Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: zip. Anhang geöffnet TR/Matsnu.EB.101

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.02.2013, 20:48   #1
giz02
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Hallo zusammen.

Zuerst einmal,schön das es euch gibt :-)
Weiss nämlich nicht mehr weiter.

Nun hat es uns auch erwischt :-(. Wir haben gestern eine Mahnung per Email bekommen,das wir noch einen offenen Betrag zu begleichen haben.Die Rechnung war als zip. Datei im Anhang-Dummerweise wurde dieser Anhang geöffnet :-( kurze zeit später verschob mein Virenprogramm,Avira Antivir Free,den Trojaner TR/Matsnu.EB.101 aus:

Quelle:C:\Users\Giz\AppData\Local\Temp\Temp1_06.02.2013 Bestelldaten Ihrer Mahnung.zip\Lieferschein Ihrer Bestellung 06.02.2013.zip

und eine 2.Datei
ADWARE/Yontoo.E.1 aus:
Quelle:C:\Users\Giz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74XZETTC\yontoosetup[1].ex

in die Quarantäne.
Seit dem habe ich ständige Systemabstürze mit einem blauem Desktop und Fehlermeldungen.

Die Checkliste der verschiedenen Scans habe ich soweit durchgeführt:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:07 on 10/02/2013 (Giz)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


OTL Extras logfile created on: 2/10/2013 8:37:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Giz\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.75 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 67.87% Memory free
3.50 Gb Paging File | 2.01 Gb Available in Paging File | 57.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 47.59 Gb Free Space | 47.59% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 33.16 Gb Free Space | 26.99% Space Free | Partition Type: NTFS

Computer Name: GIZ-PC | User Name: Giz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.BU4WFSV3H6M4JN7DPOWR2R76ZA] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8038CD96-F38A-42A8-A370-4E42AF1E366A}" = rport=41952 | protocol=6 | dir=out | name=tversity |
"{845F9CEE-4551-4AE9-8FE4-D014A8329EDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDEACF16-C4BB-4D55-A49C-DEF5FD6163D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013B7906-1556-42A2-9789-AC8F6FB43829}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40171638-2984-40DF-AF7C-11C690596551}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4E140000-4765-49F7-8D58-149272800738}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6F070512-CC6F-4A8E-AFF2-D3D5321E3953}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F1176AD-B032-4807-B786-6C8A34EE3EB8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{79535E6A-67D8-4C6F-8CEB-9CC7D0DDA663}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{7AF5B2B2-2327-4ABA-88E4-370BD5BAEF11}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7C756BE0-D1FB-479C-B19E-7C6190FBA177}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9273E720-55AD-498F-A3AD-C81F302465A8}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{99E1D3F2-7150-4894-A146-792135081D3A}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{A41C7F57-E1BC-4D63-9B00-6F8514C99032}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{CB4C30CC-7049-4B53-8977-2B76D0EAA1BD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CF2D152F-40F5-45DC-BC58-32585F6FBB18}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F1D1D4A8-FB93-40C5-B2AF-BA09D8306046}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{FB390B75-572E-461B-918F-3DF12F267439}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDF3CF8C-2BC5-43CC-8971-589CE9A4A551}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{4270A8FF-B743-4189-9E88-71BD716494AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{97ACA1ED-66A7-4F34-8EDE-80FD08A32581}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{992EB7FA-9F01-431A-81F3-1143BC07BA23}C:\program files\atube catcher\yct.exe" = protocol=6 | dir=in | app=c:\program files\atube catcher\yct.exe |
"UDP Query User{3CE67A4C-D7DE-4958-95ED-4EA42BEB794A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9F104F62-6F82-4322-A82D-383A63AFD7E0}C:\program files\atube catcher\yct.exe" = protocol=17 | dir=in | app=c:\program files\atube catcher\yct.exe |
"UDP Query User{A34832E1-3369-444F-93E0-21129F273176}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21275B6A-333E-3EF6-E68D-B5F5B4B1F6BB}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2AD3FCB8-B812-1A51-D45F-0A71277347E6}" = CCC Help Finnish
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BB57D38-931A-02AB-7C19-B039C87156BA}" = CCC Help Hungarian
"{2D1A4418-8BC0-3805-7DD2-4993394000AE}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F2A0484-F9B4-AC18-1580-73A6DBD526D3}" = Catalyst Control Center Localization All
"{40FDA966-C08D-93FC-5B62-87B0305989D5}" = CCC Help Polish
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51D1EA4C-3EC5-4A29-8BB6-CC7D447CCFD0}" = CCC Help Japanese
"{5425B69E-410D-FF8E-6382-53914B29DB34}" = CCC Help French
"{5592F5BF-0A6D-77BE-31D9-A212800C153C}" = CCC Help German
"{5785EE0B-DA31-82C5-345A-6AC0721A5445}" = CCC Help Thai
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60D157A6-087B-ABE4-0B5D-69DCB6ADB4B2}" = CCC Help English
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67BCBB5E-9534-81D4-A489-47D8A3BE22BF}" = CCC Help Spanish
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{708FB213-9CA6-6865-BCEA-6A50206BC17E}" = CCC Help Portuguese
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{759688C0-D976-D3A6-0FF5-CB0EA763B217}" = CCC Help Czech
"{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = LivCam
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80198D8E-F593-17D6-26E7-DC4B66BABECD}" = Catalyst Control Center Graphics Light
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88632316-2F9C-7FAB-E867-C4DFBF79A84E}" = Catalyst Control Center Graphics Previews Vista
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B209A17-940A-D283-8F37-4D5276879CFF}" = CCC Help Korean
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8CBBD910-23F3-D39C-8B38-2AEDD6C366F5}" = ccc-core-static
"{8D1D606A-EF54-ADEE-13EF-4B77CBE389F0}" = Catalyst Control Center Graphics Full Existing
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{AB629EB8-ABB4-F0EF-3C00-CF9B48C283DC}" = Catalyst Control Center Graphics Full New
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
"{AEB7003F-AE66-23F2-20A2-F758446BE167}" = CCC Help Norwegian
"{BB761E7E-2635-4E12-A7E8-7431BE178953}" = Chrome toolbar by SweetPacks
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CC45D760-77CC-2B22-F691-3AC97C4BF788}" = CCC Help Greek
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD185B84-7A26-5EEF-2F05-0CEA3463E557}" = Catalyst Control Center Core Implementation
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1F43BEE-D0A4-400B-EFA4-134EC78C81F4}" = CCC Help Turkish
"{D7C66DC3-B601-E9F2-4157-D47E687C4539}" = CCC Help Dutch
"{D84424BF-5F86-D649-14F3-A8AEB768A5F7}" = CCC Help Russian
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2E28E25-79C1-5108-F7F4-EF42AE64711D}" = CCC Help Swedish
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E6C93A10-25F6-CEC8-8B11-AAC52F4E67A1}" = ATI Catalyst Install Manager
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D4A558-9D51-6ABF-7CA3-0EE1DB2ED48F}" = CCC Help Chinese Standard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA8D70EF-1D0D-C0FD-B0D8-9610D5381930}" = CCC Help Italian
"{FB8113BC-BB40-DEF0-C734-36697D1774C2}" = ccc-utility
"{FFA6BAD0-1B3D-E4B0-95FC-FBFABDCABEF5}" = CCC Help Chinese Traditional
"ACRYSH6_is1" = ArchiCrypt Shredder Version 6.0.9.5654
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"delta" = Delta toolbar
"DivX Setup.divx.com" = DivX-Setup
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Picasa 3" = Picasa 3
"PriceGong" = PriceGong 2.6.7
"Software Informer_is1" = Software Informer 1.0 BETA
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Sweet Home 3D" = Sweet Home 3D

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2013 2:26:10 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6614

Error - 1/27/2013 2:26:12 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/27/2013 2:26:12 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8065

Error - 1/27/2013 2:26:12 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8065

Error - 1/27/2013 2:26:13 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/27/2013 2:26:13 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9703

Error - 1/27/2013 2:26:13 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9703

Error - 1/27/2013 2:26:16 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/27/2013 2:26:16 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12636

Error - 1/27/2013 2:26:16 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12636

Error - 1/27/2013 4:26:03 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 2/10/2013 11:49:44 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 2/10/2013 11:52:06 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 2/10/2013 12:03:21 PM | Computer Name = Giz-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2/10/2013 12:05:01 PM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 2/10/2013 2:42:52 PM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.


< End of report >

OTL logfile created on: 2/10/2013 8:37:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Giz\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.75 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 67.87% Memory free
3.50 Gb Paging File | 2.01 Gb Available in Paging File | 57.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 47.59 Gb Free Space | 47.59% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 33.16 Gb Free Space | 26.99% Space Free | Partition Type: NTFS

Computer Name: GIZ-PC | User Name: Giz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/10 20:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe
PRC - [2013/02/10 05:07:10 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/10 05:06:50 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/02/10 05:06:46 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/10 05:06:45 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Giz\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/15 18:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012/08/07 15:10:02 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.exe
PRC - [2012/05/29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2012/05/15 12:54:52 | 000,181,824 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) -- C:\Program Files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe
PRC - [2012/04/17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/03/02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012/03/01 22:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareAgent.exe
PRC - [2011/12/14 12:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/12/14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/26 23:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/10/17 06:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/28 00:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/05 04:45:12 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/05 04:44:44 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/20 10:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/17 19:43:05 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll
MOD - [2013/01/17 19:43:02 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/17 19:42:49 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/17 19:42:48 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/17 19:42:47 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/17 19:42:45 | 006,610,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\bd5f32f9081b6307cadda7422145553e\System.Data.ni.dll
MOD - [2013/01/17 19:41:59 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/17 19:41:46 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/17 19:41:10 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/17 19:41:03 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab2d590a7a1566fe78e3275a90a30ceb\System.Configuration.ni.dll
MOD - [2013/01/17 19:41:01 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/17 19:40:51 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/01/16 17:26:01 | 002,212,304 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012/09/07 14:19:56 | 000,904,704 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012/08/07 15:11:00 | 000,041,472 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2012/08/07 15:11:00 | 000,028,672 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2012/08/07 15:10:58 | 000,062,464 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2012/08/07 15:10:58 | 000,012,288 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2012/08/07 15:10:58 | 000,010,240 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2012/08/07 15:10:58 | 000,009,728 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2012/08/07 15:10:58 | 000,007,168 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2012/08/07 15:10:00 | 000,025,088 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2012/08/07 15:09:56 | 000,028,672 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2012/08/07 15:09:40 | 001,267,712 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2012/08/07 15:09:32 | 000,007,168 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2012/08/07 15:09:28 | 000,559,616 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2012/08/07 15:09:16 | 000,073,216 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2012/08/07 15:09:12 | 000,040,960 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll
MOD - [2012/08/07 15:09:12 | 000,018,944 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2012/08/07 15:09:12 | 000,013,312 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2012/08/07 15:09:06 | 000,074,752 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2012/08/07 15:09:06 | 000,040,960 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2012/08/07 15:09:06 | 000,006,656 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2012/08/07 15:09:06 | 000,006,144 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2012/04/17 14:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 14:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 14:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 14:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2012/04/17 14:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 14:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 14:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 14:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:59:41 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/14 13:16:06 | 001,736,704 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.38390__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2010/01/14 13:16:06 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/01/14 13:16:06 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.38372__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/01/14 13:16:06 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/01/14 13:16:06 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/01/14 13:16:06 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll
MOD - [2010/01/14 13:16:06 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/01/14 13:16:06 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.38439__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/01/14 13:16:06 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.38381__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/01/14 13:16:06 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.38421__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/01/14 13:16:06 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/01/14 13:16:06 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.38458__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/01/14 13:16:06 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/01/14 13:16:06 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.38386__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/01/14 13:16:06 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2010/01/14 13:16:06 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.38381__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2010/01/14 13:16:05 | 000,950,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3503.38482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dash board.dll
MOD - [2010/01/14 13:16:05 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.38415__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/01/14 13:16:05 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.38392__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll
MOD - [2010/01/14 13:16:05 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.38434__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/01/14 13:16:05 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/01/14 13:16:05 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/01/14 13:16:05 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.38396__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/01/14 13:16:05 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/01/14 13:16:05 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/01/14 13:16:05 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll
MOD - [2010/01/14 13:16:05 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/01/14 13:16:05 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/01/14 13:16:05 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.38395__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll
MOD - [2010/01/14 13:16:05 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/01/14 13:16:05 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll
MOD - [2010/01/14 13:16:05 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/01/14 13:16:05 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3496.39091__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/01/14 13:16:05 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3496.39089__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3496.39100__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3496.39127__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3496.39099__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/01/14 13:16:05 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/01/14 13:16:04 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/01/14 13:16:04 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3496.39109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3496.39106__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/01/14 13:16:04 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3496.39122__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3496.39086__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/01/14 13:16:04 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3496.39096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3496.39087__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3496.39157__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3496.39121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l
MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3496.39099__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3496.39107__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l
MOD - [2010/01/14 13:16:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3496.39089__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3496.39102__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2010/01/14 13:16:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3496.39098__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3496.39098__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3496.39122__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3496.39090__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3496.39090__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/01/14 13:16:03 | 000,651,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3503.38481__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll
MOD - [2010/01/14 13:16:03 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.38452__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/01/14 13:16:03 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.38451__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/01/14 13:16:03 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.38463__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/01/14 13:16:03 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3496.39089__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/01/14 13:16:03 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3496.39090__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/01/14 13:16:03 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3496.39098__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/01/14 13:16:03 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.38368__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/01/14 13:16:02 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.38377__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/01/14 13:16:02 | 000,552,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3503.38447__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/01/14 13:16:02 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.38385__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/01/14 13:16:02 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3503.38370__90ba9c70f846762e\APM.Server.dll
MOD - [2010/01/14 13:16:02 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/01/14 13:16:02 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.38371__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/01/14 13:16:02 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3496.39100__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/01/14 13:16:02 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.38369__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/01/14 13:16:02 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/01/14 13:16:02 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/01/14 13:16:02 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/01/14 13:16:02 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3496.39099__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/01/14 13:16:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3496.39097__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/01/14 13:16:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3496.39110__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/01/14 13:16:02 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.38452__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/10/24 20:29:16 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Services (SafeList) ==========

