFEBCF05B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6B1F188-9063-4037-9FAE-A5AFA831AF25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FF41FE39-792C-4F20-B902-32366311C0EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{281C52AE-03D5-4D88-AF42-081F42A08C93}C:\users\uwe\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\uwe\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
"UDP Query User{3865A831-A7C7-44EA-8170-D3642E5B5CDF}C:\users\uwe\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\uwe\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Azkend 2 - The World Beneath" = Azkend 2 - The World Beneath 
"DivX Setup" = DivX-Setup
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.29.824
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ManyCam" = ManyCam 2.6.65 (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netzmanager" = Netzmanager
"PhotoScape" = PhotoScape
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"VLC media player" = VLC media player 2.0.1
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2013 10:45:56 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 175c  Anfangszeit: 01cdea52146d0c4d  Zeitpunkt der
 Beendigung: 15
 
Error - 04.01.2013 10:47:41 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 116c  Anfangszeit: 01cdea8a35b780e4  Zeitpunkt der
 Beendigung: 15
 
Error - 04.01.2013 12:56:27 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: d9c  Anfangszeit: 01cdea9abfea3e7c  Zeitpunkt der
 Beendigung: 16
 
Error - 04.01.2013 12:57:26 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: f60  Anfangszeit: 01cdea9c75c8370c  Zeitpunkt der
 Beendigung: 16
 
Error - 04.01.2013 13:32:31 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 2e8  Anfangszeit: 01cdea9d3092bb1b  Zeitpunkt der
 Beendigung: 12
 
Error - 04.01.2013 13:34:20 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1624  Anfangszeit: 01cdeaa17c263a12  Zeitpunkt der
 Beendigung: 16
 
Error - 06.01.2013 03:37:21 | Computer Name = Uwe-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 06.01.2013 03:37:22 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm netzmanager.exe, Version 1.71.0.301 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 3ac  Anfangszeit: 01cdebe01fc87c32  Zeitpunkt
 der Beendigung: 0
 
Error - 06.01.2013 08:03:08 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 460  Anfangszeit: 01cdec05887c22b8  Zeitpunkt der
 Beendigung: 47
 
Error - 06.01.2013 08:05:25 | Computer Name = Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 158c  Anfangszeit: 01cdec05cc32350b  Zeitpunkt der
 Beendigung: 0
 
[ System Events ]
Error - 04.01.2013 01:59:07 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.01.2013 01:37:32 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.01.2013 11:39:57 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.01.2013 03:35:09 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.01.2013 07:56:13 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.01.2013 08:36:45 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.01.2013 01:32:47 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.01.2013 04:51:19 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.01.2013 12:49:11 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.01.2013 17:02:01 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         


Alt 08.01.2013, 22:42   #6
Yettex
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



....

Geändert von Yettex (08.01.2013 um 22:44 Uhr) Grund: sorry, doppelpost

Alt 08.01.2013, 23:22   #7
markusg
/// Malware-holic
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



Hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 18:21   #8
Yettex
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



