Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 17.05.2013, 22:52   #1
Baumgard
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Guten Abend,

ich hab mir offensichtlich eine Trojaner eingefangen, der mich beim Online-Banking stört. Bei der ersten Anmeldung werde ich aufgefordert, Kreditkartendaten anzugeben ("wir haben Ihren PC nicht erkannt.."), bei weiteren Versuchen soll ich meine TANs eingeben. Hab natürlich beides nicht gemacht.

Über Google bin ich sehr schnell auf dieses Forum gestoßen, hab mit die Anleitung durchgelesen und nach dem Hinweis, dass man die Lösungen, die für andere Nutzer angeboten wurden, nicht anwenden soll diesen Thread eröffnet.

Mein Betriebssystem ist Windows 7 und als Virenschutz verwende ich die Avira Antivir Premium. Für beides lasse ich alle automatischen updates sofort ausführen, von daher ist mir unbegreiflich, wie es dieser Schädling doch auf meinen PC geschafft hat. Für Tipp diesbezüglich bin ich dankbar.

Die Logs von Avira und OTL sind angehängt. Die von OTL waren etwas zu groß, so dass ich sie teilen musste.

Gmer (Version 2.1.19163) funktioniert leider nicht. Nach etwa 2 Minuten bricht der Scan ab und es erscheint
die Fehlermeldung "Programm wird auf Grund eines Problems nicht richtig ausgeführt..." Ein Log-File wurde nicht erstellt.

Ich hoffe, Sie können mir helfen bedanke mich schon mal im Voraus...

Alt 18.05.2013, 00:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.05.2013, 09:28   #3
Baumgard
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Guten Morgen und danke für die schnelle Reaktion. Ältere Logs hab ich leider nicht. Zwischenzeitlich ist mir auch aufgefallen, dass das Internet auf dem betroffenen PC sehr langsam läuft. Kann das damit zusammenhängen?

freundliche Grüße

Oliver
__________________

Alt 19.05.2013, 01:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Das Log otl.txt ist leider unvollständig. Bitte die Logs nicht in den Anhang packen sondern in CODE-Tags posten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.05.2013, 13:24   #5
Baumgard
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Hallo,

bin nihct sehr geübt im Umgang mit Foren. Meist lese ich nur und finde, was ich brauche :-)

Beim ersten Versuch habe ich alle Codes - wie oben beschrieben - in den Text kopiert, dann kam die Meldung, die NAchricht sei zu lang. Deshalb hab ich sie angehängt. AUf die Idee, mehrer Beiträge zu verfassen, bin ich leider nicht gekommen. Hier der Inhalt der OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.05.2013 21:51:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oliver\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,08% Memory free
6,99 Gb Paging File | 5,79 Gb Available in Paging File | 82,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 446,84 Gb Total Space | 359,87 Gb Free Space | 80,53% Space Free | Partition Type: NTFS
Drive D: | 18,62 Gb Total Space | 2,33 Gb Free Space | 12,49% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 90,89 Mb Free Space | 91,79% Space Free | Partition Type: FAT32
 