SRV - [2013/02/10 13:00:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/10 05:07:10 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/10 05:06:46 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/01/16 17:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/05/15 12:54:52 | 000,181,824 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Program Files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe -- (ArchiCrypt Sichere Loeschzonen)
SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/03/02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012/03/02 16:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011/12/14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/08/05 04:44:44 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2013/02/10 05:07:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/02/10 05:07:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/02/10 05:07:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/02/10 05:07:19 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/06/23 09:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/10/26 22:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/10/06 11:34:00 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/10/05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/02 06:33:24 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/08/05 05:22:18 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/27 08:06:45 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/20 10:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/01 05:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/06/05 12:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/05/05 15:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=52366ec60000000000001c4bd660b0f8
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=52366ec60000000000001c4bd660b0f8
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=52366ec60000000000001c4bd660b0f8
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=06cd9f6f-ddcb-44d5-9f0c-a2e1d1e0dd78&apn_sauid=E218CB8E-98FB-41FC-923F-DC23035217A2&
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/15 20:24:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/15 20:24:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.7\FF [2012/09/07 14:21:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/02/10 07:24:03 | 000,000,000 | ---D | M]

[2013/02/10 07:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giz\AppData\Roaming\mozilla\firefox\Profiles\extensions
[2012/12/13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Giz\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2011/10/14 09:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/05/13 16:03:36 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2010/05/13 09:26:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 10:51:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 10:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 16:14:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/18 11:28:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/07 10:22:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/08 14:17:19 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=52366ec60000000000001c4bd660b0f8
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Mozilla Plugins\npitunes.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Giz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Movie2kDownloader = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Logitech-Ger\u00E4teerkennung = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Delta Toolbar = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: DivX HiQ = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: BrowserProtect = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: Google Mail = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Movie2kDownloader = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Logitech-Ger\u00E4teerkennung = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Delta Toolbar = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: DivX HiQ = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: BrowserProtect = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: Google Mail = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001..\Run: [Browser Infrastructure Helper] C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Giz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09ABA583-D6D1-4135-BBA0-D6CF7BD51A5D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5E5214-9647-4B53-AB4F-8A1DFADE3032}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\boingo wi-fi.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\boingofinder.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\eeesplendid.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\javaw.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\javaws.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\quickstart.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sbase.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\scalc.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sdraw.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\simpress.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\smath.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\soffice.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\swriter.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\udtstart.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{af22b166-d6bf-11df-adb6-e0cb4ea20420}\Shell - "" = AutoRun
O33 - MountPoints2\{af22b166-d6bf-11df-adb6-e0cb4ea20420}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/10 20:02:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe
[2013/02/10 18:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/10 18:04:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/02/10 18:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/10 16:28:53 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\MigWiz
[2013/02/10 11:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/02/10 11:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013/02/10 11:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013/02/10 08:37:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/10 07:24:17 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins
[2013/02/10 07:24:17 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions
[2013/02/10 07:24:15 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/02/10 07:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/02/10 07:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/02/10 07:23:43 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Delta
[2013/02/10 07:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/02/10 07:22:37 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Babylon
[2013/02/10 07:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/02/10 07:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com
[2013/02/10 07:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com
[2013/02/10 05:21:53 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Avira
[2013/02/10 05:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/02/10 05:15:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013/02/10 05:15:42 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013/02/10 05:15:42 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013/02/10 05:15:42 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013/02/10 05:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/02/10 05:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/02/09 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Malwarebytes
[2013/02/09 14:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/09 12:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArchiCrypt
[2013/02/09 12:55:15 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\ACShredder6
[2013/02/09 12:54:49 | 001,629,744 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt) -- C:\windows\System32\Shredder.dll
[2013/02/09 12:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\ArchiCrypt
[2013/02/09 12:54:20 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\Programs

========== Files - Modified Within 30 Days ==========

[2013/02/10 20:18:06 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001UA.job
[2013/02/10 20:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe
[2013/02/10 20:01:37 | 000,000,000 | ---- | M] () -- C:\Users\Giz\defogger_reenable
[2013/02/10 20:00:28 | 000,050,477 | ---- | M] () -- C:\Users\Giz\Desktop\Defogger.exe
[2013/02/10 20:00:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/10 19:42:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/10 18:04:31 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/02/10 17:12:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/10 17:12:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/10 16:47:02 | 245,976,301 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/02/10 08:37:57 | 000,007,597 | ---- | M] () -- C:\Users\Giz\AppData\Local\Resmon.ResmonCfg
[2013/02/10 08:18:08 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001Core.job
[2013/02/10 05:07:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013/02/10 05:07:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013/02/10 05:07:20 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013/02/10 05:07:19 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013/02/09 15:04:10 | 000,001,045 | ---- | M] () -- C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/09 15:03:36 | 000,001,009 | ---- | M] () -- C:\Users\Giz\Desktop\Dropbox.lnk
[2013/02/09 13:47:26 | 000,033,134 | ---- | M] () -- C:\Users\Giz\AppData\Roaming\UserTile.png
[2013/02/04 18:00:24 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/02/04 18:00:24 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/02/04 18:00:24 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/02/04 18:00:24 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/02/01 17:52:39 | 000,002,352 | ---- | M] () -- C:\Users\Giz\Desktop\Google Chrome.lnk
[2013/01/17 19:29:43 | 000,358,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/10 20:01:37 | 000,000,000 | ---- | C] () -- C:\Users\Giz\defogger_reenable
[2013/02/10 20:00:25 | 000,050,477 | ---- | C] () -- C:\Users\Giz\Desktop\Defogger.exe
[2013/02/10 18:04:31 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/02/10 12:15:08 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/09 13:47:26 | 000,033,134 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\UserTile.png
[2011/05/29 09:37:22 | 000,007,597 | ---- | C] () -- C:\Users\Giz\AppData\Local\Resmon.ResmonCfg
[2011/02/27 14:03:31 | 000,532,480 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Sony.dll
[2010/07/20 15:58:03 | 000,937,426 | ---- | C] () -- C:\Users\Giz\Schulplan.pdf
[2010/07/01 20:05:25 | 000,066,675 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\mdbu.bin
[2010/06/17 18:42:28 | 000,003,584 | ---- | C] () -- C:\Users\Giz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 22:41:29 | 000,001,018 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\wklnhst.dat
[2010/01/14 13:45:12 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/14 15:02:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010/01/14 15:02:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2013/02/09 13:01:29 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\ACShredder6
[2012/11/06 13:56:29 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Amazon
[2012/03/07 19:49:28 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Asus
[2013/02/10 07:22:37 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Babylon
[2012/04/12 20:19:27 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\cacaoweb
[2013/02/10 07:24:18 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Delta
[2013/02/10 17:05:13 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Dropbox
[2010/04/14 09:56:27 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\EeeStorageUploader
[2010/06/10 09:45:05 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Free Download Manager
[2010/12/14 14:13:23 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\GHISLER
[2012/09/21 12:07:50 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\HTC
[2012/09/22 12:50:57 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/01/15 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Local
[2011/07/13 13:46:15 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\OpenCandy
[2011/09/03 11:56:04 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\OpenOffice.org
[2011/12/19 20:29:09 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\PhotoScape
[2010/09/26 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\PMS
[2012/10/22 15:14:16 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Samsung
[2010/06/07 07:50:32 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Software Informer
[2010/04/14 10:01:27 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\temp
[2010/06/08 20:34:06 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Template
[2011/12/20 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\TuneUp Software
[2011/10/12 22:21:01 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\UDC Profiles
[2010/06/08 14:30:03 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\VoiceCommand
[2010/10/25 18:32:01 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\WinAVI

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >


Den gmer.exe Scan konnte ich nicht durchführen,da ich während des Scans den besagten Systemabsturz bekomme.

Ich hoffe ihr könnt mir da weiterhelfen?!

Danke im Voraus!

Alt 12.02.2013, 14:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 12.02.2013, 18:20   #3
giz02
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Hallo.
Vielen Dank für die Antwort.

hier die Logfiles:
mbar:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.12.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Giz :: GIZ-PC [administrator]

12.02.2013 18:28:36
mbar-log-2013-02-12 (18-28-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29351
Time elapsed: 23 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 18:34:21
-----------------------------
18:34:21.840    OS Version: Windows 6.1.7601 Service Pack 1
18:34:21.840    Number of processors: 1 586 0x7F02
18:34:21.844    ComputerName: GIZ-PC  UserName: Giz
18:34:22.833    Initialize success
18:35:22.433    AVAST engine defs: 13021200
18:36:03.349    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
18:36:03.357    Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 11
18:36:03.395    Disk 0 MBR read successfully
18:36:03.407    Disk 0 MBR scan
18:36:03.504    Disk 0 Windows 7 default MBR code
18:36:03.526    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102400 MB offset 2048
18:36:03.578    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       125815 MB offset 209717248
18:36:03.637    Disk 0 Partition 3 00     1B   Hidd FAT32 MSDOS5.0    10240 MB offset 467386368
18:36:03.684    Disk 0 Partition 4 00     EF      EFI FAT    A1478       16 MB offset 488357888
18:36:03.748    Disk 0 scanning sectors +488392065
18:36:03.896    Disk 0 scanning C:\windows\system32\drivers
18:36:39.963    Service scanning
18:37:41.919    Modules scanning
18:38:01.140    Disk 0 trace - called modules:
18:38:01.196    ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys halmacpi.dll amdsata.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys 
18:38:01.225    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d955f0]
18:38:01.250    3 CLASSPNP.SYS[8878959e] -> nt!IofCallDriver -> [0x85d5c468]
18:38:01.263    5 amdxata.sys[83a017b6] -> nt!IofCallDriver -> \Device\0000005a[0x85c39258]
18:38:02.623    AVAST engine scan C:\windows
18:38:06.998    AVAST engine scan C:\windows\system32
18:46:51.135    AVAST engine scan C:\windows\system32\drivers
18:47:21.340    AVAST engine scan C:\Users\Giz
19:00:09.040    AVAST engine scan C:\ProgramData
19:02:30.320    Scan finished successfully
19:05:49.334    Disk 0 MBR has been saved successfully to "C:\Users\Giz\Desktop\MBR.dat"
19:05:49.345    The log file has been saved successfully to "C:\Users\Giz\Desktop\aswMBR.txt"
         
Gruss
__________________

Alt 13.02.2013, 08:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Falls also vorhanden, bitte alle Logs nachreichen.

Bitte anschließend Logs mit GMER (<<< klick für Anleitung) und TDSS-Killer (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur den TDSS-Killer aus.

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.02.2013, 15:21   #5
giz02
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Hi.Hier noch weitere Logs:
malwarebytes:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.09.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.7601.17514
Giz :: GIZ-PC [Administrator]

10.02.2013 03:56:30
mbam-log-2013-02-10 (03-56-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 318225
Laufzeit: 50 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Giz\Downloads\programme,setups,sonstiges\installer_sonicstage_4_3_Deutsch.exe (PUP.SmsPay.PGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.09.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Giz :: GIZ-PC [Administrator]

09.02.2013 15:04:17
mbam-log-2013-02-09 (15-04-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212554
Laufzeit: 14 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.09.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.7601.17514
Giz :: GIZ-PC [Administrator]

10.02.2013 03:56:30
MBAM-log-2013-02-10 (04-51-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 318225
Laufzeit: 50 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Giz\Downloads\programme,setups,sonstiges\installer_sonicstage_4_3_Deutsch.exe (PUP.SmsPay.PGen) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.10.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Giz :: GIZ-PC [Administrator]

10.02.2013 19:31:26
mbam-log-2013-02-10 (19-31-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213778
Laufzeit: 20 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
AVIRA:

Code:
ATTFilter
Exportierte Ereignisse:

10.02.2013 10:42 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Giz\AppData\Local\Temp\Temp1_06.02.2013 Bestelldaten Ihrer 
      Mahnung.zip\Lieferschein Ihrer Bestellung 06.02.2013.zip'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Matsnu.EB.101' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d36c7ab.qua' 
      verschoben!