kaspersky tdss log
Code:
ATTFilter
18:19:26.0668 5652  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:19:27.0279 5652  ============================================================
18:19:27.0279 5652  Current date / time: 2013/01/09 18:19:27.0279
18:19:27.0279 5652  SystemInfo:
18:19:27.0279 5652  
18:19:27.0279 5652  OS Version: 6.0.6002 ServicePack: 2.0
18:19:27.0279 5652  Product type: Workstation
18:19:27.0279 5652  ComputerName: UWE-PC
18:19:27.0279 5652  UserName: Uwe
18:19:27.0279 5652  Windows directory: C:\Windows
18:19:27.0279 5652  System windows directory: C:\Windows
18:19:27.0279 5652  Processor architecture: Intel x86
18:19:27.0279 5652  Number of processors: 2
18:19:27.0279 5652  Page size: 0x1000
18:19:27.0279 5652  Boot type: Normal boot
18:19:27.0279 5652  ============================================================
18:19:27.0857 5652  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:19:27.0857 5652  ============================================================
18:19:27.0857 5652  \Device\Harddisk0\DR0:
18:19:27.0857 5652  MBR partitions:
18:19:27.0857 5652  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1770000
18:19:27.0857 5652  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x1C28A800
18:19:27.0857 5652  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DDE3000, BlocksNum 0x764B000
18:19:27.0857 5652  ============================================================
18:19:27.0889 5652  C: <-> \Device\Harddisk0\DR0\Partition2
18:19:27.0920 5652  D: <-> \Device\Harddisk0\DR0\Partition1
18:19:27.0967 5652  E: <-> \Device\Harddisk0\DR0\Partition3
18:19:27.0967 5652  ============================================================
18:19:27.0967 5652  Initialize success
18:19:27.0967 5652  ============================================================
18:19:58.0734 3080  ============================================================
18:19:58.0734 3080  Scan started
18:19:58.0734 3080  Mode: Manual; SigCheck; TDLFS; 
18:19:58.0734 3080  ============================================================
18:19:59.0094 3080  ================ Scan system memory ========================
18:19:59.0094 3080  System memory - ok
18:19:59.0094 3080  ================ Scan services =============================
18:19:59.0234 3080  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:19:59.0328 3080  ACPI - ok
18:19:59.0422 3080  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:19:59.0453 3080  AdobeARMservice - ok
18:19:59.0516 3080  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:19:59.0543 3080  AdobeFlashPlayerUpdateSvc - ok
18:19:59.0590 3080  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:19:59.0637 3080  adp94xx - ok
18:19:59.0699 3080  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:19:59.0715 3080  adpahci - ok
18:19:59.0777 3080  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:19:59.0793 3080  adpu160m - ok
18:19:59.0809 3080  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:19:59.0824 3080  adpu320 - ok
18:19:59.0871 3080  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:19:59.0996 3080  AeLookupSvc - ok
18:20:00.0059 3080  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
18:20:00.0090 3080  AFD - ok
18:20:00.0137 3080  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:20:00.0152 3080  agp440 - ok
18:20:00.0199 3080  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:20:00.0215 3080  aic78xx - ok
18:20:00.0262 3080  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
18:20:00.0418 3080  ALG - ok
18:20:00.0449 3080  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:20:00.0465 3080  aliide - ok
18:20:00.0496 3080  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:20:00.0512 3080  amdagp - ok
18:20:00.0527 3080  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
18:20:00.0544 3080  amdide - ok
18:20:00.0591 3080  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:20:00.0763 3080  AmdK7 - ok
18:20:00.0794 3080  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:20:00.0856 3080  AmdK8 - ok
18:20:00.0935 3080  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:20:00.0950 3080  AntiVirSchedulerService - ok
18:20:01.0013 3080  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:20:01.0044 3080  AntiVirService - ok
18:20:01.0075 3080  [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:20:01.0106 3080  AntiVirWebService - ok
18:20:01.0185 3080  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
18:20:01.0216 3080  Appinfo - ok
18:20:01.0294 3080  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:20:01.0310 3080  Apple Mobile Device - ok
18:20:01.0341 3080  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
18:20:01.0356 3080  arc - ok
18:20:01.0388 3080  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:20:01.0403 3080  arcsas - ok
18:20:01.0435 3080  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:20:01.0466 3080  AsyncMac - ok
18:20:01.0513 3080  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:20:01.0513 3080  atapi - ok
18:20:01.0592 3080  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:20:01.0639 3080  AudioEndpointBuilder - ok
18:20:01.0670 3080  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:20:01.0701 3080  Audiosrv - ok
18:20:01.0717 3080  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:20:01.0748 3080  avgntflt - ok
18:20:01.0779 3080  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:20:01.0795 3080  avipbb - ok
18:20:01.0842 3080  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:20:01.0857 3080  avkmgr - ok
18:20:01.0935 3080  [ 9BD46C1D2F33A890B7226EDF543F18AA ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe
18:20:01.0982 3080  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
18:20:01.0982 3080  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
18:20:02.0029 3080  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:20:02.0076 3080  Beep - ok
18:20:02.0107 3080  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
18:20:02.0154 3080  BFE - ok
18:20:02.0217 3080  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
18:20:02.0248 3080  BITS - ok
18:20:02.0248 3080  blbdrive - ok
18:20:02.0342 3080  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:20:02.0373 3080  Bonjour Service - ok
18:20:02.0420 3080  [ 746A7B624B5047FACEBE35B51AA1FE36 ] Boonty Games    C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
18:20:02.0420 3080  Boonty Games ( UnsignedFile.Multi.Generic ) - warning
18:20:02.0420 3080  Boonty Games - detected UnsignedFile.Multi.Generic (1)
18:20:02.0498 3080  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:20:02.0560 3080  bowser - ok
18:20:02.0608 3080  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:20:02.0655 3080  BrFiltLo - ok
18:20:02.0671 3080  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:20:02.0702 3080  BrFiltUp - ok
18:20:02.0749 3080  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
18:20:02.0780 3080  Browser - ok
18:20:02.0827 3080  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:20:02.0874 3080  Brserid - ok
18:20:02.0905 3080  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:20:02.0983 3080  BrSerWdm - ok
18:20:03.0015 3080  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:20:03.0077 3080  BrUsbMdm - ok
18:20:03.0108 3080  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:20:03.0155 3080  BrUsbSer - ok
18:20:03.0186 3080  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:20:03.0233 3080  BTHMODEM - ok
18:20:03.0280 3080  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:20:03.0296 3080  cdfs - ok
18:20:03.0343 3080  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:20:03.0374 3080  cdrom - ok
18:20:03.0421 3080  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:20:03.0452 3080  CertPropSvc - ok
18:20:03.0483 3080  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:20:03.0546 3080  circlass - ok
18:20:03.0625 3080  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
18:20:03.0641 3080  CLFS - ok
18:20:03.0734 3080  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:03.0750 3080  clr_optimization_v2.0.50727_32 - ok
18:20:03.0828 3080  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:03.0828 3080  clr_optimization_v4.0.30319_32 - ok
18:20:03.0844 3080  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:20:03.0859 3080  cmdide - ok
18:20:03.0875 3080  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:20:03.0891 3080  Compbatt - ok
18:20:03.0906 3080  COMSysApp - ok
18:20:03.0922 3080  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:20:03.0937 3080  crcdisk - ok
18:20:03.0953 3080  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:20:04.0000 3080  Crusoe - ok
18:20:04.0047 3080  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:20:04.0109 3080  CryptSvc - ok
18:20:04.0141 3080  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:20:04.0203 3080  DcomLaunch - ok
18:20:04.0234 3080  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:20:04.0266 3080  DfsC - ok
18:20:04.0344 3080  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
18:20:04.0437 3080  DFSR - ok
18:20:04.0516 3080  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:20:04.0578 3080  Dhcp - ok
18:20:04.0642 3080  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
18:20:04.0673 3080  disk - ok
18:20:04.0735 3080  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:20:04.0767 3080  Dnscache - ok
18:20:04.0798 3080  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:20:04.0813 3080  dot3svc - ok
18:20:04.0845 3080  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
18:20:04.0892 3080  Dot4 - ok
18:20:04.0938 3080  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:20:04.0970 3080  Dot4Print - ok
18:20:05.0001 3080  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
18:20:05.0017 3080  dot4usb - ok
18:20:05.0079 3080  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
18:20:05.0142 3080  DPS - ok
18:20:05.0173 3080  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:20:05.0220 3080  drmkaud - ok
18:20:05.0267 3080  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:20:05.0376 3080  DXGKrnl - ok
18:20:05.0407 3080  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:20:05.0454 3080  E1G60 - ok
18:20:05.0501 3080  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
18:20:05.0517 3080  EapHost - ok
18:20:05.0579 3080  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:20:05.0595 3080  Ecache - ok
18:20:05.0674 3080  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:20:05.0689 3080  ehRecvr - ok
18:20:05.0736 3080  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
18:20:05.0783 3080  ehSched - ok
18:20:05.0799 3080  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
18:20:05.0814 3080  ehstart - ok
18:20:05.0861 3080  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:20:05.0893 3080  elxstor - ok
18:20:05.0939 3080  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:20:06.0018 3080  EMDMgmt - ok
18:20:06.0064 3080  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
18:20:06.0080 3080  EventSystem - ok
18:20:06.0143 3080  [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
18:20:06.0158 3080  ewusbnet - ok
18:20:06.0205 3080  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
18:20:06.0236 3080  exfat - ok
18:20:06.0268 3080  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:20:06.0283 3080  fastfat - ok
18:20:06.0314 3080  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:20:06.0377 3080  fdc - ok
18:20:06.0393 3080  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:20:06.0424 3080  fdPHost - ok
18:20:06.0439 3080  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:20:06.0471 3080  FDResPub - ok
18:20:06.0518 3080  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:20:06.0533 3080  FileInfo - ok
18:20:06.0564 3080  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:20:06.0580 3080  Filetrace - ok
18:20:06.0643 3080  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:20:06.0706 3080  flpydisk - ok
18:20:06.0753 3080  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:20:06.0768 3080  FltMgr - ok
18:20:06.0847 3080  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
18:20:06.0878 3080  FontCache - ok
18:20:06.0940 3080  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:20:06.0940 3080  FontCache3.0.0.0 - ok
18:20:06.0987 3080  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:20:07.0018 3080  Fs_Rec - ok
18:20:07.0081 3080  [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
18:20:07.0128 3080  FWLANUSB - ok
18:20:07.0159 3080  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:20:07.0175 3080  gagp30kx - ok
18:20:07.0206 3080  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:20:07.0222 3080  GEARAspiWDM - ok
18:20:07.0253 3080  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:20:07.0300 3080  gpsvc - ok
18:20:07.0347 3080  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:20:07.0425 3080  HdAudAddService - ok
18:20:07.0472 3080  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:20:07.0518 3080  HDAudBus - ok
18:20:07.0550 3080  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:20:07.0597 3080  HidBth - ok
18:20:07.0628 3080  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:20:07.0665 3080  HidIr - ok
18:20:07.0712 3080  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
18:20:07.0727 3080  hidserv - ok
18:20:07.0759 3080  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:20:07.0774 3080  HidUsb - ok
18:20:07.0806 3080  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:20:07.0837 3080  hkmsvc - ok
18:20:07.0852 3080  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:20:07.0868 3080  HpCISSs - ok
18:20:07.0962 3080  [ 682358F730B84B63E09C6B4EDC1DE7AE ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:20:07.0977 3080  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:20:07.0977 3080  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:20:07.0993 3080  [ 2E7BEE4AA776CF1C37836B26D1D29403 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:20:08.0009 3080  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:20:08.0009 3080  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:20:08.0024 3080  HTCAND32 - ok
18:20:08.0071 3080  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:20:08.0134 3080  HTTP - ok
18:20:08.0165 3080  [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:20:08.0196 3080  hwdatacard - ok
18:20:08.0227 3080  [ 089085538885367E281686762A973EB5 ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
18:20:08.0259 3080  hwusbfake - ok
18:20:08.0290 3080  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:20:08.0306 3080  i2omp - ok
18:20:08.0337 3080  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:20:08.0368 3080  i8042prt - ok
18:20:08.0399 3080  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:20:08.0415 3080  iaStorV - ok
18:20:08.0477 3080  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:20:08.0571 3080  idsvc - ok
18:20:08.0618 3080  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:20:08.0634 3080  iirsp - ok
18:20:08.0665 3080  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:20:08.0744 3080  IKEEXT - ok
18:20:08.0760 3080  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:20:08.0775 3080  intelide - ok
18:20:08.0791 3080  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:20:08.0838 3080  intelppm - ok
18:20:08.0885 3080  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:20:08.0900 3080  IPBusEnum - ok
18:20:08.0932 3080  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:20:08.0978 3080  IpFilterDriver - ok
18:20:09.0010 3080  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:20:09.0041 3080  iphlpsvc - ok
18:20:09.0041 3080  IpInIp - ok
18:20:09.0072 3080  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:20:09.0150 3080  IPMIDRV - ok
18:20:09.0166 3080  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:20:09.0213 3080  IPNAT - ok
18:20:09.0260 3080  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:20:09.0291 3080  iPod Service - ok
18:20:09.0322 3080  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:20:09.0353 3080  IRENUM - ok
18:20:09.0369 3080  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:20:09.0400 3080  isapnp - ok
18:20:09.0447 3080  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:20:09.0463 3080  iScsiPrt - ok
18:20:09.0478 3080  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:20:09.0494 3080  iteatapi - ok
18:20:09.0510 3080  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:20:09.0525 3080  iteraid - ok
18:20:09.0541 3080  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:20:09.0557 3080  kbdclass - ok
18:20:09.0588 3080  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:20:09.0619 3080  kbdhid - ok
18:20:09.0635 3080  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
18:20:09.0650 3080  KeyIso - ok
18:20:09.0682 3080  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:20:09.0733 3080  KSecDD - ok
18:20:09.0796 3080  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:20:09.0827 3080  KtmRm - ok
18:20:09.0858 3080  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:20:09.0874 3080  LanmanServer - ok
18:20:09.0921 3080  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:20:09.0936 3080  LanmanWorkstation - ok
18:20:09.0968 3080  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:20:09.0999 3080  lltdio - ok
18:20:10.0030 3080  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:20:10.0061 3080  lltdsvc - ok
18:20:10.0077 3080  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:20:10.0124 3080  lmhosts - ok
18:20:10.0155 3080  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:20:10.0171 3080  LSI_FC - ok
18:20:10.0186 3080  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:20:10.0202 3080  LSI_SAS - ok
18:20:10.0233 3080  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:20:10.0249 3080  LSI_SCSI - ok
18:20:10.0280 3080  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
18:20:10.0311 3080  luafv - ok
18:20:10.0343 3080  [ A730FC8671A60666D6E877C544DD7CD4 ] LVUSBSta        C:\Windows\system32\drivers\lvusbsta.sys
18:20:10.0374 3080  LVUSBSta - ok
18:20:10.0405 3080  [ C6D085C7045200143528136A43A65FDE ] ManyCam         C:\Windows\system32\DRIVERS\ManyCam.sys
18:20:10.0452 3080  ManyCam - ok
18:20:10.0546 3080  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
18:20:10.0561 3080  McComponentHostService - ok
18:20:10.0577 3080  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:20:10.0608 3080  Mcx2Svc - ok
18:20:10.0624 3080  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
18:20:10.0640 3080  megasas - ok
18:20:10.0671 3080  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
18:20:10.0702 3080  MMCSS - ok
18:20:10.0720 3080  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
18:20:10.0770 3080  Modem - ok
18:20:10.0802 3080  [ EC839BA91E45CCE6EADAFC418FFF8206 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:20:10.0864 3080  monitor - ok
18:20:10.0880 3080  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:20:10.0911 3080  mouclass - ok
18:20:10.0911 3080  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:20:10.0958 3080  mouhid - ok
18:20:10.0974 3080  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:20:11.0005 3080  MountMgr - ok
18:20:11.0052 3080  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:20:11.0067 3080  MozillaMaintenance - ok
18:20:11.0114 3080  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:20:11.0130 3080  mpio - ok
18:20:11.0161 3080  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:20:11.0177 3080  mpsdrv - ok
18:20:11.0224 3080  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:20:11.0239 3080  MpsSvc - ok
18:20:11.0270 3080  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:20:11.0286 3080  Mraid35x - ok
18:20:11.0317 3080  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:20:11.0333 3080  MRxDAV - ok
18:20:11.0364 3080  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:11.0427 3080  mrxsmb - ok
18:20:11.0442 3080  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:11.0474 3080  mrxsmb10 - ok
18:20:11.0489 3080  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:11.0505 3080  mrxsmb20 - ok
18:20:11.0520 3080  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:20:11.0552 3080  msahci - ok
18:20:11.0567 3080  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:20:11.0583 3080  msdsm - ok
18:20:11.0599 3080  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
18:20:11.0630 3080  MSDTC - ok
18:20:11.0677 3080  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:20:11.0708 3080  Msfs - ok
18:20:11.0771 3080  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:20:11.0787 3080  msisadrv - ok
18:20:11.0818 3080  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:20:11.0850 3080  MSiSCSI - ok
18:20:11.0850 3080  msiserver - ok
18:20:11.0912 3080  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:20:11.0943 3080  MSKSSRV - ok
18:20:11.0975 3080  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:11.0990 3080  MSPCLOCK - ok
18:20:12.0021 3080  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:20:12.0053 3080  MSPQM - ok
18:20:12.0084 3080  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:20:12.0115 3080  MsRPC - ok
18:20:12.0146 3080  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:20:12.0162 3080  mssmbios - ok
18:20:12.0209 3080  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:20:12.0240 3080  MSTEE - ok
18:20:12.0271 3080  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
18:20:12.0303 3080  Mup - ok
18:20:12.0334 3080  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
18:20:12.0365 3080  napagent - ok
18:20:12.0412 3080  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:20:12.0428 3080  NativeWifiP - ok
18:20:12.0459 3080  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:20:12.0506 3080  NDIS - ok
18:20:12.0521 3080  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:20:12.0568 3080  NdisTapi - ok
18:20:12.0600 3080  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:20:12.0631 3080  Ndisuio - ok
18:20:12.0662 3080  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:20:12.0693 3080  NdisWan - ok
18:20:12.0725 3080  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:20:12.0756 3080  NDProxy - ok
18:20:12.0788 3080  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:20:12.0804 3080  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:20:12.0804 3080  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:20:12.0835 3080  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:20:12.0866 3080  NetBIOS - ok
18:20:12.0897 3080  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:20:12.0929 3080  netbt - ok
18:20:12.0944 3080  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
18:20:12.0960 3080  Netlogon - ok
18:20:12.0991 3080  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
18:20:13.0022 3080  Netman - ok
18:20:13.0054 3080  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
18:20:13.0085 3080  netprofm - ok
18:20:13.0116 3080  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:20:13.0132 3080  NetTcpPortSharing - ok
18:20:13.0241 3080  [ 82FFC84EC3AFC2F2D38DB880F50157C0 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
18:20:13.0319 3080  Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
18:20:13.0319 3080  Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