10.02.2013 07:24 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Giz\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Content.IE5\74XZETTC\yontoosetup[1].exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5415a292.qua' 
      verschoben!

10.02.2013 07:22 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Giz\AppData\Local\Temp\50B07035\YontooSetup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

10.02.2013 07:22 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Giz\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Content.IE5\74XZETTC\yontoosetup[1].exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

10.02.2013 07:21 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Giz\AppData\Local\Temp\50B07035\up.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

10.02.2013 07:21 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Giz\AppData\Local\Temp\50B07035\YontooSetup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner
         
TDSSkiller:
Code:
ATTFilter
16:13:54.0819 1784  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:13:55.0059 1784  ============================================================
16:13:55.0059 1784  Current date / time: 2013/02/13 16:13:55.0059
16:13:55.0060 1784  SystemInfo:
16:13:55.0060 1784  
16:13:55.0060 1784  OS Version: 6.1.7601 ServicePack: 1.0
16:13:55.0060 1784  Product type: Workstation
16:13:55.0060 1784  ComputerName: GIZ-PC
16:13:55.0061 1784  UserName: Giz
16:13:55.0061 1784  Windows directory: C:\windows
16:13:55.0061 1784  System windows directory: C:\windows
16:13:55.0061 1784  Processor architecture: Intel x86
16:13:55.0061 1784  Number of processors: 1
16:13:55.0061 1784  Page size: 0x1000
16:13:55.0061 1784  Boot type: Normal boot
16:13:55.0061 1784  ============================================================
16:13:57.0513 1784  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:13:57.0530 1784  ============================================================
16:13:57.0530 1784  \Device\Harddisk0\DR0:
16:13:57.0538 1784  MBR partitions:
16:13:57.0538 1784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
16:13:57.0538 1784  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xF5BB800
16:13:57.0539 1784  ============================================================
16:13:57.0588 1784  C: <-> \Device\Harddisk0\DR0\Partition1
16:13:57.0633 1784  D: <-> \Device\Harddisk0\DR0\Partition2
16:13:57.0640 1784  ============================================================
16:13:57.0640 1784  Initialize success
16:13:57.0640 1784  ============================================================
16:16:12.0533 3328  ============================================================
16:16:12.0534 3328  Scan started
16:16:12.0534 3328  Mode: Manual; SigCheck; TDLFS; 
16:16:12.0534 3328  ============================================================
16:16:14.0226 3328  ================ Scan system memory ========================
16:16:14.0226 3328  System memory - ok
16:16:14.0240 3328  ================ Scan services =============================
16:16:14.0495 3328  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:16:14.0742 3328  1394ohci - ok
16:16:14.0798 3328  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:16:14.0835 3328  ACPI - ok
16:16:14.0877 3328  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:16:15.0010 3328  AcpiPmi - ok
16:16:15.0117 3328  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:16:15.0227 3328  AdobeFlashPlayerUpdateSvc - ok
16:16:15.0305 3328  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
16:16:15.0469 3328  adp94xx - ok
16:16:15.0545 3328  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
16:16:15.0682 3328  adpahci - ok
16:16:15.0763 3328  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
16:16:15.0892 3328  adpu320 - ok
16:16:15.0927 3328  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:16:16.0022 3328  AeLookupSvc - ok
16:16:16.0074 3328  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
16:16:16.0211 3328  AFD - ok
16:16:16.0242 3328  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
16:16:16.0281 3328  agp440 - ok
16:16:16.0346 3328  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
16:16:16.0384 3328  aic78xx - ok
16:16:16.0438 3328  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
16:16:16.0548 3328  ALG - ok
16:16:16.0607 3328  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
16:16:16.0658 3328  aliide - ok
16:16:16.0732 3328  [ 6887351BF7ADAFEB7A324CAE6AAFE598 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:16:16.0886 3328  AMD External Events Utility - ok
16:16:16.0943 3328  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
16:16:17.0041 3328  amdagp - ok
16:16:17.0131 3328  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
16:16:17.0219 3328  amdide - ok
16:16:17.0297 3328  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
16:16:17.0391 3328  AmdK8 - ok
16:16:17.0464 3328  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
16:16:17.0565 3328  AmdPPM - ok
16:16:17.0627 3328  [ 6F64C768A9A48FAB7C6D6CEE1B30F97F ] amdsata         C:\windows\system32\DRIVERS\amdsata.sys
16:16:17.0695 3328  amdsata - ok
16:16:17.0758 3328  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
16:16:17.0821 3328  amdsbs - ok
16:16:17.0855 3328  [ E27866684780606BCCE640A57937D88A ] amdxata         C:\windows\system32\DRIVERS\amdxata.sys
16:16:17.0904 3328  amdxata - ok
16:16:18.0066 3328  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:16:18.0095 3328  AntiVirSchedulerService - ok
16:16:18.0209 3328  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:16:18.0267 3328  AntiVirService - ok
16:16:18.0362 3328  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
16:16:18.0728 3328  AppID - ok
16:16:18.0795 3328  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:16:18.0972 3328  AppIDSvc - ok
16:16:19.0017 3328  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
16:16:19.0077 3328  Appinfo - ok
16:16:19.0184 3328  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:16:19.0209 3328  Apple Mobile Device - ok
16:16:19.0247 3328  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
16:16:19.0288 3328  arc - ok
16:16:19.0421 3328  [ EFB2008E95D9909EBA7848B9A2EAFFD3 ] ArchiCrypt Sichere Loeschzonen C:\Program Files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe
16:16:19.0450 3328  ArchiCrypt Sichere Loeschzonen - ok
16:16:19.0499 3328  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
16:16:19.0595 3328  arcsas - ok
16:16:19.0668 3328  [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
16:16:19.0763 3328  AsUpIO - ok
16:16:19.0836 3328  [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService     C:\Windows\System32\AsusService.exe
16:16:19.0913 3328  AsusService ( UnsignedFile.Multi.Generic ) - warning
16:16:19.0913 3328  AsusService - detected UnsignedFile.Multi.Generic (1)
16:16:19.0980 3328  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:16:20.0249 3328  AsyncMac - ok
16:16:20.0316 3328  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
16:16:20.0397 3328  atapi - ok
16:16:20.0487 3328  [ B01751CC563AECAC09BBE36AAA21FBEF ] athr            C:\windows\system32\DRIVERS\athr.sys
16:16:20.0664 3328  athr - ok
16:16:20.0917 3328  [ BCB9CF3B087DD15A8F33A149296E6183 ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
16:16:21.0476 3328  atikmdag - ok
16:16:21.0533 3328  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\windows\system32\DRIVERS\AtiPcie.sys
16:16:21.0583 3328  AtiPcie - ok
16:16:21.0668 3328  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:16:21.0730 3328  AudioEndpointBuilder - ok
16:16:21.0756 3328  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
16:16:21.0813 3328  Audiosrv - ok
16:16:21.0889 3328  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
16:16:21.0983 3328  avgntflt - ok
16:16:22.0074 3328  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
16:16:22.0207 3328  avipbb - ok
16:16:22.0277 3328  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
16:16:22.0370 3328  avkmgr - ok
16:16:22.0478 3328  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:16:22.0683 3328  AxInstSV - ok
16:16:22.0748 3328  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
16:16:22.0853 3328  b06bdrv - ok
16:16:22.0901 3328  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
16:16:23.0001 3328  b57nd60x - ok
16:16:23.0104 3328  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
16:16:23.0202 3328  BDESVC - ok
16:16:23.0238 3328  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
16:16:23.0375 3328  Beep - ok
16:16:23.0521 3328  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
16:16:23.0766 3328  BFE - ok
16:16:23.0854 3328  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
16:16:23.0941 3328  BITS - ok
16:16:23.0972 3328  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:16:24.0060 3328  blbdrive - ok
16:16:24.0166 3328  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:16:24.0201 3328  Bonjour Service - ok
16:16:24.0259 3328  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:16:24.0399 3328  bowser - ok
16:16:24.0461 3328  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
16:16:24.0624 3328  BrFiltLo - ok
16:16:24.0680 3328  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
16:16:24.0816 3328  BrFiltUp - ok
16:16:24.0884 3328  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
16:16:24.0976 3328  Browser - ok
16:16:25.0180 3328  [ 639838B4BD0ED95F308650B910E3EC82 ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
16:16:25.0348 3328  BrowserProtect - ok
16:16:25.0406 3328  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:16:25.0568 3328  Brserid - ok
16:16:25.0619 3328  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:16:25.0720 3328  BrSerWdm - ok
16:16:25.0767 3328  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:16:25.0939 3328  BrUsbMdm - ok
16:16:25.0979 3328  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:16:26.0081 3328  BrUsbSer - ok
16:16:26.0164 3328  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
16:16:26.0382 3328  BthEnum - ok
16:16:26.0446 3328  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
16:16:26.0588 3328  BTHMODEM - ok
16:16:26.0652 3328  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
16:16:26.0813 3328  BthPan - ok
16:16:26.0901 3328  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
16:16:27.0106 3328  BTHPORT - ok
16:16:27.0172 3328  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
16:16:27.0354 3328  bthserv - ok
16:16:27.0409 3328  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
16:16:27.0496 3328  BTHUSB - ok
16:16:27.0548 3328  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\windows\system32\drivers\btusbflt.sys
16:16:27.0600 3328  btusbflt - ok
16:16:27.0619 3328  btwaudio - ok
16:16:27.0656 3328  btwavdt - ok
16:16:27.0677 3328  btwl2cap - ok
16:16:27.0698 3328  btwrchid - ok
16:16:27.0734 3328  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:16:27.0828 3328  cdfs - ok
16:16:27.0889 3328  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
16:16:27.0973 3328  cdrom - ok
16:16:28.0035 3328  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
16:16:28.0112 3328  CertPropSvc - ok
16:16:28.0164 3328  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
16:16:28.0226 3328  circlass - ok
16:16:28.0276 3328  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
16:16:28.0317 3328  CLFS - ok
16:16:28.0389 3328  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:16:28.0445 3328  clr_optimization_v2.0.50727_32 - ok
16:16:28.0525 3328  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:16:28.0573 3328  clr_optimization_v4.0.30319_32 - ok
16:16:28.0612 3328  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:16:28.0701 3328  CmBatt - ok
16:16:28.0751 3328  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:16:28.0842 3328  cmdide - ok
16:16:28.0927 3328  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
16:16:29.0143 3328  CNG - ok
16:16:29.0226 3328  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
16:16:29.0295 3328  Compbatt - ok
16:16:29.0377 3328  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
16:16:29.0512 3328  CompositeBus - ok
16:16:29.0572 3328  COMSysApp - ok
16:16:29.0627 3328  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
16:16:29.0753 3328  crcdisk - ok
16:16:29.0864 3328  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:16:29.0954 3328  CryptSvc - ok
16:16:30.0055 3328  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
16:16:30.0181 3328  DcomLaunch - ok
16:16:30.0223 3328  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
16:16:30.0308 3328  defragsvc - ok
16:16:30.0401 3328  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:16:30.0568 3328  DfsC - ok
16:16:30.0680 3328  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
16:16:30.0848 3328  Dhcp - ok
16:16:30.0914 3328  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
16:16:31.0079 3328  discache - ok
16:16:31.0153 3328  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
16:16:31.0291 3328  Disk - ok
16:16:31.0339 3328  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:16:31.0413 3328  Dnscache - ok
16:16:31.0479 3328  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
16:16:31.0590 3328  dot3svc - ok
16:16:31.0644 3328  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
16:16:31.0729 3328  DPS - ok
16:16:31.0765 3328  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:16:31.0844 3328  drmkaud - ok
16:16:31.0894 3328  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:16:32.0014 3328  DXGKrnl - ok
16:16:32.0054 3328  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
16:16:32.0136 3328  EapHost - ok
16:16:32.0251 3328  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
16:16:32.0445 3328  ebdrv - ok
16:16:32.0500 3328  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
16:16:32.0583 3328  EFS - ok
16:16:32.0672 3328  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:16:32.0889 3328  ehRecvr - ok
16:16:32.0944 3328  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
16:16:33.0107 3328  ehSched - ok
16:16:33.0187 3328  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
16:16:33.0326 3328  elxstor - ok
16:16:33.0357 3328  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:16:33.0436 3328  ErrDev - ok
16:16:33.0517 3328  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
16:16:33.0615 3328  EventSystem - ok
16:16:33.0651 3328  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
16:16:33.0755 3328  exfat - ok
16:16:33.0805 3328  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:16:33.0942 3328  fastfat - ok
16:16:34.0019 3328  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
16:16:34.0079 3328  Fax - ok
16:16:34.0114 3328  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
16:16:34.0200 3328  fdc - ok
16:16:34.0265 3328  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
16:16:34.0455 3328  fdPHost - ok
16:16:34.0503 3328  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
16:16:34.0667 3328  FDResPub - ok
16:16:34.0739 3328  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:16:34.0777 3328  FileInfo - ok
16:16:34.0804 3328  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:16:34.0906 3328  Filetrace - ok
16:16:34.0930 3328  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
16:16:34.0980 3328  flpydisk - ok
16:16:35.0019 3328  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:16:35.0092 3328  FltMgr - ok
16:16:35.0163 3328  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
16:16:35.0278 3328  FontCache - ok
16:16:35.0348 3328  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:16:35.0383 3328  FontCache3.0.0.0 - ok
16:16:35.0412 3328  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:16:35.0469 3328  FsDepends - ok
16:16:35.0546 3328  [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
16:16:35.0585 3328  fssfltr - ok
16:16:35.0663 3328  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:16:35.0869 3328  fsssvc - ok
16:16:35.0953 3328  [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk     C:\windows\system32\FsUsbExDisk.SYS
16:16:36.0042 3328  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
16:16:36.0042 3328  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
16:16:36.0101 3328  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:16:36.0189 3328  Fs_Rec - ok
16:16:36.0299 3328  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:16:36.0463 3328  fvevol - ok
16:16:36.0546 3328  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
16:16:36.0649 3328  gagp30kx - ok
16:16:36.0732 3328  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:16:36.0837 3328  GEARAspiWDM - ok
16:16:36.0925 3328  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
16:16:37.0168 3328  gpsvc - ok
16:16:37.0254 3328  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:16:37.0356 3328  gusvc - ok
16:16:37.0412 3328  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:16:37.0546 3328  hcw85cir - ok
16:16:37.0606 3328  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:16:37.0706 3328  HdAudAddService - ok
16:16:37.0743 3328  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
16:16:37.0786 3328  HDAudBus - ok
16:16:37.0835 3328  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
16:16:37.0881 3328  HidBatt - ok
16:16:37.0917 3328  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
16:16:37.0972 3328  HidBth - ok
16:16:38.0022 3328  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
16:16:38.0113 3328  HidIr - ok
16:16:38.0145 3328  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
16:16:38.0222 3328  hidserv - ok
16:16:38.0278 3328  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:16:38.0335 3328  HidUsb - ok