18:20:13.0351 3080  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:20:13.0382 3080  nfrd960 - ok
18:20:13.0413 3080  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:20:13.0444 3080  NlaSvc - ok
18:20:13.0476 3080  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:20:13.0491 3080  Npfs - ok
18:20:13.0522 3080  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
18:20:13.0554 3080  nsi - ok
18:20:13.0569 3080  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:20:13.0601 3080  nsiproxy - ok
18:20:13.0647 3080  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:20:13.0741 3080  Ntfs - ok
18:20:13.0789 3080  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:20:13.0836 3080  ntrigdigi - ok
18:20:13.0867 3080  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
18:20:13.0898 3080  Null - ok
18:20:13.0914 3080  [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:20:13.0945 3080  nvraid - ok
18:20:13.0961 3080  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:20:13.0977 3080  nvstor - ok
18:20:14.0008 3080  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:20:14.0023 3080  nv_agp - ok
18:20:14.0023 3080  NwlnkFlt - ok
18:20:14.0039 3080  NwlnkFwd - ok
18:20:14.0070 3080  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:20:14.0086 3080  ohci1394 - ok
18:20:14.0133 3080  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:20:14.0195 3080  p2pimsvc - ok
18:20:14.0227 3080  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:20:14.0242 3080  p2psvc - ok
18:20:14.0273 3080  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
18:20:14.0320 3080  Parport - ok
18:20:14.0367 3080  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:20:14.0383 3080  partmgr - ok
18:20:14.0398 3080  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:20:14.0445 3080  Parvdm - ok
18:20:14.0477 3080  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:20:14.0492 3080  PcaSvc - ok
18:20:14.0523 3080  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:20:14.0539 3080  pccsmcfd - ok
18:20:14.0570 3080  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
18:20:14.0586 3080  pci - ok
18:20:14.0617 3080  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
18:20:14.0633 3080  pciide - ok
18:20:14.0664 3080  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:20:14.0695 3080  pcmcia - ok
18:20:14.0727 3080  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:20:14.0857 3080  PEAUTH - ok
18:20:14.0920 3080  [ A937C4E37C0C1003CE5FCA1E5E103FDC ] PID_0920        C:\Windows\system32\DRIVERS\LV532AV.SYS
18:20:14.0935 3080  PID_0920 - ok
18:20:14.0967 3080  [ 03E86718BB5AA2716C7349A854FF6203 ] PID_0928        C:\Windows\system32\DRIVERS\LV561AV.SYS
18:20:14.0998 3080  PID_0928 - ok
18:20:15.0045 3080  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
18:20:15.0107 3080  pla - ok
18:20:15.0154 3080  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:20:15.0170 3080  PlugPlay - ok
18:20:15.0201 3080  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:20:15.0217 3080  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:20:15.0217 3080  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:20:15.0232 3080  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:20:15.0264 3080  PNRPAutoReg - ok
18:20:15.0279 3080  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:20:15.0310 3080  PNRPsvc - ok
18:20:15.0342 3080  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:20:15.0373 3080  PolicyAgent - ok
18:20:15.0420 3080  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:20:15.0451 3080  PptpMiniport - ok
18:20:15.0467 3080  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
18:20:15.0514 3080  Processor - ok
18:20:15.0560 3080  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:20:15.0576 3080  ProfSvc - ok
18:20:15.0592 3080  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:20:15.0607 3080  ProtectedStorage - ok
18:20:15.0639 3080  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:20:15.0654 3080  PSched - ok
18:20:15.0701 3080  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:20:15.0764 3080  ql2300 - ok
18:20:15.0810 3080  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:20:15.0827 3080  ql40xx - ok
18:20:15.0874 3080  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
18:20:15.0905 3080  QWAVE - ok
18:20:15.0936 3080  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:20:15.0952 3080  QWAVEdrv - ok
18:20:16.0015 3080  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
18:20:16.0046 3080  RapiMgr - ok
18:20:16.0061 3080  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:20:16.0093 3080  RasAcd - ok
18:20:16.0124 3080  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
18:20:16.0155 3080  RasAuto - ok
18:20:16.0186 3080  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:16.0233 3080  Rasl2tp - ok
18:20:16.0265 3080  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
18:20:16.0280 3080  RasMan - ok
18:20:16.0311 3080  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:16.0327 3080  RasPppoe - ok
18:20:16.0358 3080  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:20:16.0390 3080  RasSstp - ok
18:20:16.0421 3080  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:20:16.0452 3080  rdbss - ok
18:20:16.0468 3080  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:16.0515 3080  RDPCDD - ok
18:20:16.0546 3080  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:20:16.0608 3080  rdpdr - ok
18:20:16.0624 3080  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:20:16.0686 3080  RDPENCDD - ok
18:20:16.0733 3080  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:20:16.0749 3080  RDPWD - ok
18:20:16.0780 3080  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:20:16.0811 3080  RemoteAccess - ok
18:20:16.0859 3080  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:20:16.0922 3080  RemoteRegistry - ok
18:20:16.0969 3080  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
18:20:17.0016 3080  RpcLocator - ok
18:20:17.0047 3080  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
18:20:17.0062 3080  RpcSs - ok
18:20:17.0109 3080  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:20:17.0141 3080  rspndr - ok
18:20:17.0187 3080  [ 959EF612D2CCFDB6D9E443F8E3655013 ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
18:20:17.0234 3080  RTL8023xp - ok
18:20:17.0250 3080  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
18:20:17.0266 3080  SamSs - ok
18:20:17.0281 3080  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:20:17.0297 3080  sbp2port - ok
18:20:17.0328 3080  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:20:17.0359 3080  SCardSvr - ok
18:20:17.0406 3080  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
18:20:17.0422 3080  Schedule - ok
18:20:17.0453 3080  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:20:17.0469 3080  SCPolicySvc - ok
18:20:17.0500 3080  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:20:17.0516 3080  SDRSVC - ok
18:20:17.0531 3080  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:20:17.0578 3080  secdrv - ok
18:20:17.0609 3080  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
18:20:17.0641 3080  seclogon - ok
18:20:17.0656 3080  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
18:20:17.0687 3080  SENS - ok
18:20:17.0719 3080  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:20:17.0750 3080  Serenum - ok
18:20:17.0766 3080  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:20:17.0812 3080  Serial - ok
18:20:17.0828 3080  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:20:17.0865 3080  sermouse - ok
18:20:17.0959 3080  [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:20:18.0053 3080  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
18:20:18.0053 3080  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
18:20:18.0100 3080  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:20:18.0131 3080  SessionEnv - ok
18:20:18.0146 3080  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:20:18.0193 3080  sffdisk - ok
18:20:18.0209 3080  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:20:18.0256 3080  sffp_mmc - ok
18:20:18.0271 3080  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:20:18.0318 3080  sffp_sd - ok
18:20:18.0334 3080  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:20:18.0381 3080  sfloppy - ok
18:20:18.0412 3080  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:20:18.0443 3080  SharedAccess - ok
18:20:18.0475 3080  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:20:18.0490 3080  ShellHWDetection - ok
18:20:18.0521 3080  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:20:18.0537 3080  sisagp - ok
18:20:18.0568 3080  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:20:18.0584 3080  SiSRaid2 - ok
18:20:18.0600 3080  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:20:18.0631 3080  SiSRaid4 - ok
18:20:18.0678 3080  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:20:18.0756 3080  SkypeUpdate - ok
18:20:18.0850 3080  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
18:20:19.0038 3080  slsvc - ok
18:20:19.0054 3080  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:20:19.0069 3080  SLUINotify - ok
18:20:19.0101 3080  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:20:19.0132 3080  Smb - ok
18:20:19.0163 3080  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:20:19.0179 3080  SNMPTRAP - ok
18:20:19.0226 3080  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
18:20:19.0288 3080  spldr - ok
18:20:19.0319 3080  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
18:20:19.0335 3080  Spooler - ok
18:20:19.0382 3080  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:20:19.0429 3080  srv - ok
18:20:19.0476 3080  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:20:19.0538 3080  srv2 - ok
18:20:19.0569 3080  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:20:19.0601 3080  srvnet - ok
18:20:19.0663 3080  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:20:19.0694 3080  SSDPSRV - ok
18:20:19.0772 3080  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
18:20:19.0835 3080  ssmdrv - ok
18:20:19.0882 3080  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:20:19.0901 3080  SstpSvc - ok
18:20:19.0979 3080  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
18:20:20.0026 3080  stisvc - ok
18:20:20.0058 3080  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:20:20.0073 3080  swenum - ok
18:20:20.0120 3080  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
18:20:20.0151 3080  swprv - ok
18:20:20.0183 3080  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:20:20.0198 3080  Symc8xx - ok
18:20:20.0229 3080  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:20:20.0245 3080  Sym_hi - ok
18:20:20.0261 3080  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:20:20.0276 3080  Sym_u3 - ok
18:20:20.0323 3080  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
18:20:20.0370 3080  SysMain - ok
18:20:20.0417 3080  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:20:20.0433 3080  TabletInputService - ok
18:20:20.0464 3080  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:20:20.0495 3080  TapiSrv - ok
18:20:20.0511 3080  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
18:20:20.0542 3080  TBS - ok
18:20:20.0604 3080  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:20:20.0636 3080  Tcpip - ok
18:20:20.0667 3080  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:20:20.0698 3080  Tcpip6 - ok
18:20:20.0761 3080  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:20:20.0776 3080  tcpipreg - ok
18:20:20.0808 3080  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:20:20.0839 3080  TDPIPE - ok
18:20:20.0854 3080  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:20:20.0901 3080  TDTCP - ok
18:20:20.0934 3080  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:20:20.0980 3080  tdx - ok
18:20:21.0043 3080  [ 5D528200679C3B4595B4237E02C077D5 ] TelekomNM3      C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
18:20:21.0059 3080  TelekomNM3 - ok
18:20:21.0090 3080  [ 622FCF264119F7DF127BE353F796B319 ] TelevisionFanaticService C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
18:20:21.0105 3080  TelevisionFanaticService - ok
18:20:21.0137 3080  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:20:21.0152 3080  TermDD - ok
18:20:21.0168 3080  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
18:20:21.0199 3080  TermService - ok
18:20:21.0215 3080  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
18:20:21.0230 3080  Themes - ok
18:20:21.0277 3080  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:20:21.0293 3080  THREADORDER - ok
18:20:21.0371 3080  [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:20:21.0387 3080  TomTomHOMEService - ok
18:20:21.0418 3080  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
18:20:21.0434 3080  TrkWks - ok
18:20:21.0480 3080  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:20:21.0496 3080  TrustedInstaller - ok
18:20:21.0543 3080  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:20:21.0559 3080  tssecsrv - ok
18:20:21.0590 3080  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:20:21.0605 3080  tunmp - ok
18:20:21.0605 3080  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:20:21.0621 3080  tunnel - ok
18:20:21.0637 3080  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:20:21.0668 3080  uagp35 - ok
18:20:21.0715 3080  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:20:21.0730 3080  udfs - ok
18:20:21.0777 3080  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:20:21.0793 3080  UI0Detect - ok
18:20:21.0824 3080  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:20:21.0840 3080  uliagpkx - ok
18:20:21.0855 3080  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:20:21.0871 3080  uliahci - ok
18:20:21.0887 3080  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:20:21.0902 3080  UlSata - ok
18:20:21.0918 3080  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:20:21.0941 3080  ulsata2 - ok
18:20:21.0973 3080  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:20:22.0004 3080  umbus - ok
18:20:22.0082 3080  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
18:20:22.0113 3080  upnphost - ok
18:20:22.0129 3080  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:20:22.0160 3080  usbccgp - ok
18:20:22.0176 3080  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:20:22.0223 3080  usbcir - ok
18:20:22.0285 3080  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:20:22.0301 3080  usbehci - ok
18:20:22.0332 3080  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:20:22.0363 3080  usbhub - ok
18:20:22.0379 3080  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:20:22.0394 3080  usbohci - ok
18:20:22.0426 3080  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:20:22.0457 3080  usbprint - ok
18:20:22.0473 3080  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:20:22.0488 3080  usbscan - ok
18:20:22.0535 3080  [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser          C:\Windows\system32\drivers\usbser.sys
18:20:22.0551 3080  usbser - ok
18:20:22.0582 3080  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:20:22.0598 3080  USBSTOR - ok
18:20:22.0629 3080  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:20:22.0676 3080  usbuhci - ok
18:20:22.0691 3080  [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
18:20:22.0723 3080  usb_rndisx - ok
18:20:22.0754 3080  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
18:20:22.0769 3080  UxSms - ok
18:20:22.0801 3080  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
18:20:22.0848 3080  vds - ok
18:20:22.0894 3080  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:20:22.0941 3080  vga - ok
18:20:22.0974 3080  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:20:22.0989 3080  VgaSave - ok
18:20:23.0020 3080  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:20:23.0036 3080  viaagp - ok
18:20:23.0067 3080  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:20:23.0114 3080  ViaC7 - ok
18:20:23.0130 3080  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
18:20:23.0145 3080  viaide - ok
18:20:23.0161 3080  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:20:23.0161 3080  volmgr - ok
18:20:23.0192 3080  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:20:23.0239 3080  volmgrx - ok
18:20:23.0270 3080  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:20:23.0286 3080  volsnap - ok
18:20:23.0317 3080  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:20:23.0317 3080  vsmraid - ok
18:20:23.0364 3080  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
18:20:23.0411 3080  VSS - ok
18:20:23.0458 3080  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
18:20:23.0489 3080  W32Time - ok
18:20:23.0505 3080  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:20:23.0536 3080  WacomPen - ok
18:20:23.0567 3080  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:20:23.0599 3080  Wanarp - ok
18:20:23.0599 3080  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:20:23.0614 3080  Wanarpv6 - ok
18:20:23.0661 3080  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
18:20:23.0692 3080  WcesComm - ok
18:20:23.0724 3080  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:20:23.0755 3080  wcncsvc - ok
18:20:23.0786 3080  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:20:23.0817 3080  WcsPlugInService - ok
18:20:23.0864 3080  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
18:20:23.0880 3080  Wd - ok
18:20:23.0927 3080  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:20:23.0977 3080  Wdf01000 - ok
18:20:24.0009 3080  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:20:24.0024 3080  WdiServiceHost - ok
18:20:24.0040 3080  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:20:24.0056 3080  WdiSystemHost - ok
18:20:24.0102 3080  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
18:20:24.0118 3080  WebClient - ok
18:20:24.0149 3080  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:20:24.0196 3080  Wecsvc - ok
18:20:24.0227 3080  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:20:24.0243 3080  wercplsupport - ok
18:20:24.0274 3080  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:20:24.0290 3080  WerSvc - ok
18:20:24.0337 3080  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:20:24.0352 3080  WinDefend - ok
18:20:24.0368 3080  WinHttpAutoProxySvc - ok
18:20:24.0415 3080  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:20:24.0431 3080  Winmgmt - ok
18:20:24.0493 3080  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:20:24.0540 3080  WinRM - ok
18:20:24.0602 3080  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
18:20:24.0634 3080  winusb - ok
18:20:24.0665 3080  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:20:24.0712 3080  Wlansvc - ok
18:20:24.0743 3080  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:20:24.0790 3080  WmiAcpi - ok
18:20:24.0821 3080  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:20:24.0837 3080  wmiApSrv - ok
18:20:24.0915 3080  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:20:24.0946 3080  WMPNetworkSvc - ok
18:20:24.0994 3080  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:20:25.0010 3080  WPCSvc - ok
18:20:25.0057 3080  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:20:25.0072 3080  WPDBusEnum - ok
18:20:25.0119 3080  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:20:25.0135 3080  WpdUsb - ok
18:20:25.0244 3080  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:20:25.0275 3080  WPFFontCache_v0400 - ok
18:20:25.0307 3080  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:20:25.0338 3080  ws2ifsl - ok
18:20:25.0369 3080  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
18:20:25.0400 3080  wscsvc - ok
18:20:25.0400 3080  WSearch - ok
18:20:25.0478 3080  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
18:20:25.0557 3080  wuauserv - ok
18:20:25.0603 3080  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:20:25.0635 3080  WudfPf - ok
18:20:25.0650 3080  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:20:25.0666 3080  WUDFRd - ok
18:20:25.0682 3080  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:20:25.0713 3080  wudfsvc - ok
18:20:25.0744 3080  [ 4CAA1637520365C50331B454469DF58C ] [verify-U]      C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe
18:20:25.0760 3080  [verify-U] ( UnsignedFile.Multi.Generic ) - warning
18:20:25.0760 3080  [verify-U] - detected UnsignedFile.Multi.Generic (1)
18:20:25.0775 3080  [ A505FF145D2C056BE52BFA7670D09525 ] [verify-U]_System C:\Windows\system32\drivers\[verify-U]-driver.sys
18:20:25.0775 3080  [verify-U]_System ( UnsignedFile.Multi.Generic ) - warning
18:20:25.0775 3080  [verify-U]_System - detected UnsignedFile.Multi.Generic (1)
18:20:25.0791 3080  ================ Scan global ===============================
18:20:25.0822 3080  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:20:25.0853 3080  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:20:25.0885 3080  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:20:25.0932 3080  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:20:25.0932 3080  [Global] - ok
18:20:25.0932 3080  ================ Scan MBR ==================================
18:20:25.0932 3080  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:20:26.0401 3080  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:20:26.0401 3080  \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:20:26.0401 3080  ================ Scan VBR ==================================
18:20:26.0401 3080  [ 536ADA82F3A816018E5341513AE10B5D ] \Device\Harddisk0\DR0\Partition1
18:20:26.0401 3080  \Device\Harddisk0\DR0\Partition1 - ok
18:20:26.0433 3080  [ 8EF9928CB4A9AAEB46D13909E845F0CD ] \Device\Harddisk0\DR0\Partition2
18:20:26.0433 3080  \Device\Harddisk0\DR0\Partition2 - ok
18:20:26.0464 3080  [ 202C805365DE960547F09DA4D3E61290 ] \Device\Harddisk0\DR0\Partition3
18:20:26.0479 3080  \Device\Harddisk0\DR0\Partition3 - ok
18:20:26.0479 3080  ============================================================
18:20:26.0479 3080  Scan finished
18:20:26.0479 3080  ============================================================
18:20:26.0479 1796  Detected object count: 11
18:20:26.0479 1796  Actual detected object count: 11
18:21:06.0613 1796  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0613 1796  Boonty Games ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796  Boonty Games ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0613 1796  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0613 1796  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0613 1796  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0613 1796  Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0613 1796  Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0629 1796  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0629 1796  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0629 1796  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0629 1796  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0629 1796  [verify-U] ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0629 1796  [verify-U] ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0629 1796  [verify-U]_System ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:06.0629 1796  [verify-U]_System ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:21:06.0629 1796  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:21:06.0629 1796  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         