16:16:38.0389 3328  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:16:38.0469 3328  hkmsvc - ok
16:16:38.0504 3328  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:16:38.0629 3328  HomeGroupListener - ok
16:16:38.0686 3328  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:16:38.0745 3328  HomeGroupProvider - ok
16:16:38.0803 3328  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:16:38.0861 3328  HpSAMD - ok
16:16:38.0950 3328  [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32        C:\windows\system32\Drivers\ANDROIDUSB.sys
16:16:39.0089 3328  HTCAND32 - ok
16:16:39.0196 3328  [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot        C:\windows\system32\DRIVERS\htcnprot.sys
16:16:39.0327 3328  htcnprot - ok
16:16:39.0440 3328  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:16:39.0583 3328  HTTP - ok
16:16:39.0617 3328  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:16:39.0676 3328  hwpolicy - ok
16:16:39.0747 3328  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
16:16:39.0808 3328  i8042prt - ok
16:16:39.0858 3328  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:16:39.0990 3328  iaStorV - ok
16:16:40.0126 3328  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:16:40.0189 3328  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:16:40.0189 3328  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:16:40.0312 3328  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:16:40.0585 3328  idsvc - ok
16:16:40.0793 3328  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
16:16:41.0114 3328  igfx - ok
16:16:41.0171 3328  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
16:16:41.0236 3328  iirsp - ok
16:16:41.0329 3328  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
16:16:41.0434 3328  IKEEXT - ok
16:16:41.0561 3328  [ DB96B8BD676BB24BD4F1DC53CA1F182C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
16:16:41.0761 3328  IntcAzAudAddService - ok
16:16:41.0803 3328  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
16:16:41.0863 3328  intelide - ok
16:16:41.0929 3328  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:16:41.0980 3328  intelppm - ok
16:16:42.0020 3328  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:16:42.0102 3328  IPBusEnum - ok
16:16:42.0133 3328  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:16:42.0220 3328  IpFilterDriver - ok
16:16:42.0297 3328  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:16:42.0383 3328  iphlpsvc - ok
16:16:42.0442 3328  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:16:42.0504 3328  IPMIDRV - ok
16:16:42.0551 3328  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:16:42.0628 3328  IPNAT - ok
16:16:42.0716 3328  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:16:42.0820 3328  iPod Service - ok
16:16:42.0864 3328  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:16:43.0015 3328  IRENUM - ok
16:16:43.0064 3328  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:16:43.0173 3328  isapnp - ok
16:16:43.0252 3328  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:16:43.0385 3328  iScsiPrt - ok
16:16:43.0460 3328  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
16:16:43.0566 3328  kbdclass - ok
16:16:43.0643 3328  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
16:16:43.0770 3328  kbdhid - ok
16:16:43.0848 3328  [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr         C:\windows\system32\DRIVERS\kbfiltr.sys
16:16:43.0937 3328  kbfiltr - ok
16:16:43.0987 3328  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
16:16:44.0049 3328  KeyIso - ok
16:16:44.0110 3328  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:16:44.0199 3328  KSecDD - ok
16:16:44.0242 3328  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:16:44.0305 3328  KSecPkg - ok
16:16:44.0362 3328  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
16:16:44.0494 3328  KtmRm - ok
16:16:44.0542 3328  [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C             C:\windows\system32\DRIVERS\L1C62x86.sys
16:16:44.0636 3328  L1C - ok
16:16:44.0678 3328  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
16:16:44.0761 3328  LanmanServer - ok
16:16:44.0806 3328  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:16:44.0894 3328  LanmanWorkstation - ok
16:16:44.0980 3328  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:16:45.0114 3328  lltdio - ok
16:16:45.0196 3328  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:16:45.0350 3328  lltdsvc - ok
16:16:45.0402 3328  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
16:16:45.0574 3328  lmhosts - ok
16:16:45.0666 3328  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
16:16:45.0785 3328  LSI_FC - ok
16:16:45.0829 3328  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
16:16:45.0884 3328  LSI_SAS - ok
16:16:45.0931 3328  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
16:16:45.0997 3328  LSI_SAS2 - ok
16:16:46.0040 3328  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
16:16:46.0080 3328  LSI_SCSI - ok
16:16:46.0117 3328  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
16:16:46.0209 3328  luafv - ok
16:16:46.0254 3328  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:16:46.0299 3328  Mcx2Svc - ok
16:16:46.0323 3328  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
16:16:46.0359 3328  megasas - ok
16:16:46.0408 3328  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
16:16:46.0477 3328  MegaSR - ok
16:16:46.0525 3328  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
16:16:46.0594 3328  MMCSS - ok
16:16:46.0637 3328  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
16:16:46.0721 3328  Modem - ok
16:16:46.0788 3328  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:16:46.0834 3328  monitor - ok
16:16:46.0874 3328  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\drivers\mouclass.sys
16:16:46.0939 3328  mouclass - ok
16:16:46.0997 3328  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:16:47.0083 3328  mouhid - ok
16:16:47.0150 3328  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:16:47.0257 3328  mountmgr - ok
16:16:47.0336 3328  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
16:16:47.0446 3328  mpio - ok
16:16:47.0511 3328  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:16:47.0660 3328  mpsdrv - ok
16:16:47.0747 3328  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:16:47.0859 3328  MpsSvc - ok
16:16:47.0908 3328  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:16:47.0988 3328  MRxDAV - ok
16:16:48.0046 3328  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:16:48.0125 3328  mrxsmb - ok
16:16:48.0168 3328  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:16:48.0229 3328  mrxsmb10 - ok
16:16:48.0261 3328  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:16:48.0309 3328  mrxsmb20 - ok
16:16:48.0337 3328  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
16:16:48.0372 3328  msahci - ok
16:16:48.0436 3328  [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
16:16:48.0475 3328  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
16:16:48.0475 3328  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
16:16:48.0529 3328  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:16:48.0606 3328  msdsm - ok
16:16:48.0671 3328  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
16:16:48.0798 3328  MSDTC - ok
16:16:48.0907 3328  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:16:49.0088 3328  Msfs - ok
16:16:49.0148 3328  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:16:49.0342 3328  mshidkmdf - ok
16:16:49.0403 3328  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:16:49.0487 3328  msisadrv - ok
16:16:49.0545 3328  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:16:49.0656 3328  MSiSCSI - ok
16:16:49.0676 3328  msiserver - ok
16:16:49.0719 3328  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:16:49.0803 3328  MSKSSRV - ok
16:16:49.0833 3328  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:16:49.0890 3328  MSPCLOCK - ok
16:16:49.0928 3328  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:16:50.0015 3328  MSPQM - ok
16:16:50.0063 3328  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:16:50.0108 3328  MsRPC - ok
16:16:50.0150 3328  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
16:16:50.0178 3328  mssmbios - ok
16:16:50.0214 3328  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:16:50.0271 3328  MSTEE - ok
16:16:50.0302 3328  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
16:16:50.0354 3328  MTConfig - ok
16:16:50.0386 3328  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
16:16:50.0443 3328  Mup - ok
16:16:50.0503 3328  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
16:16:50.0577 3328  napagent - ok
16:16:50.0638 3328  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:16:50.0703 3328  NativeWifiP - ok
16:16:50.0765 3328  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:16:50.0824 3328  NDIS - ok
16:16:50.0882 3328  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:16:50.0953 3328  NdisCap - ok
16:16:50.0999 3328  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:16:51.0098 3328  NdisTapi - ok
16:16:51.0171 3328  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:16:51.0248 3328  Ndisuio - ok
16:16:51.0307 3328  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:16:51.0415 3328  NdisWan - ok
16:16:51.0466 3328  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:16:51.0539 3328  NDProxy - ok
16:16:51.0600 3328  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:16:51.0611 3328  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:16:51.0611 3328  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:16:51.0665 3328  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:16:51.0762 3328  NetBIOS - ok
16:16:51.0824 3328  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:16:51.0907 3328  NetBT - ok
16:16:51.0942 3328  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
16:16:51.0970 3328  Netlogon - ok
16:16:52.0025 3328  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
16:16:52.0103 3328  Netman - ok
16:16:52.0145 3328  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
16:16:52.0240 3328  netprofm - ok
16:16:52.0287 3328  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:16:52.0354 3328  NetTcpPortSharing - ok
16:16:52.0430 3328  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
16:16:52.0468 3328  nfrd960 - ok
16:16:52.0521 3328  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
16:16:52.0566 3328  NlaSvc - ok
16:16:52.0672 3328  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\windows\system32\drivers\npf.sys
16:16:52.0727 3328  NPF - ok
16:16:52.0781 3328  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:16:52.0956 3328  Npfs - ok
16:16:53.0024 3328  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
16:16:53.0288 3328  nsi - ok
16:16:53.0340 3328  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:16:53.0420 3328  nsiproxy - ok
16:16:53.0505 3328  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:16:53.0646 3328  Ntfs - ok
16:16:53.0687 3328  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
16:16:53.0766 3328  Null - ok
16:16:53.0828 3328  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:16:53.0884 3328  nvraid - ok
16:16:53.0945 3328  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:16:54.0011 3328  nvstor - ok
16:16:54.0051 3328  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:16:54.0120 3328  nv_agp - ok
16:16:54.0171 3328  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:16:54.0221 3328  ohci1394 - ok
16:16:54.0261 3328  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:16:54.0319 3328  p2pimsvc - ok
16:16:54.0375 3328  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
16:16:54.0505 3328  p2psvc - ok
16:16:54.0585 3328  [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
16:16:54.0702 3328  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
16:16:54.0703 3328  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
16:16:54.0761 3328  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
16:16:54.0877 3328  Parport - ok
16:16:54.0944 3328  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:16:55.0037 3328  partmgr - ok
16:16:55.0112 3328  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
16:16:55.0168 3328  Parvdm - ok
16:16:55.0252 3328  [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
16:16:55.0280 3328  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
16:16:55.0280 3328  PassThru Service - detected UnsignedFile.Multi.Generic (1)
16:16:55.0332 3328  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:16:55.0384 3328  PcaSvc - ok
16:16:55.0417 3328  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
16:16:55.0456 3328  pci - ok
16:16:55.0502 3328  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
16:16:55.0538 3328  pciide - ok
16:16:55.0577 3328  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
16:16:55.0641 3328  pcmcia - ok
16:16:55.0680 3328  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
16:16:55.0741 3328  pcw - ok
16:16:55.0797 3328  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:16:56.0053 3328  PEAUTH - ok
16:16:56.0272 3328  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
16:16:56.0585 3328  pla - ok
16:16:56.0667 3328  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:16:56.0783 3328  PlugPlay - ok
16:16:56.0812 3328  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:16:56.0852 3328  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:16:56.0852 3328  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:16:56.0884 3328  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:16:56.0925 3328  PNRPAutoReg - ok
16:16:56.0956 3328  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:16:56.0990 3328  PNRPsvc - ok
16:16:57.0051 3328  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:16:57.0180 3328  PolicyAgent - ok
16:16:57.0220 3328  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
16:16:57.0297 3328  Power - ok
16:16:57.0350 3328  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:16:57.0439 3328  PptpMiniport - ok
16:16:57.0480 3328  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
16:16:57.0554 3328  Processor - ok
16:16:57.0603 3328  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
16:16:57.0706 3328  ProfSvc - ok
16:16:57.0740 3328  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
16:16:57.0770 3328  ProtectedStorage - ok
16:16:57.0823 3328  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:16:57.0885 3328  Psched - ok
16:16:57.0938 3328  [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
16:16:58.0000 3328  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
16:16:58.0000 3328  PxHelp20 - detected UnsignedFile.Multi.Generic (1)
16:16:58.0058 3328  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
16:16:58.0351 3328  ql2300 - ok
16:16:58.0429 3328  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
16:16:58.0542 3328  ql40xx - ok
16:16:58.0610 3328  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
16:16:58.0790 3328  QWAVE - ok
16:16:58.0865 3328  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:16:58.0963 3328  QWAVEdrv - ok
16:16:59.0029 3328  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:16:59.0187 3328  RasAcd - ok
16:16:59.0264 3328  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:16:59.0420 3328  RasAgileVpn - ok
16:16:59.0493 3328  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
16:16:59.0672 3328  RasAuto - ok
16:16:59.0727 3328  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:16:59.0799 3328  Rasl2tp - ok
16:16:59.0859 3328  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
16:16:59.0961 3328  RasMan - ok
16:17:00.0004 3328  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:17:00.0079 3328  RasPppoe - ok
16:17:00.0120 3328  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:17:00.0221 3328  RasSstp - ok
16:17:00.0274 3328  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:17:00.0529 3328  rdbss - ok
16:17:00.0589 3328  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
16:17:00.0700 3328  rdpbus - ok
16:17:00.0770 3328  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:17:00.0941 3328  RDPCDD - ok
16:17:01.0063 3328  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:17:01.0193 3328  RDPENCDD - ok
16:17:01.0274 3328  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:17:01.0374 3328  RDPREFMP - ok
16:17:01.0415 3328  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:17:01.0529 3328  RDPWD - ok
16:17:01.0600 3328  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:17:01.0670 3328  rdyboost - ok
16:17:01.0723 3328  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
16:17:01.0821 3328  RemoteAccess - ok
16:17:01.0867 3328  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:17:02.0084 3328  RemoteRegistry - ok
16:17:02.0180 3328  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
16:17:02.0271 3328  RFCOMM - ok
16:17:02.0364 3328  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
16:17:02.0496 3328  rpcapd - ok
16:17:02.0560 3328  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:17:02.0705 3328  RpcEptMapper - ok
16:17:02.0741 3328  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
16:17:02.0800 3328  RpcLocator - ok
16:17:02.0847 3328  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
16:17:02.0910 3328  RpcSs - ok
16:17:02.0967 3328  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:17:03.0032 3328  rspndr - ok
16:17:03.0115 3328  [ 44B7739F2D623AD6FB46755BB60351A4 ] rtl8192se       C:\windows\system32\DRIVERS\rtl8192se.sys
16:17:03.0276 3328  rtl8192se - ok
16:17:03.0307 3328  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
16:17:03.0365 3328  SamSs - ok
16:17:03.0525 3328  [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
16:17:03.0570 3328  SamsungAllShareV2.0 - ok
16:17:03.0640 3328  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:17:03.0745 3328  sbp2port - ok
16:17:03.0819 3328  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:17:03.0978 3328  SCardSvr - ok
16:17:04.0017 3328  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:17:04.0122 3328  scfilter - ok
16:17:04.0182 3328  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
16:17:04.0336 3328  Schedule - ok
16:17:04.0374 3328  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:17:04.0426 3328  SCPolicySvc - ok
16:17:04.0482 3328  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:17:04.0588 3328  SDRSVC - ok
16:17:04.0637 3328  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:17:04.0699 3328  secdrv - ok
16:17:04.0734 3328  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
16:17:04.0837 3328  seclogon - ok
16:17:04.0883 3328  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
16:17:04.0953 3328  SENS - ok
16:17:04.0986 3328  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:17:05.0039 3328  SensrSvc - ok
16:17:05.0078 3328  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
16:17:05.0134 3328  Serenum - ok
16:17:05.0171 3328  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
16:17:05.0222 3328  Serial - ok
16:17:05.0259 3328  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
16:17:05.0343 3328  sermouse - ok
16:17:05.0420 3328  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
16:17:05.0507 3328  SessionEnv - ok
16:17:05.0538 3328  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:17:05.0584 3328  sffdisk - ok
16:17:05.0615 3328  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:17:05.0668 3328  sffp_mmc - ok
16:17:05.0720 3328  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:17:05.0761 3328  sffp_sd - ok
16:17:05.0809 3328  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
16:17:05.0885 3328  sfloppy - ok
16:17:05.0948 3328  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:17:06.0072 3328  SharedAccess - ok
16:17:06.0128 3328  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:17:06.0208 3328  ShellHWDetection - ok
16:17:06.0251 3328  [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
16:17:06.0302 3328  SimpleSlideShowServer - ok
16:17:06.0347 3328  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
16:17:06.0406 3328  sisagp - ok
16:17:06.0472 3328  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
16:17:06.0523 3328  SiSRaid2 - ok
16:17:06.0567 3328  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
16:17:06.0606 3328  SiSRaid4 - ok
16:17:06.0643 3328  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:17:06.0761 3328  Smb - ok
16:17:06.0840 3328  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:17:06.0871 3328  SNMPTRAP - ok
16:17:06.0936 3328  [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
16:17:06.0969 3328  SonicStage Back-End Service - ok
16:17:07.0013 3328  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
16:17:07.0067 3328  spldr - ok
16:17:07.0141 3328  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
16:17:07.0216 3328  Spooler - ok
16:17:07.0383 3328  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
16:17:07.0708 3328  sppsvc - ok
16:17:07.0784 3328  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:17:07.0917 3328  sppuinotify - ok
16:17:07.0974 3328  [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
16:17:08.0041 3328  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
16:17:08.0041 3328  SPTISRV - detected UnsignedFile.Multi.Generic (1)
16:17:08.0091 3328  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
16:17:08.0209 3328  srv - ok
16:17:08.0245 3328  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:17:08.0390 3328  srv2 - ok
16:17:08.0452 3328  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:17:08.0584 3328  srvnet - ok
16:17:08.0736 3328  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:17:08.0890 3328  SSDPSRV - ok
16:17:08.0997 3328  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
16:17:09.0082 3328  ssmdrv - ok
16:17:09.0200 3328  [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV        C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
16:17:09.0251 3328  SSScsiSV - ok
16:17:09.0321 3328  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:17:09.0434 3328  SstpSvc - ok
16:17:09.0501 3328  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
16:17:09.0562 3328  stexstor - ok
16:17:09.0634 3328  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
16:17:09.0764 3328  StiSvc - ok
16:17:09.0804 3328  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
16:17:09.0854 3328  swenum - ok
16:17:09.0916 3328  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
16:17:10.0029 3328  swprv - ok
16:17:10.0096 3328  [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:17:10.0165 3328  SynTP - ok
16:17:10.0248 3328  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
16:17:10.0371 3328  SysMain - ok
16:17:10.0447 3328  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
16:17:10.0546 3328  TabletInputService - ok
16:17:10.0632 3328  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
16:17:10.0817 3328  TapiSrv - ok
16:17:10.0881 3328  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
16:17:10.0944 3328  TBS - ok
16:17:11.0033 3328  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:17:11.0251 3328  Tcpip - ok
16:17:11.0308 3328  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:17:11.0365 3328  TCPIP6 - ok
16:17:11.0415 3328  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:17:11.0475 3328  tcpipreg - ok
16:17:11.0539 3328  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:17:11.0620 3328  TDPIPE - ok
16:17:11.0666 3328  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:17:11.0739 3328  TDTCP - ok
16:17:11.0785 3328  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:17:11.0844 3328  tdx - ok
16:17:11.0881 3328  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
16:17:11.0943 3328  TermDD - ok
16:17:12.0004 3328  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
16:17:12.0103 3328  TermService - ok
16:17:12.0145 3328  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
16:17:12.0206 3328  Themes - ok
16:17:12.0248 3328  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
16:17:12.0301 3328  THREADORDER - ok
16:17:12.0331 3328  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
16:17:12.0422 3328  TrkWks - ok
16:17:12.0492 3328  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:17:12.0558 3328  TrustedInstaller - ok
16:17:12.0602 3328  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:17:12.0692 3328  tssecsrv - ok
16:17:12.0753 3328  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:17:12.0845 3328  TsUsbFlt - ok
16:17:13.0115 3328  [ 60C6AC47323C81712896C5C8C7974DD1 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
16:17:13.0259 3328  TuneUp.UtilitiesSvc - ok
16:17:13.0339 3328  [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
16:17:13.0420 3328  TuneUpUtilitiesDrv - ok
16:17:13.0518 3328  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:17:13.0682 3328  tunnel - ok
16:17:13.0741 3328  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
16:17:13.0823 3328  uagp35 - ok
16:17:13.0920 3328  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:17:14.0010 3328  udfs - ok
16:17:14.0068 3328  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:17:14.0126 3328  UI0Detect - ok
16:17:14.0155 3328  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:17:14.0201 3328  uliagpkx - ok
16:17:14.0262 3328  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\drivers\umbus.sys
16:17:14.0313 3328  umbus - ok
16:17:14.0372 3328  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
16:17:14.0429 3328  UmPass - ok
16:17:14.0473 3328  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
16:17:14.0583 3328  upnphost - ok
16:17:14.0641 3328  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
16:17:14.0709 3328  USBAAPL - ok
16:17:14.0766 3328  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
16:17:14.0853 3328  usbaudio - ok
16:17:14.0895 3328  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:17:15.0003 3328  usbccgp - ok
16:17:15.0044 3328  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:17:15.0135 3328  usbcir - ok
16:17:15.0182 3328  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
16:17:15.0219 3328  usbehci - ok
16:17:15.0268 3328  [ 19999CA8E83F16D271AFC467B84718D7 ] usbfilter       C:\windows\system32\DRIVERS\usbfilter.sys
16:17:15.0301 3328  usbfilter - ok
16:17:15.0361 3328  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:17:15.0459 3328  usbhub - ok
16:17:15.0488 3328  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
16:17:15.0536 3328  usbohci - ok
16:17:15.0592 3328  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:17:15.0675 3328  usbprint - ok
16:17:15.0769 3328  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:17:15.0924 3328  USBSTOR - ok
16:17:15.0994 3328  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:17:16.0186 3328  usbuhci - ok
16:17:16.0282 3328  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
16:17:16.0380 3328  usbvideo - ok
16:17:16.0438 3328  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
16:17:16.0538 3328  UxSms - ok
16:17:16.0566 3328  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
16:17:16.0614 3328  VaultSvc - ok
16:17:16.0654 3328  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:17:16.0692 3328  vdrvroot - ok
16:17:16.0762 3328  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
16:17:16.0896 3328  vds - ok
16:17:16.0941 3328  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:17:17.0004 3328  vga - ok
16:17:17.0047 3328  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
16:17:17.0146 3328  VgaSave - ok
16:17:17.0194 3328  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:17:17.0241 3328  vhdmp - ok
16:17:17.0290 3328  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
16:17:17.0330 3328  viaagp - ok
16:17:17.0372 3328  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
16:17:17.0451 3328  ViaC7 - ok
16:17:17.0496 3328  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
16:17:17.0549 3328  viaide - ok
16:17:17.0590 3328  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:17:17.0629 3328  volmgr - ok
16:17:17.0681 3328  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:17:17.0756 3328  volmgrx - ok
16:17:17.0802 3328  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:17:17.0856 3328  volsnap - ok
16:17:17.0902 3328  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
16:17:17.0978 3328  vsmraid - ok
16:17:18.0054 3328  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
16:17:18.0264 3328  VSS - ok
16:17:18.0294 3328  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:17:18.0334 3328  vwifibus - ok
16:17:18.0379 3328  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:17:18.0451 3328  vwififlt - ok
16:17:18.0521 3328  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:17:18.0593 3328  vwifimp - ok
16:17:18.0641 3328  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
16:17:18.0711 3328  W32Time - ok
16:17:18.0758 3328  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
16:17:18.0830 3328  WacomPen - ok
16:17:18.0889 3328  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:17:18.0950 3328  WANARP - ok
16:17:18.0968 3328  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:17:19.0024 3328  Wanarpv6 - ok
16:17:19.0106 3328  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
16:17:19.0318 3328  wbengine - ok
16:17:19.0399 3328  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:17:19.0513 3328  WbioSrvc - ok
16:17:19.0613 3328  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:17:19.0758 3328  wcncsvc - ok
16:17:19.0808 3328  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:17:19.0994 3328  WcsPlugInService - ok
16:17:20.0062 3328  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
16:17:20.0208 3328  Wd - ok
16:17:20.0305 3328  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:17:20.0455 3328  Wdf01000 - ok
16:17:20.0525 3328  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:17:20.0749 3328  WdiServiceHost - ok
16:17:20.0806 3328  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:17:20.0891 3328  WdiSystemHost - ok
16:17:20.0946 3328  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
16:17:21.0021 3328  WebClient - ok
16:17:21.0078 3328  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:17:21.0153 3328  Wecsvc - ok
16:17:21.0188 3328  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:17:21.0251 3328  wercplsupport - ok
16:17:21.0294 3328  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
16:17:21.0396 3328  WerSvc - ok
16:17:21.0455 3328  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:17:21.0528 3328  WfpLwf - ok
16:17:21.0575 3328  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:17:21.0613 3328  WIMMount - ok
16:17:21.0693 3328  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:17:21.0775 3328  WinDefend - ok
16:17:21.0804 3328  WinHttpAutoProxySvc - ok
16:17:21.0874 3328  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:17:21.0988 3328  Winmgmt - ok
16:17:22.0065 3328  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
16:17:22.0212 3328  WinRM - ok
16:17:22.0284 3328  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
16:17:22.0373 3328  WinUsb - ok
16:17:22.0432 3328  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
16:17:22.0661 3328  Wlansvc - ok
16:17:22.0816 3328  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:17:23.0013 3328  wlidsvc - ok
16:17:23.0088 3328  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
16:17:23.0143 3328  WmiAcpi - ok
16:17:23.0190 3328  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:17:23.0272 3328  wmiApSrv - ok
16:17:23.0391 3328  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:17:23.0481 3328  WMPNetworkSvc - ok
16:17:23.0545 3328  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:17:23.0668 3328  WPCSvc - ok
16:17:23.0746 3328  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:17:23.0904 3328  WPDBusEnum - ok
16:17:23.0971 3328  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:17:24.0087 3328  ws2ifsl - ok
16:17:24.0166 3328  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
16:17:24.0333 3328  wscsvc - ok
16:17:24.0352 3328  WSearch - ok
16:17:24.0450 3328  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
16:17:24.0564 3328  wuauserv - ok
16:17:24.0610 3328  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:17:24.0708 3328  WudfPf - ok
16:17:24.0782 3328  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:17:24.0839 3328  WUDFRd - ok
16:17:24.0903 3328  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:17:25.0011 3328  wudfsvc - ok
16:17:25.0083 3328  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
16:17:25.0285 3328  WwanSvc - ok
16:17:25.0397 3328  ================ Scan global ===============================
16:17:25.0469 3328  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
16:17:25.0535 3328  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
16:17:25.0586 3328  [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
16:17:25.0630 3328  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
16:17:25.0673 3328  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
16:17:25.0718 3328  [Global] - ok
16:17:25.0725 3328  ================ Scan MBR ==================================
16:17:25.0741 3328  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:17:26.0184 3328  \Device\Harddisk0\DR0 - ok
16:17:26.0199 3328  ================ Scan VBR ==================================
16:17:26.0217 3328  [ 0A2950E952858229FC44EB3EFC999D24 ] \Device\Harddisk0\DR0\Partition1
16:17:26.0221 3328  \Device\Harddisk0\DR0\Partition1 - ok
16:17:26.0276 3328  [ FC2C98DD2EC94A43BC19445F1C0DC14D ] \Device\Harddisk0\DR0\Partition2
16:17:26.0284 3328  \Device\Harddisk0\DR0\Partition2 - ok
16:17:26.0301 3328  ============================================================
16:17:26.0301 3328  Scan finished
16:17:26.0301 3328  ============================================================
16:17:26.0369 5312  Detected object count: 10
16:17:26.0369 5312  Actual detected object count: 10
16:18:09.0167 5312  AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0168 5312  AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:18:09.0169 5312  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0169 5312  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:18:09.0170 5312  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0170 5312  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:18:09.0183 5312  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0183 5312  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:18:09.0184 5312  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0184 5312  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:18:09.0193 5312  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0194 5312  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:18:09.0194 5312  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0198 5312  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:18:09.0207 5312  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0208 5312  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:18:09.0208 5312  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0209 5312  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:18:09.0221 5312  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0221 5312  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
gmer stürzt immer wieder ab.