Alt 09.01.2013, 18:45   #9
markusg
/// Malware-holic
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



hi
tdss killer konfigurieren wie eben.
erneut scannen, fund:
TDSS File System
Delete
dann neustart, und TDSS Killer wie oben ausführen, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 19:10   #10
Yettex
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



sollen nach dem Neustart alle nebenbei laufenden Programme wieder geschlossen werden?

Alt 09.01.2013, 19:29   #11
markusg
/// Malware-holic
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



Ja, kannst du tun.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 19:44   #12
Yettex
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



TDSS Log 2

Code:
ATTFilter
19:43:58.0665 5020  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:43:58.0978 5020  ============================================================
19:43:58.0978 5020  Current date / time: 2013/01/09 19:43:58.0978
19:43:58.0978 5020  SystemInfo:
19:43:58.0978 5020  
19:43:58.0978 5020  OS Version: 6.0.6002 ServicePack: 2.0
19:43:58.0978 5020  Product type: Workstation
19:43:58.0978 5020  ComputerName: UWE-PC
19:43:58.0978 5020  UserName: Uwe
19:43:58.0978 5020  Windows directory: C:\Windows
19:43:58.0978 5020  System windows directory: C:\Windows
19:43:58.0978 5020  Processor architecture: Intel x86
19:43:58.0978 5020  Number of processors: 2
19:43:58.0978 5020  Page size: 0x1000
19:43:58.0978 5020  Boot type: Normal boot
19:43:58.0978 5020  ============================================================
19:44:03.0529 5020  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:44:03.0545 5020  ============================================================
19:44:03.0545 5020  \Device\Harddisk0\DR0:
19:44:03.0545 5020  MBR partitions:
19:44:03.0545 5020  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1770000
19:44:03.0545 5020  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x1C28A800
19:44:03.0545 5020  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DDE3000, BlocksNum 0x764B000
19:44:03.0545 5020  ============================================================
19:44:03.0608 5020  C: <-> \Device\Harddisk0\DR0\Partition2
19:44:03.0654 5020  D: <-> \Device\Harddisk0\DR0\Partition1
19:44:03.0764 5020  E: <-> \Device\Harddisk0\DR0\Partition3
19:44:03.0764 5020  ============================================================
19:44:03.0764 5020  Initialize success
19:44:03.0764 5020  ============================================================
19:44:14.0208 5356  ============================================================
19:44:14.0209 5356  Scan started
19:44:14.0209 5356  Mode: Manual; SigCheck; TDLFS; 
19:44:14.0209 5356  ============================================================
19:44:17.0133 5356  ================ Scan system memory ========================
19:44:17.0133 5356  System memory - ok
19:44:17.0133 5356  ================ Scan services =============================
19:44:17.0555 5356  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:44:17.0664 5356  ACPI - ok
19:44:17.0742 5356  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:44:17.0758 5356  AdobeARMservice - ok
19:44:17.0852 5356  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:17.0883 5356  AdobeFlashPlayerUpdateSvc - ok
19:44:17.0945 5356  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:44:17.0977 5356  adp94xx - ok
19:44:17.0992 5356  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:44:18.0008 5356  adpahci - ok
19:44:18.0039 5356  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:44:18.0055 5356  adpu160m - ok
19:44:18.0070 5356  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:44:18.0086 5356  adpu320 - ok
19:44:18.0117 5356  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:44:29.0130 5356  AeLookupSvc - ok
19:44:29.0255 5356  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
19:44:29.0349 5356  AFD - ok
19:44:29.0380 5356  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:44:29.0396 5356  agp440 - ok
19:44:29.0427 5356  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:44:29.0442 5356  aic78xx - ok
19:44:29.0536 5356  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
19:44:29.0774 5356  ALG - ok
19:44:29.0790 5356  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:44:29.0806 5356  aliide - ok
19:44:29.0837 5356  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:44:29.0853 5356  amdagp - ok
19:44:29.0868 5356  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
19:44:29.0884 5356  amdide - ok
19:44:29.0899 5356  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
19:44:30.0243 5356  AmdK7 - ok
19:44:30.0290 5356  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:44:30.0368 5356  AmdK8 - ok
19:44:30.0431 5356  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:44:30.0446 5356  AntiVirSchedulerService - ok
19:44:30.0509 5356  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:44:30.0524 5356  AntiVirService - ok
19:44:30.0696 5356  [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:44:30.0743 5356  AntiVirWebService - ok
19:44:30.0807 5356  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
19:44:30.0838 5356  Appinfo - ok
19:44:30.0916 5356  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:44:30.0947 5356  Apple Mobile Device - ok
19:44:31.0010 5356  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
19:44:31.0041 5356  arc - ok
19:44:31.0104 5356  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:44:31.0135 5356  arcsas - ok
19:44:31.0166 5356  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:31.0244 5356  AsyncMac - ok
19:44:31.0291 5356  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:44:31.0307 5356  atapi - ok
19:44:31.0416 5356  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:31.0588 5356  AudioEndpointBuilder - ok
19:44:31.0604 5356  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:44:31.0619 5356  Audiosrv - ok
19:44:31.0682 5356  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:44:31.0744 5356  avgntflt - ok
19:44:31.0776 5356  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:44:31.0808 5356  avipbb - ok
19:44:31.0823 5356  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:44:31.0839 5356  avkmgr - ok
19:44:31.0948 5356  [ 9BD46C1D2F33A890B7226EDF543F18AA ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe
19:44:31.0995 5356  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
19:44:31.0995 5356  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
19:44:32.0026 5356  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:44:32.0105 5356  Beep - ok
19:44:32.0245 5356  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
19:44:32.0370 5356  BFE - ok
19:44:32.0417 5356  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
19:44:32.0480 5356  BITS - ok
19:44:32.0480 5356  blbdrive - ok
19:44:32.0605 5356  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:44:32.0636 5356  Bonjour Service - ok
19:44:32.0714 5356  [ 746A7B624B5047FACEBE35B51AA1FE36 ] Boonty Games    C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
19:44:32.0776 5356  Boonty Games ( UnsignedFile.Multi.Generic ) - warning
19:44:32.0776 5356  Boonty Games - detected UnsignedFile.Multi.Generic (1)
19:44:32.0842 5356  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:44:32.0951 5356  bowser - ok
19:44:32.0983 5356  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:44:33.0092 5356  BrFiltLo - ok
19:44:33.0092 5356  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:44:33.0139 5356  BrFiltUp - ok
19:44:33.0186 5356  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
19:44:33.0279 5356  Browser - ok
19:44:33.0326 5356  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
19:44:33.0420 5356  Brserid - ok
19:44:33.0436 5356  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:44:33.0514 5356  BrSerWdm - ok
19:44:33.0545 5356  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:44:33.0701 5356  BrUsbMdm - ok
19:44:33.0733 5356  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:44:33.0826 5356  BrUsbSer - ok
19:44:33.0858 5356  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:44:33.0921 5356  BTHMODEM - ok
19:44:33.0968 5356  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:44:33.0999 5356  cdfs - ok
19:44:34.0030 5356  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:44:34.0077 5356  cdrom - ok
19:44:34.0140 5356  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:44:34.0187 5356  CertPropSvc - ok
19:44:34.0218 5356  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:44:34.0280 5356  circlass - ok
19:44:34.0374 5356  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
19:44:34.0405 5356  CLFS - ok
19:44:34.0515 5356  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:34.0577 5356  clr_optimization_v2.0.50727_32 - ok
19:44:34.0671 5356  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:34.0718 5356  clr_optimization_v4.0.30319_32 - ok
19:44:34.0733 5356  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:44:34.0749 5356  cmdide - ok
19:44:34.0780 5356  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:44:34.0796 5356  Compbatt - ok
19:44:34.0796 5356  COMSysApp - ok
19:44:34.0812 5356  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:44:34.0827 5356  crcdisk - ok
19:44:34.0859 5356  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
19:44:35.0000 5356  Crusoe - ok
19:44:35.0047 5356  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:44:35.0109 5356  CryptSvc - ok
19:44:35.0141 5356  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:44:35.0188 5356  DcomLaunch - ok
19:44:35.0234 5356  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:44:35.0297 5356  DfsC - ok
19:44:35.0438 5356  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
19:44:35.0625 5356  DFSR - ok
19:44:35.0672 5356  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:44:35.0703 5356  Dhcp - ok
19:44:35.0750 5356  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
19:44:35.0797 5356  disk - ok
19:44:35.0844 5356  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:44:35.0892 5356  Dnscache - ok
19:44:35.0939 5356  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:44:35.0954 5356  dot3svc - ok
19:44:35.0985 5356  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
19:44:36.0048 5356  Dot4 - ok
19:44:36.0064 5356  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:44:36.0095 5356  Dot4Print - ok
19:44:36.0126 5356  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
19:44:36.0173 5356  dot4usb - ok
19:44:36.0220 5356  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
19:44:36.0282 5356  DPS - ok
19:44:36.0329 5356  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:44:36.0376 5356  drmkaud - ok
19:44:36.0517 5356  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:44:36.0579 5356  DXGKrnl - ok
19:44:36.0610 5356  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
19:44:36.0673 5356  E1G60 - ok
19:44:36.0720 5356  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
19:44:36.0767 5356  EapHost - ok
19:44:36.0829 5356  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:44:36.0845 5356  Ecache - ok
19:44:36.0940 5356  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:44:37.0002 5356  ehRecvr - ok
19:44:37.0033 5356  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
19:44:37.0080 5356  ehSched - ok
19:44:37.0111 5356  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
19:44:37.0127 5356  ehstart - ok
19:44:37.0174 5356  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:44:37.0190 5356  elxstor - ok
19:44:37.0268 5356  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
19:44:37.0346 5356  EMDMgmt - ok
19:44:37.0424 5356  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
19:44:37.0471 5356  EventSystem - ok
19:44:37.0518 5356  [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
19:44:37.0565 5356  ewusbnet - ok
19:44:37.0611 5356  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
19:44:37.0643 5356  exfat - ok
19:44:37.0674 5356  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:44:37.0705 5356  fastfat - ok
19:44:37.0736 5356  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:44:37.0783 5356  fdc - ok
19:44:37.0830 5356  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:44:37.0925 5356  fdPHost - ok
19:44:37.0972 5356  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:44:38.0066 5356  FDResPub - ok
19:44:38.0159 5356  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:44:38.0253 5356  FileInfo - ok
19:44:38.0300 5356  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:44:38.0425 5356  Filetrace - ok
19:44:38.0472 5356  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:38.0519 5356  flpydisk - ok
19:44:38.0612 5356  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:44:38.0659 5356  FltMgr - ok
19:44:38.0816 5356  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
19:44:38.0926 5356  FontCache - ok
19:44:38.0973 5356  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:44:38.0988 5356  FontCache3.0.0.0 - ok
19:44:39.0035 5356  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:44:39.0176 5356  Fs_Rec - ok
19:44:39.0223 5356  [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
19:44:39.0254 5356  FWLANUSB - ok
19:44:39.0285 5356  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:44:39.0301 5356  gagp30kx - ok
19:44:39.0348 5356  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:44:39.0348 5356  GEARAspiWDM - ok
19:44:39.0520 5356  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:44:39.0598 5356  gpsvc - ok
19:44:39.0645 5356  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:39.0691 5356  HdAudAddService - ok
19:44:39.0848 5356  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:39.0926 5356  HDAudBus - ok
19:44:39.0958 5356  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:44:40.0036 5356  HidBth - ok
19:44:40.0067 5356  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:44:40.0130 5356  HidIr - ok
19:44:40.0177 5356  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
19:44:40.0208 5356  hidserv - ok
19:44:40.0239 5356  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:44:40.0271 5356  HidUsb - ok
19:44:40.0302 5356  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:44:40.0349 5356  hkmsvc - ok
19:44:40.0380 5356  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
19:44:40.0396 5356  HpCISSs - ok
19:44:40.0536 5356  [ 682358F730B84B63E09C6B4EDC1DE7AE ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:44:40.0583 5356  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:44:40.0583 5356  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:44:40.0614 5356  [ 2E7BEE4AA776CF1C37836B26D1D29403 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:44:40.0630 5356  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:44:40.0630 5356  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:44:40.0661 5356  HTCAND32 - ok
19:44:40.0692 5356  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:44:40.0771 5356  HTTP - ok
19:44:40.0802 5356  [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:44:40.0833 5356  hwdatacard - ok
19:44:40.0880 5356  [ 089085538885367E281686762A973EB5 ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
19:44:40.0911 5356  hwusbfake - ok
19:44:40.0945 5356  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
19:44:40.0980 5356  i2omp - ok