Gruss


Alt 14.02.2013, 10:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> zip. Anhang geöffnet TR/Matsnu.EB.101

Alt 14.02.2013, 19:23   #7
giz02
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



...

Guten Morgen.
Also,wollte das das Combofix durchlaufen lassen.entweder stürzt beim Rechner komplett ab,oder ich bekomme die Nachricht das Windows heruntergefahren wird. kann also das Combifix nicht durchlaufen lassen.Eine Logdatei wird mir demnach auch nicht erstellt.
Gruss

Geändert von giz02 (14.02.2013 um 19:37 Uhr)

Alt 15.02.2013, 09:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.02.2013, 07:14   #9
giz02
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Funktioniert nach wie vor nicht.

Alt 16.02.2013, 17:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Probier CF bitte im abgesicherten Modus mit Netzwerktreibern


Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.02.2013, 17:36   #11
giz02
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



hi.
nun hat es funktioniert.
hier die LOG:
Code:
ATTFilter
ComboFix 13-02-15.01 - Giz 17.02.2013  10:33:12.8.1 - x86 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1791.1240 [GMT 1:00]
ausgeführt von:: c:\users\Giz\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Thumbs.db
.
Infizierte Kopie von c:\windows\system32\user32.dll wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-17 bis 2013-02-17  ))))))))))))))))))))))))))))))
.
.
2013-02-17 09:51 . 2013-02-17 09:51	63115	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-02-17 09:51 . 2013-02-17 09:51	4599	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-02-17 09:51 . 2013-02-17 09:51	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-02-17 09:51 . 2013-02-17 09:51	8646	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-02-17 09:51 . 2013-02-17 09:51	8613	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-02-17 09:51 . 2013-02-17 09:51	6429	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-02-17 09:51 . 2013-02-17 09:51	5927	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-02-17 09:51 . 2013-02-17 09:51	1651	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-02-17 09:51 . 2013-02-17 09:51	6910	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-02-17 09:51 . 2013-02-17 09:51	18541	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-02-17 09:51 . 2013-02-17 09:51	8288	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-02-17 09:51 . 2013-02-17 09:51	6208	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-02-17 09:50 . 2013-02-17 09:50	51852	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-02-17 09:50 . 2013-02-17 09:50	20719	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-02-17 09:50 . 2013-02-17 09:50	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-02-17 09:50 . 2013-02-17 09:50	7271	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-02-17 09:50 . 2013-02-17 09:50	23327	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-02-17 09:44 . 2013-02-17 09:44	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{790B3F69-808C-4D23-BA5C-1E4E3CD4DFC8}\offreg.dll
2013-02-17 09:44 . 2013-02-17 09:54	--------	d-----w-	c:\users\Giz\AppData\Local\temp
2013-02-17 09:44 . 2013-02-17 09:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-17 08:48 . 2013-02-17 08:48	--------	d-----w-	C:\found.000
2013-02-16 00:21 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{790B3F69-808C-4D23-BA5C-1E4E3CD4DFC8}\mpengine.dll
2013-02-14 16:13 . 2012-06-02 04:36	1159680	-c----w-	c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_c0000010_dbf58aa59f8fc7a2119898f1dac9534d7439885_cab_031902be\crypt32.dll
2013-02-13 14:14 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 14:14 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 14:14 . 2012-12-26 04:49	760320	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 14:14 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-02-10 17:04 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-10 17:04 . 2013-02-10 17:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-10 15:28 . 2013-02-10 15:28	--------	dc----w-	c:\users\Giz\AppData\Local\MigWiz
2013-02-10 11:15 . 2013-02-10 12:00	74096	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-10 11:15 . 2013-02-10 12:00	697712	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-10 10:52 . 2013-02-10 10:52	--------	d-----w-	c:\program files\WinPcap
2013-02-10 06:24 . 2013-02-10 06:24	--------	d-----w-	c:\windows\system32\searchplugins
2013-02-10 06:24 . 2013-02-10 06:24	--------	d-----w-	c:\windows\system32\Extensions
2013-02-10 06:23 . 2013-02-10 06:23	--------	d-----w-	c:\programdata\BrowserProtect
2013-02-10 06:23 . 2013-02-10 06:23	--------	d-----w-	c:\program files\Delta
2013-02-10 06:23 . 2013-02-10 06:24	--------	d-----w-	c:\users\Giz\AppData\Roaming\Delta
2013-02-10 06:22 . 2013-02-10 06:22	--------	d-----w-	c:\programdata\Babylon
2013-02-10 06:22 . 2013-02-10 06:22	--------	d-----w-	c:\users\Giz\AppData\Roaming\Babylon
2013-02-10 06:21 . 2013-02-10 06:21	--------	d-----w-	c:\programdata\Tarma Installer
2013-02-10 06:21 . 2013-02-10 06:21	--------	d-----w-	c:\program files\Movie2KDownloader.com
2013-02-10 06:21 . 2013-02-10 06:30	--------	d-----w-	c:\program files\hdvidcodec.com
2013-02-10 04:21 . 2013-02-10 04:21	--------	d-----w-	c:\users\Giz\AppData\Roaming\Avira
2013-02-10 04:15 . 2013-02-10 04:07	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-02-10 04:15 . 2013-02-10 04:07	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-02-10 04:15 . 2013-02-10 04:07	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-02-10 04:15 . 2013-02-10 04:15	--------	d-----w-	c:\programdata\Avira
2013-02-10 04:15 . 2013-02-10 04:15	--------	d-----w-	c:\program files\Avira
2013-02-09 13:41 . 2013-02-09 13:41	--------	d-----w-	c:\users\Giz\AppData\Roaming\Malwarebytes
2013-02-09 13:40 . 2013-02-09 13:40	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-09 11:55 . 2013-02-09 12:01	--------	d-----w-	c:\users\Giz\AppData\Roaming\ACShredder6
2013-02-09 11:54 . 2013-01-02 10:37	1629744	----a-w-	c:\windows\system32\Shredder.dll
2013-02-09 11:54 . 2013-02-09 11:54	--------	d-----w-	c:\program files\ArchiCrypt
2013-02-09 11:54 . 2013-02-09 11:54	--------	d-----w-	c:\users\Giz\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2011-03-28 08:24	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-22 02:01	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:01	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 17:21	308736	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 17:21	2576384	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 17:21	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 17:21	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 17:21	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 17:21	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 17:21	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 17:21	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 17:21	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 17:21	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 17:21	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 17:21	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 17:21	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 17:21	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 17:21	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 17:21	51712	----a-w-	c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 17:22	293376	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 17:22	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 17:22	271360	----a-w-	c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 17:22	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 17:22	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 17:22	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:48 . 2013-01-09 17:23	49152	----a-w-	c:\windows\system32\taskhost.exe
2012-11-22 04:45 . 2013-01-09 17:24	626688	----a-w-	c:\windows\system32\usp10.dll
2012-11-20 04:51 . 2013-01-09 17:21	220160	----a-w-	c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browser Infrastructure Helper"="c:\users\Giz\AppData\Local\Smartbar\Application\Smartbar.exe" [2012-08-07 13824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-14 2018032]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
.
c:\users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Giz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261095~1.52\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Giz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 asushwio;asushwio;c:\windows\system32\drivers\asushwio.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ArchiCrypt Sichere Loeschzonen;ArchiCrypt Shredder - Sichere Löschzonen Hilfsservice;c:\program files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - ArchiCryptInjector
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 12:00]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001Core.job
- c:\users\Giz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 11:29]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001UA.job
- c:\users\Giz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 11:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=52366ec60000000000001c4bd660b0f8
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4404)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\taskschd.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-17  10:59:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-17 09:59
.
Vor Suchlauf: 10 Verzeichnis(se), 51.557.535.744 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.382.333.440 Bytes frei
.
- - End Of File - - 6913CB41E757EF52FEE47622C6A7C125
         

Alt 19.02.2013, 22:45   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



Schön, probier bitte nun GMER nochmal aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2013, 09:40   #13
giz02
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



hier der Scan
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-20 10:36:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000005d ST925031 rev.0002 232,89GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Giz\AppData\Local\Temp\uwldqpow.sys


---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                       820499E9 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                         820831C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.0 ----

.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + 6                777E55CE 4 Bytes  [28, 2C, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + B                777E55D3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + 6          777E5C2E 4 Bytes  [28, 2F, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + B          777E5C33 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + 6                  777E5CDE 4 Bytes  [68, 2C, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + B                  777E5CE3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + 6               777E5D8E 4 Bytes  [A8, 2D, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + B               777E5D93 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessToken + B          777E5DA3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + 6        777E5DAE 4 Bytes  [A8, 2E, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + B        777E5DB3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + 6                777E5E0E 4 Bytes  [68, 2D, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + B                777E5E13 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + 6           777E5E1E 4 Bytes  [68, 2E, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + B           777E5E23 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadTokenEx + B         777E5E33 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + 6       777E5F3E 4 Bytes  [A8, 2C, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + B       777E5F43 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryFullAttributesFile + B   777E5FF3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + 6        777E663E 4 Bytes  [28, 2D, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + B        777E6643 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + 6      777E669E 4 Bytes  [28, 2E, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + B      777E66A3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + 6        777E69BE 4 Bytes  [68, 2F, EA, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + B        777E69C3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtCreateFile + 6               777E55CE 4 Bytes  [28, 88, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtCreateFile + B               777E55D3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtMapViewOfSection + 6         777E5C2E 4 Bytes  [28, 8B, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtMapViewOfSection + B         777E5C33 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenFile + 6                 777E5CDE 4 Bytes  [68, 88, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenFile + B                 777E5CE3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcess + 6              777E5D8E 4 Bytes  [A8, 89, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcess + B              777E5D93 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessToken + B         777E5DA3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessTokenEx + 6       777E5DAE 4 Bytes  [A8, 8A, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessTokenEx + B       777E5DB3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThread + 6               777E5E0E 4 Bytes  [68, 89, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThread + B               777E5E13 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadToken + 6          777E5E1E 4 Bytes  [68, 8A, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadToken + B          777E5E23 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadTokenEx + B        777E5E33 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryAttributesFile + 6      777E5F3E 4 Bytes  [A8, 88, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryAttributesFile + B      777E5F43 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryFullAttributesFile + B  777E5FF3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationFile + 6       777E663E 4 Bytes  [28, 89, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationFile + B       777E6643 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationThread + 6     777E669E 4 Bytes  [28, 8A, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationThread + B     777E66A3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtUnmapViewOfSection + 6       777E69BE 4 Bytes  [68, 8B, 5C, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtUnmapViewOfSection + B       777E69C3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtCreateFile + 6               777E55CE 4 Bytes  [28, 00, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtCreateFile + B               777E55D3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtMapViewOfSection + 6         777E5C2E 1 Byte  [28]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtMapViewOfSection + 6         777E5C2E 4 Bytes  [28, 03, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtMapViewOfSection + B         777E5C33 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenFile + 6                 777E5CDE 4 Bytes  [68, 00, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenFile + B                 777E5CE3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcess + 6              777E5D8E 4 Bytes  [A8, 01, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcess + B              777E5D93 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcessToken + B         777E5DA3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcessTokenEx + 6       777E5DAE 4 Bytes  [A8, 02, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcessTokenEx + B       777E5DB3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThread + 6               777E5E0E 4 Bytes  [68, 01, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThread + B               777E5E13 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThreadToken + 6          777E5E1E 4 Bytes  [68, 02, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThreadToken + B          777E5E23 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThreadTokenEx + B        777E5E33 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtQueryAttributesFile + 6      777E5F3E 4 Bytes  [A8, 00, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtQueryAttributesFile + B      777E5F43 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtQueryFullAttributesFile + B  777E5FF3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtSetInformationFile + 6       777E663E 4 Bytes  [28, 01, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtSetInformationFile + B       777E6643 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtSetInformationThread + 6     777E669E 4 Bytes  [28, 02, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtSetInformationThread + B     777E66A3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtUnmapViewOfSection + 6       777E69BE 1 Byte  [68]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtUnmapViewOfSection + 6       777E69BE 4 Bytes  [68, 03, 80, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtUnmapViewOfSection + B       777E69C3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtCreateFile + 6               777E55CE 4 Bytes  [28, 88, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtCreateFile + B               777E55D3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtMapViewOfSection + 6         777E5C2E 4 Bytes  [28, 8B, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtMapViewOfSection + B         777E5C33 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenFile + 6                 777E5CDE 4 Bytes  [68, 88, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenFile + B                 777E5CE3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcess + 6              777E5D8E 4 Bytes  [A8, 89, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcess + B              777E5D93 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessToken + B         777E5DA3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessTokenEx + 6       777E5DAE 4 Bytes  [A8, 8A, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessTokenEx + B       777E5DB3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThread + 6               777E5E0E 4 Bytes  [68, 89, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThread + B               777E5E13 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadToken + 6          777E5E1E 4 Bytes  [68, 8A, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadToken + B          777E5E23 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadTokenEx + B        777E5E33 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryAttributesFile + 6      777E5F3E 4 Bytes  [A8, 88, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryAttributesFile + B      777E5F43 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryFullAttributesFile + B  777E5FF3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationFile + 6       777E663E 4 Bytes  [28, 89, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationFile + B       777E6643 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationThread + 6     777E669E 4 Bytes  [28, 8A, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationThread + B     777E66A3 1 Byte  [E2]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtUnmapViewOfSection + 6       777E69BE 4 Bytes  [68, 8B, D7, 00]
.text  C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtUnmapViewOfSection + B       777E69C3 1 Byte  [E2]

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                [745124CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                           [744F562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                          [744F56EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree]                                 [74512546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                       [745085AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                         [74504D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                        [74505105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                       [745051DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]              [74506707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                        [74508301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                   [74508850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                 [745090B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                       [7450E254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                           [74504C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d66eee                                    
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d66eee (not active ControlSet)                

---- EOF - GMER 2.0 ----
         

Alt 20.02.2013, 16:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2013, 18:12   #15
giz02
 
zip. Anhang geöffnet TR/Matsnu.EB.101 - Standard

zip. Anhang geöffnet TR/Matsnu.EB.101



hier die scans:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x86
Ran by Giz on 20.02.2013 at 18:18:54,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3532530151-904022732-2976600449-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3532530151-904022732-2976600449-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\pricegongie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Giz\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Giz\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2013 at 18:26:29,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 20/02/2013 um 18:27:48 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Giz - GIZ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Giz\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\Ask

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5e4dddfb269bf47
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\cacaoweb
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\5e4dddfb269bf47
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3497 octets] - [20/02/2013 18:27:48]

########## EOF - C:\AdwCleaner[S1].txt - [3557 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 2/20/2013 6:53:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Giz\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 52.59% Memory free
3.50 Gb Paging File | 2.29 Gb Available in Paging File | 65.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 47.32 Gb Free Space | 47.32% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 85.44 Gb Free Space | 69.54% Space Free | Partition Type: NTFS
 
Computer Name: GIZ-PC | User Name: Giz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Giz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll ()
MOD - C:\Users\Giz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll ()
MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab2d590a7a1566fe78e3275a90a30ceb\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.38390__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.38372__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.38439__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.38381__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.38421__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.38458__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.38386__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.38381__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3503.38482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.38415__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.38392__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.38434__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.38396__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.38395__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3496.39091__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3496.39089__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3496.39100__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3496.39127__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3496.39099__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3496.39109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3496.39106__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3496.39122__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3496.39086__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3496.39096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3496.39087__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3496.39157__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3496.39121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3496.39099__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3496.39107__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3496.39089__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3496.39102__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3496.39098__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3496.39098__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3496.39122__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3496.39090__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3496.39090__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3503.38481__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.38452__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.38451__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.38463__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3496.39089__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3496.39090__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3496.39098__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.38368__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.38377__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3503.38447__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.38385__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3503.38370__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.38371__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3496.39100__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.38369__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3496.39099__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3496.39097__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3496.39110__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.38452__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ArchiCrypt Sichere Loeschzonen) -- C:\Program Files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe (Softwareentwicklung Remus - ArchiCrypt)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (SamsungAllShareV2.0) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Giz\AppData\Local\Temp\catchme.sys File not found
DRV - (btwrchid) -- C:\windows\system32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\windows\system32\DRIVERS\btwavdt.sys File not found
DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (asushwio) -- C:\Windows\System32\drivers\ASUSHWIO.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/17 22:42:07 | 000,000,000 | ---D | M]
 