19:44:41.0026 5356  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:41.0058 5356  i8042prt - ok
19:44:41.0089 5356  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
19:44:41.0105 5356  iaStorV - ok
19:44:41.0167 5356  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:44:41.0261 5356  idsvc - ok
19:44:41.0308 5356  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:44:41.0323 5356  iirsp - ok
19:44:41.0370 5356  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:44:41.0433 5356  IKEEXT - ok
19:44:41.0464 5356  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:44:41.0480 5356  intelide - ok
19:44:41.0511 5356  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:44:41.0573 5356  intelppm - ok
19:44:41.0620 5356  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:44:41.0667 5356  IPBusEnum - ok
19:44:41.0698 5356  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:41.0745 5356  IpFilterDriver - ok
19:44:41.0776 5356  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:44:41.0823 5356  iphlpsvc - ok
19:44:41.0839 5356  IpInIp - ok
19:44:41.0855 5356  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
19:44:41.0933 5356  IPMIDRV - ok
19:44:41.0964 5356  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
19:44:42.0028 5356  IPNAT - ok
19:44:42.0091 5356  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:44:42.0107 5356  iPod Service56  SNMPTRAP - ok
19:44:56.0993 5356  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
19:44:57.0009 5356  spldr - ok
19:44:57.0056 5356  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
19:44:57.0103 5356  Spooler - ok
19:44:57.0165 5356  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:44:57.0228 5356  srv - ok
19:44:57.0307 5356  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:44:57.0385 5356  srv2 - ok
19:44:57.0416 5356  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:44:57.0479 5356  srvnet - ok
19:44:57.0510 5356  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:44:57.0541 5356  SSDPSRV - ok
19:44:57.0619 5356  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
19:44:57.0650 5356  ssmdrv - ok
19:44:57.0697 5356  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:44:57.0713 5356  SstpSvc - ok
19:44:57.0807 5356  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
19:44:57.0963 5356  stisvc - ok
19:44:57.0979 5356  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:44:57.0994 5356  swenum - ok
19:44:58.0104 5356  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
19:44:58.0182 5356  swprv - ok
19:44:58.0197 5356  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
19:44:58.0213 5356  Symc8xx - ok
19:44:58.0213 5356  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:44:58.0229 5356  Sym_hi - ok
19:44:58.0244 5356  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:44:58.0260 5356  Sym_u3 - ok
19:44:58.0403 5356  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
19:44:58.0497 5356  SysMain - ok
19:44:58.0513 5356  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:44:58.0575 5356  TabletInputService - ok
19:44:58.0607 5356  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:44:58.0622 5356  TapiSrv - ok
19:44:58.0669 5356  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
19:44:58.0778 5356  TBS - ok
19:44:58.0857 5356  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:44:58.0919 5356  Tcpip - ok
19:44:59.0169 5356  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:44:59.0263 5356  Tcpip6 - ok
19:44:59.0423 5356  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:44:59.0485 5356  tcpipreg - ok
19:44:59.0579 5356  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:45:00.0549 5356  TDPIPE - ok
19:45:00.0580 5356  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:45:00.0690 5356  TDTCP - ok
19:45:00.0736 5356  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:45:00.0815 5356  tdx - ok
19:45:00.0893 5356  [ 5D528200679C3B4595B4237E02C077D5 ] TelekomNM3      C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
19:45:00.0908 5356  TelekomNM3 - ok
19:45:01.0049 5356  [ 622FCF264119F7DF127BE353F796B319 ] TelevisionFanaticService C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
19:45:01.0065 5356  TelevisionFanaticService - ok
19:45:01.0111 5356  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:45:01.0127 5356  TermDD - ok
19:45:01.0205 5356  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
19:45:01.0397 5356  TermService - ok
19:45:01.0443 5356  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
19:45:01.0459 5356  Themes - ok
19:45:01.0475 5356  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:45:01.0490 5356  THREADORDER - ok
19:45:01.0631 5356  [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
19:45:01.0647 5356  TomTomHOMEService - ok
19:45:01.0678 5356  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
19:45:01.0725 5356  TrkWks - ok
19:45:01.0756 5356  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:45:01.0803 5356  TrustedInstaller - ok
19:45:01.0881 5356  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:01.0943 5356  tssecsrv - ok
19:45:01.0990 5356  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
19:45:02.0022 5356  tunmp - ok
19:45:02.0037 5356  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:45:02.0068 5356  tunnel - ok
19:45:02.0084 5356  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:45:02.0100 5356  uagp35 - ok
19:45:02.0131 5356  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:45:02.0162 5356  udfs - ok
19:45:02.0193 5356  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:45:02.0256 5356  UI0Detect - ok
19:45:02.0287 5356  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:45:02.0318 5356  uliagpkx - ok
19:45:02.0366 5356  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
19:45:02.0413 5356  uliahci - ok
19:45:02.0413 5356  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:45:02.0444 5356  UlSata - ok
19:45:02.0460 5356  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
19:45:02.0476 5356  ulsata2 - ok
19:45:02.0538 5356  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:45:02.0569 5356  umbus - ok
19:45:02.0632 5356  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
19:45:02.0679 5356  upnphost - ok
19:45:02.0710 5356  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:02.0757 5356  usbccgp - ok
19:45:02.0788 5356  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:45:02.0851 5356  usbcir - ok
19:45:02.0882 5356  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:45:02.0913 5356  usbehci - ok
19:45:02.0944 5356  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:45:02.0976 5356  usbhub - ok
19:45:03.0007 5356  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:45:03.0054 5356  usbohci - ok
19:45:03.0085 5356  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:45:03.0116 5356  usbprint - ok
19:45:03.0148 5356  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:45:03.0179 5356  usbscan - ok
19:45:03.0210 5356  [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser          C:\Windows\system32\drivers\usbser.sys
19:45:03.0226 5356  usbser - ok
19:45:03.0257 5356  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:03.0319 5356  USBSTOR - ok
19:45:03.0351 5356  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:45:03.0414 5356  usbuhci - ok
19:45:03.0461 5356  [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
19:45:03.0492 5356  usb_rndisx - ok
19:45:03.0539 5356  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
19:45:03.0555 5356  UxSms - ok
19:45:03.0602 5356  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
19:45:03.0680 5356  vds - ok
19:45:03.0711 5356  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:03.0758 5356  vga - ok
19:45:03.0820 5356  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:45:03.0899 5356  VgaSave - ok
19:45:03.0930 5356  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:45:03.0945 5356  viaagp - ok
19:45:03.0977 5356  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:45:04.0024 5356  ViaC7 - ok
19:45:04.0055 5356  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
19:45:04.0070 5356  viaide - ok
19:45:04.0102 5356  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:45:04.0117 5356  volmgr - ok
19:45:04.0164 5356  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:45:04.0195 5356  volmgrx - ok
19:45:04.0242 5356  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:45:04.0274 5356  volsnap - ok
19:45:04.0289 5356  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:45:04.0320 5356  vsmraid - ok
19:45:04.0352 5356  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
19:45:04.0493 5356  VSS - ok
19:45:04.0540 5356  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
19:45:04.0603 5356  W32Time - ok
19:45:04.0618 5356  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:45:04.0696 5356  WacomPen - ok
19:45:04.0743 5356  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:45:04.0806 5356  Wanarp - ok
19:45:04.0806 5356  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:45:04.0837 5356  Wanarpv6 - ok
19:45:04.0931 5356  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
19:45:04.0962 5356  WcesComm - ok
19:45:05.0009 5356  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:45:05.0118 5356  wcncsvc - ok
19:45:05.0165 5356  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:45:05.0243 5356  WcsPlugInService - ok
19:45:05.0321 5356  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
19:45:05.0353 5356  Wd - ok
19:45:05.0432 5356  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:45:05.0494 5356  Wdf01000 - ok
19:45:05.0572 5356  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:45:05.0604 5356  WdiServiceHost - ok
19:45:05.0635 5356  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:45:05.0650 5356  WdiSystemHost - ok
19:45:05.0682 5356  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
19:45:05.0744 5356  WebClient - ok
19:45:05.0791 5356  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:45:05.0854 5356  Wecsvc - ok
19:45:05.0885 5356  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:45:05.0900 5356  wercplsupport - ok
19:45:05.0947 5356  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:45:05.0979 5356  WerSvc - ok
19:45:06.0088 5356  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:45:06.0135 5356  WinDefend - ok
19:45:06.0135 5356  WinHttpAutoProxySvc - ok
19:45:06.0213 5356  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:45:06.0244 5356  Winmgmt - ok
19:45:06.0338 5356  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:45:06.0433 5356  WinRM - ok
19:45:06.0542 5356  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
19:45:06.0573 5356  winusb - ok
19:45:06.0667 5356  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:45:06.0776 5356  Wlansvc - ok
19:45:06.0808 5356  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:45:06.0855 5356  WmiAcpi - ok
19:45:06.0917 5356  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:45:06.0948 5356  wmiApSrv - ok
19:45:07.0026 5356  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:45:07.0089 5356  WMPNetworkSvc - ok
19:45:07.0151 5356  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:45:07.0214 5356  WPCSvc - ok
19:45:07.0276 5356  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:45:07.0339 5356  WPDBusEnum - ok
19:45:07.0434 5356  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
19:45:07.0449 5356  WpdUsb - ok
19:45:07.0746 5356  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:45:07.0824 5356  WPFFontCache_v0400 - ok
19:45:07.0856 5356  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:45:07.0902 5356  ws2ifsl - ok
19:45:07.0949 5356  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
19:45:07.0981 5356  wscsvc - ok
19:45:07.0996 5356  WSearch - ok
19:45:08.0199 5356  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:45:08.0356 5356  wuauserv - ok
19:45:08.0418 5356  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:45:08.0591 5356  WudfPf - ok
19:45:08.0622 5356  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:08.0653 5356  WUDFRd - ok
19:45:08.0716 5356  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:45:08.0794 5356  wudfsvc - ok
19:45:08.0825 5356  [ 4CAA1637520365C50331B454469DF58C ] [verify-U]      C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe
19:45:08.0857 5356  [verify-U] ( UnsignedFile.Multi.Generic ) - warning
19:45:08.0857 5356  [verify-U] - detected UnsignedFile.Multi.Generic (1)
19:45:08.0888 5356  [ A505FF145D2C056BE52BFA7670D09525 ] [verify-U]_System C:\Windows\system32\drivers\[verify-U]-driver.sys
19:45:08.0903 5356  [verify-U]_System ( UnsignedFile.Multi.Generic ) - warning
19:45:08.0903 5356  [verify-U]_System - detected UnsignedFile.Multi.Generic (1)
19:45:08.0919 5356  ================ Scan global ===============================
19:45:08.0950 5356  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:45:09.0028 5356  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:45:09.0060 5356  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:45:09.0169 5356  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:45:09.0169 5356  [Global] - ok
19:45:09.0169 5356  ================ Scan MBR ==================================
19:45:09.0216 5356  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:45:10.0827 5356  \Device\Harddisk0\DR0 - ok
19:45:10.0827 5356  ================ Scan VBR ==================================
19:45:10.0874 5356  [ 536ADA82F3A816018E5341513AE10B5D ] \Device\Harddisk0\DR0\Partition1
19:45:10.0874 5356  \Device\Harddisk0\DR0\Partition1 - ok
19:45:10.0890 5356  [ 8EF9928CB4A9AAEB46D13909E845F0CD ] \Device\Harddisk0\DR0\Partition2
19:45:10.0890 5356  \Device\Harddisk0\DR0\Partition2 - ok
19:45:10.0905 5356  [ 202C805365DE960547F09DA4D3E61290 ] \Device\Harddisk0\DR0\Partition3
19:45:10.0905 5356  \Device\Harddisk0\DR0\Partition3 - ok
19:45:10.0905 5356  ============================================================
19:45:10.0905 5356  Scan finished
19:45:10.0905 5356  ============================================================
19:45:10.0921 5348  Detected object count: 10
19:45:10.0921 5348  Actual detected object count: 10
19:45:23.0539 5348  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0539 5348  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:23.0555 5348  Boonty Games ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348  Boonty Games ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:23.0555 5348  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:23.0555 5348  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:23.0555 5348  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:23.0555 5348  Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348  Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:23.0555 5348  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:23.0555 5348  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:23.0555 5348  [verify-U] ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348  [verify-U] ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:45:23.0555 5348  [verify-U]_System ( UnsignedFile.Multi.Generic ) - skipped by user
19:45:23.0555 5348  [verify-U]_System ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 09.01.2013, 19:55   #13
markusg
/// Malware-holic
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