[2013/02/10 07:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giz\AppData\Roaming\mozilla\firefox\Profiles\extensions
[2012/12/13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Giz\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2011/10/14 09:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/05/13 16:03:36 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}
[2010/05/13 09:26:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 10:51:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 10:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 16:14:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/18 11:28:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/07 10:22:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: hxxp://google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Mozilla Plugins\npitunes.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Giz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Movie2kDownloader = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Logitech-Ger\u00E4teerkennung = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Google Mail = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Movie2kDownloader = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Logitech-Ger\u00E4teerkennung = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Google Mail = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/02/17 10:44:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - Startup: C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Giz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O15 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09ABA583-D6D1-4135-BBA0-D6CF7BD51A5D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5E5214-9647-4B53-AB4F-8A1DFADE3032}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\acshredder6.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dropbox.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\htcupctloader.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\quarantine.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\schedmon6.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\scheduler6.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\taskhandler6.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/20 18:18:48 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/02/20 18:18:37 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/20 18:17:24 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Giz\Desktop\JRT.exe
[2013/02/17 10:59:21 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/02/17 10:52:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/17 10:44:07 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\temp
[2013/02/17 09:48:18 | 000,000,000 | ---D | C] -- C:\found.000
[2013/02/14 16:56:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/02/14 16:56:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/02/14 16:56:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/02/14 16:55:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/14 16:54:21 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/02/13 16:12:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Giz\Desktop\tdsskiller.exe
[2013/02/13 15:15:23 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/02/13 15:15:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/02/13 15:15:20 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/02/13 15:15:20 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/02/13 15:15:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/02/13 15:15:08 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/02/13 15:15:07 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/02/13 15:15:01 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/02/13 15:14:44 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2013/02/13 15:14:32 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2013/02/12 18:31:09 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Giz\Desktop\aswMBR.exe
[2013/02/12 18:00:25 | 000,000,000 | ---D | C] -- C:\Users\Giz\Desktop\mbar-1.01.0.1020
[2013/02/10 20:02:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe
[2013/02/10 18:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/10 18:04:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/02/10 18:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/10 16:28:53 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\MigWiz
[2013/02/10 12:15:03 | 000,697,712 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/02/10 12:15:03 | 000,074,096 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/02/10 11:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2013/02/10 07:24:17 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins
[2013/02/10 07:24:17 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions
[2013/02/10 07:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com
[2013/02/10 07:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com
[2013/02/10 05:21:53 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Avira
[2013/02/10 05:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/02/10 05:15:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013/02/10 05:15:42 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013/02/10 05:15:42 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013/02/10 05:15:42 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013/02/10 05:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/02/10 05:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/02/09 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Malwarebytes
[2013/02/09 14:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/09 12:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArchiCrypt
[2013/02/09 12:55:15 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\ACShredder6
[2013/02/09 12:54:49 | 001,629,744 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt) -- C:\windows\System32\Shredder.dll
[2013/02/09 12:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\ArchiCrypt
[2013/02/09 12:54:20 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/20 19:00:17 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/20 18:39:27 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/20 18:39:27 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/20 18:31:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/20 18:24:21 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001UA.job
[2013/02/20 18:17:47 | 000,587,671 | ---- | M] () -- C:\Users\Giz\Desktop\adwcleaner0.exe
[2013/02/20 18:13:14 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Giz\Desktop\JRT.exe
[2013/02/20 10:11:29 | 195,399,053 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/02/19 17:07:56 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001Core.job
[2013/02/17 21:33:34 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf
[2013/02/17 10:44:11 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/02/15 03:38:23 | 000,358,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/02/15 03:09:02 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/02/15 03:09:02 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/02/15 03:09:02 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/02/15 03:09:02 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/02/13 16:12:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Giz\Desktop\tdsskiller.exe
[2013/02/12 19:05:49 | 000,000,512 | ---- | M] () -- C:\Users\Giz\Desktop\MBR.dat
[2013/02/12 18:32:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Giz\Desktop\aswMBR.exe
[2013/02/12 17:59:11 | 013,711,621 | ---- | M] () -- C:\Users\Giz\Desktop\mbar-1.01.0.1020.zip
[2013/02/10 21:07:10 | 000,365,568 | ---- | M] () -- C:\Users\Giz\Desktop\gmer_2.0.18454.exe
[2013/02/10 20:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe
[2013/02/10 20:01:37 | 000,000,000 | ---- | M] () -- C:\Users\Giz\defogger_reenable
[2013/02/10 20:00:28 | 000,050,477 | ---- | M] () -- C:\Users\Giz\Desktop\Defogger.exe
[2013/02/10 18:04:31 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/02/10 13:00:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/02/10 13:00:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/02/10 08:37:57 | 000,007,597 | ---- | M] () -- C:\Users\Giz\AppData\Local\Resmon.ResmonCfg
[2013/02/10 05:07:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2013/02/10 05:07:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys
[2013/02/10 05:07:20 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2013/02/10 05:07:19 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2013/02/09 15:04:10 | 000,001,045 | -H-- | M] () -- C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/09 15:03:36 | 000,001,009 | ---- | M] () -- C:\Users\Giz\Desktop\Dropbox.lnk
[2013/02/09 13:47:26 | 000,033,134 | ---- | M] () -- C:\Users\Giz\AppData\Roaming\UserTile.png
[2013/02/01 17:52:39 | 000,002,352 | ---- | M] () -- C:\Users\Giz\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013/02/20 18:15:48 | 000,587,671 | ---- | C] () -- C:\Users\Giz\Desktop\adwcleaner0.exe
[2013/02/14 16:56:15 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/02/14 16:56:15 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/02/14 16:56:15 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/02/14 16:56:15 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/02/14 16:56:15 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/02/12 19:05:49 | 000,000,512 | ---- | C] () -- C:\Users\Giz\Desktop\MBR.dat
[2013/02/12 17:58:42 | 013,711,621 | ---- | C] () -- C:\Users\Giz\Desktop\mbar-1.01.0.1020.zip
[2013/02/10 21:07:02 | 000,365,568 | ---- | C] () -- C:\Users\Giz\Desktop\gmer_2.0.18454.exe
[2013/02/10 20:01:37 | 000,000,000 | ---- | C] () -- C:\Users\Giz\defogger_reenable
[2013/02/10 20:00:25 | 000,050,477 | ---- | C] () -- C:\Users\Giz\Desktop\Defogger.exe
[2013/02/10 18:04:31 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/02/10 12:15:08 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/09 13:47:26 | 000,033,134 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\UserTile.png
[2011/05/29 09:37:22 | 000,007,597 | ---- | C] () -- C:\Users\Giz\AppData\Local\Resmon.ResmonCfg
[2011/02/27 14:03:31 | 000,532,480 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Sony.dll
[2010/07/20 15:58:03 | 000,937,426 | ---- | C] () -- C:\Users\Giz\Schulplan.pdf
[2010/07/01 20:05:25 | 000,066,675 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\mdbu.bin
[2010/06/17 18:42:28 | 000,003,584 | ---- | C] () -- C:\Users\Giz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 22:41:29 | 000,001,018 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 2/20/2013 6:53:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Giz\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 52.59% Memory free
3.50 Gb Paging File | 2.29 Gb Available in Paging File | 65.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 47.32 Gb Free Space | 47.32% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 85.44 Gb Free Space | 69.54% Space Free | Partition Type: NTFS
 
Computer Name: GIZ-PC | User Name: Giz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.BU4WFSV3H6M4JN7DPOWR2R76ZA] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8038CD96-F38A-42A8-A370-4E42AF1E366A}" = rport=41952 | protocol=6 | dir=out | name=tversity | 
"{845F9CEE-4551-4AE9-8FE4-D014A8329EDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FDEACF16-C4BB-4D55-A49C-DEF5FD6163D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013B7906-1556-42A2-9789-AC8F6FB43829}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40171638-2984-40DF-AF7C-11C690596551}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F070512-CC6F-4A8E-AFF2-D3D5321E3953}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6F1176AD-B032-4807-B786-6C8A34EE3EB8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{79535E6A-67D8-4C6F-8CEB-9CC7D0DDA663}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{7C756BE0-D1FB-479C-B19E-7C6190FBA177}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9273E720-55AD-498F-A3AD-C81F302465A8}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe | 
"{99E1D3F2-7150-4894-A146-792135081D3A}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{A41C7F57-E1BC-4D63-9B00-6F8514C99032}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe | 
"{CB4C30CC-7049-4B53-8977-2B76D0EAA1BD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{CF2D152F-40F5-45DC-BC58-32585F6FBB18}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F1D1D4A8-FB93-40C5-B2AF-BA09D8306046}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe | 
"{FB390B75-572E-461B-918F-3DF12F267439}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FDF3CF8C-2BC5-43CC-8971-589CE9A4A551}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{4270A8FF-B743-4189-9E88-71BD716494AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{97ACA1ED-66A7-4F34-8EDE-80FD08A32581}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | 
"TCP Query User{992EB7FA-9F01-431A-81F3-1143BC07BA23}C:\program files\atube catcher\yct.exe" = protocol=6 | dir=in | app=c:\program files\atube catcher\yct.exe | 
"UDP Query User{3CE67A4C-D7DE-4958-95ED-4EA42BEB794A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9F104F62-6F82-4322-A82D-383A63AFD7E0}C:\program files\atube catcher\yct.exe" = protocol=17 | dir=in | app=c:\program files\atube catcher\yct.exe | 
"UDP Query User{A34832E1-3369-444F-93E0-21129F273176}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21275B6A-333E-3EF6-E68D-B5F5B4B1F6BB}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2AD3FCB8-B812-1A51-D45F-0A71277347E6}" = CCC Help Finnish
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BB57D38-931A-02AB-7C19-B039C87156BA}" = CCC Help Hungarian
"{2D1A4418-8BC0-3805-7DD2-4993394000AE}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F2A0484-F9B4-AC18-1580-73A6DBD526D3}" = Catalyst Control Center Localization All
"{40FDA966-C08D-93FC-5B62-87B0305989D5}" = CCC Help Polish
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51D1EA4C-3EC5-4A29-8BB6-CC7D447CCFD0}" = CCC Help Japanese
"{5425B69E-410D-FF8E-6382-53914B29DB34}" = CCC Help French
"{5592F5BF-0A6D-77BE-31D9-A212800C153C}" = CCC Help German
"{5785EE0B-DA31-82C5-345A-6AC0721A5445}" = CCC Help Thai
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60D157A6-087B-ABE4-0B5D-69DCB6ADB4B2}" = CCC Help English
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67BCBB5E-9534-81D4-A489-47D8A3BE22BF}" = CCC Help Spanish
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{708FB213-9CA6-6865-BCEA-6A50206BC17E}" = CCC Help Portuguese
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{759688C0-D976-D3A6-0FF5-CB0EA763B217}" = CCC Help Czech
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80198D8E-F593-17D6-26E7-DC4B66BABECD}" = Catalyst Control Center Graphics Light
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88632316-2F9C-7FAB-E867-C4DFBF79A84E}" = Catalyst Control Center Graphics Previews Vista
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B209A17-940A-D283-8F37-4D5276879CFF}" = CCC Help Korean
"{8CBBD910-23F3-D39C-8B38-2AEDD6C366F5}" = ccc-core-static
"{8D1D606A-EF54-ADEE-13EF-4B77CBE389F0}" = Catalyst Control Center Graphics Full Existing
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{AB629EB8-ABB4-F0EF-3C00-CF9B48C283DC}" = Catalyst Control Center Graphics Full New
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
"{AEB7003F-AE66-23F2-20A2-F758446BE167}" = CCC Help Norwegian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CC45D760-77CC-2B22-F691-3AC97C4BF788}" = CCC Help Greek
"{CD185B84-7A26-5EEF-2F05-0CEA3463E557}" = Catalyst Control Center Core Implementation
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1F43BEE-D0A4-400B-EFA4-134EC78C81F4}" = CCC Help Turkish
"{D7C66DC3-B601-E9F2-4157-D47E687C4539}" = CCC Help Dutch
"{D84424BF-5F86-D649-14F3-A8AEB768A5F7}" = CCC Help Russian
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2E28E25-79C1-5108-F7F4-EF42AE64711D}" = CCC Help Swedish
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E6C93A10-25F6-CEC8-8B11-AAC52F4E67A1}" = ATI Catalyst Install Manager
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D4A558-9D51-6ABF-7CA3-0EE1DB2ED48F}" = CCC Help Chinese Standard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA8D70EF-1D0D-C0FD-B0D8-9610D5381930}" = CCC Help Italian
"{FB8113BC-BB40-DEF0-C734-36697D1774C2}" = ccc-utility
"{FFA6BAD0-1B3D-E4B0-95FC-FBFABDCABEF5}" = CCC Help Chinese Traditional
"ACRYSH6_is1" = ArchiCrypt Shredder Version 6.0.9.5654
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"DivX Setup" = DivX-Setup
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Picasa 3" = Picasa 3
"Software Informer_is1" = Software Informer 1.0 BETA
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 2/20/2013 1:31:00 PM | Computer Name = Giz-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 2/20/2013 1:32:03 PM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
[ TuneUp Events ]
Error - 2/16/2013 5:18:01 AM | Computer Name = Giz-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 2/16/2013 2:56:16 PM | Computer Name = Giz-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 2/16/2013 2:56:16 PM | Computer Name = Giz-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         

Antwort

Themen zu zip. Anhang geöffnet TR/Matsnu.EB.101
32 bit, adware/yontoo.e.1, antivir, avira, checkliste, delta search, delta toolbar, desktop, email, excel, firefox, flash player, free download, google, homepage, install.exe, installation, intranet, javaws.exe, msiexec.exe, object, picasa, programm, pup.smspay.pgen, realtek, registry, remote control, security, server, smartbar, software, super, svchost.exe, tarma, tr/matsnu.a.63, tr/matsnu.eb.101, trojaner, windows, wlansvc, zip. anhang



Ähnliche Themen: zip. Anhang geöffnet TR/Matsnu.EB.101


  1. DHL-Mail Anhang geöffnet
    Log-Analyse und Auswertung - 02.06.2015 (9)
  2. DHL Spam-Anhang mit Mac geöffnet?
    Alles rund um Mac OSX & Linux - 29.05.2015 (1)
  3. DHL Spam-Anhang mit Mac geöffnet
    Alles rund um Mac OSX & Linux - 28.05.2015 (8)
  4. Bei Rechnungsaufforderung Anhang geöffnet.
    Log-Analyse und Auswertung - 10.05.2015 (9)
  5. DHL Paketankündigung Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.04.2015 (19)
  6. DHL Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (9)
  7. UPS-Mail anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (9)
  8. Windows8 TR/matsnu aus E-Mail runtergeladen und geöffnet
    Log-Analyse und Auswertung - 06.12.2013 (9)
  9. TR/Matsnu.A.66 im Email Anhang (geöffnet)
    Log-Analyse und Auswertung - 07.10.2013 (19)
  10. Anhang mit Trojaner geöffnet
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (19)
  11. Email-Anhang mit TR/Matsnu.EB.140n geöffnet
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (27)
  12. E-Mail Anhang / Rechnung / .ZIP / Trojaner (TR/Matsnu.EB.140)
    Log-Analyse und Auswertung - 19.04.2013 (2)
  13. Email-Anhang (ZIP) geöffnet
    Log-Analyse und Auswertung - 18.04.2013 (1)
  14. Email Anhang mit TR/Matsnu.EB.132 geöffnet
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (16)
  15. Email Anhang geöffnet!
    Log-Analyse und Auswertung - 11.03.2013 (44)
  16. Zip-Anhang von Rechnungsmail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (8)
  17. Flirt Fever Mail mit Anhang TR/Matsnu.A.63 + Dropper.MSIL.Gen Alle Dateien wurden umbenannt. HILFE!
    Log-Analyse und Auswertung - 03.06.2012 (1)

Zum Thema zip. Anhang geöffnet TR/Matsnu.EB.101 - Hallo zusammen. Zuerst einmal,schön das es euch gibt :-) Weiss nämlich nicht mehr weiter. Nun hat es uns auch erwischt :-(. Wir haben gestern eine Mahnung per Email bekommen,das wir - zip. Anhang geöffnet TR/Matsnu.EB.101...
Archiv
Du betrachtest: zip. Anhang geöffnet TR/Matsnu.EB.101 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.