Hi
wird dieses Syste für Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem verwendet?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 19:57   #14
Yettex
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



ja wird es. ist der hauptrechner meiner eltern.

Alt 09.01.2013, 19:57   #15
markusg
/// Malware-holic
 
neuer Postbank-Trojaner - Standard

neuer Postbank-Trojaner



Ok
bank anrufen, Onlinebanking wegen zero access rootkit sperren lassen, notfall nummer:
116 116
da wir nicht garantieren können, dass wir das Stück sauber bekommen, das aber nötig ist fürs banking:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu neuer Postbank-Trojaner
adware, ausspioniert, browser, desktop, festplatte, firefox, home, infizierte, internet, log, malware, microsoft, modul, postbank, programm, prozesse, registry, services.exe, svchost.exe, trojaner, vista, warnung, windows, winlogon.exe, wlan, wmp



Ähnliche Themen: neuer Postbank-Trojaner


  1. Neuer Postbank Trojaner. Wie muss ich vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (31)
  2. Neuer Trojaner u.a. Postbank
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (3)
  3. 100-TAN-Trojaner Postbank
    Plagegeister aller Art und deren Bekämpfung - 23.08.2011 (4)
  4. Postbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (10)
  5. Postbank Trojaner
    Log-Analyse und Auswertung - 17.05.2011 (3)
  6. Postbank Trojaner - Tan-Abfrage
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (33)
  7. Postbank TAN Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (1)
  8. Postbank 20 TAN Abfrage Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (5)
  9. 20 TAN Trojaner Spardabank/Postbank
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (9)
  10. Trojaner Postbank 40 Tans
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (18)
  11. Postbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.02.2011 (10)
  12. 40 TAN Postbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.01.2011 (6)
  13. Postbank 100 Tan trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (6)
  14. 20 TAN Postbank Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (29)
  15. Postbank TAN-Trojaner
    Log-Analyse und Auswertung - 18.11.2010 (10)
  16. 30 TAN Trojaner (Postbank)
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (17)
  17. Postbank -> neuer Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.01.2005 (1)

Zum Thema neuer Postbank-Trojaner - Moin, ganz kurz: neue Postbankmasche. Auf ein Email-Postfach wurde eine Mail, dargestellt als offizielles von der Postbank, geschickt, mit externem Link (als Button). Auf der Seite soll nur die Mailadresse - neuer Postbank-Trojaner...
Archiv
Du betrachtest: neuer Postbank-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.