Computer Name: NETBOOK | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.17 19:03:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe
PRC - [2013.05.16 22:53:03 | 000,844,168 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 23:50:22 | 000,400,704 | ---- | M] () -- C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
PRC - [2013.05.06 12:23:49 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.05.06 12:23:47 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.05.06 12:23:47 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.04.23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013.03.21 14:53:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.21 14:53:20 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.21 14:53:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.04.01 18:40:00 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2011.01.25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.11.18 19:59:52 | 000,338,208 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010.11.10 15:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2010.11.10 07:56:08 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.11.10 07:55:38 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.10.25 16:45:32 | 003,511,888 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
PRC - [2010.09.29 15:10:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010.09.29 15:10:00 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2010.09.03 18:13:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010.08.31 17:16:10 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2010.08.23 18:06:58 | 000,584,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.08.23 18:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.08.05 20:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010.07.21 15:33:00 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010.07.16 14:07:54 | 000,508,680 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe
PRC - [2010.07.15 12:22:36 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010.07.15 12:22:24 | 000,901,384 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe
PRC - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
PRC - [2010.06.07 12:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezSharedSvcHost.exe
PRC - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 07:13:37 | 000,115,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\9ab54aea64046cd2b4ff895b1c027c05\DeviceStoryAlbum.ni.dll
MOD - [2013.05.16 07:13:36 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\29be5a9cc5b83e2b30e9d788ac201f83\DevicePodcast.ni.dll
MOD - [2013.05.16 07:13:34 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b44e10add0a5276dc3fbbde338c4b5ea\DeviceVideo.ni.dll
MOD - [2013.05.16 07:13:33 | 000,355,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\9661c2265a6fb7782243c0633378a1e5\DevicePhoto.ni.dll
MOD - [2013.05.16 07:13:31 | 000,307,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ec4ba3e13a88086bf95ea05919513917\DeviceMusic.ni.dll
MOD - [2013.05.16 07:13:30 | 000,474,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\df3496a7e1364e2b78bac5b4aef48ae6\VideoManager.ni.dll
MOD - [2013.05.16 07:13:28 | 000,782,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\88ec39193b34cf293d0887383c2ccde5\PhotoManager.ni.dll
MOD - [2013.05.16 07:13:25 | 001,988,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\be4228490407398b302edeed5ea57879\Phonebook.ni.dll
MOD - [2013.05.16 07:13:20 | 000,207,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\ea5424dfc774422fa2038d980b1642d1\StoryAlbumManager.ni.dll
MOD - [2013.05.16 07:13:19 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\218ed646a2ca6d2c08509295ce556260\MusicManager.ni.dll
MOD - [2013.05.16 07:13:16 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\fbe4134679a5506a54004cd5952d7d29\BATPlugin.ni.dll
MOD - [2013.05.16 07:13:10 | 000,534,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\730c70013610eb7e73f49213b1076bab\Kies.Common.MediaDB.ni.dll
MOD - [2013.05.16 07:13:08 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\94fd3d4235723a962f8b3f29d7eac567\Kies.Common.AllShare.ni.dll
MOD - [2013.05.16 07:13:07 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1784a3c837a81be9ad8608a9405de178\Kies.Common.DBManager.ni.dll
MOD - [2013.05.16 07:13:06 | 001,146,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\1f04da0191d585e975a3f43548a70e2e\Podcaster.ni.dll
MOD - [2013.05.16 07:13:03 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\35992f641f4348746cfe0c6c1b48ece7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013.05.16 07:13:02 | 000,580,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f0dfcf225ea9ee5911a199d90da24d76\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013.05.16 07:12:59 | 001,205,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ddd3ef7293ae9ddaca67c1ab86f328c3\Kies.Common.DeviceService.ni.dll
MOD - [2013.05.16 07:12:56 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\99bba258903cd892a867461d55d728ff\DeviceCommonLib.ni.dll
MOD - [2013.05.16 07:12:53 | 000,743,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\d68e9699b3319f4d4a0d0fdb8855f48a\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013.05.16 07:12:51 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\50c6d0af63aa7107ec15d7ef86a62609\Kies.Common.MainUI.ni.dll
MOD - [2013.05.16 07:12:37 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6704d4bac5e6b834fe7cd1502f09f2cb\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013.05.16 07:12:31 | 002,202,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\dfc6504af8cd62a4a38a5b6ad7ca6566\Kies.Common.Multimedia.ni.dll
MOD - [2013.05.16 07:12:26 | 000,638,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2627bfc447a741309a32dbd51ee23dbc\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013.05.16 07:12:15 | 007,031,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\be28b9e8726e3ab319a05ee11b0bc412\DeviceHost.ni.dll
MOD - [2013.05.16 07:12:02 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\37bb8c2ca86bf868044bce11e73d1efc\Kies.Common.Util.ni.dll
MOD - [2013.05.16 07:12:00 | 001,899,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7aef2d5e9f446c4108ed337e465cd196\Kies.UI.ni.dll
MOD - [2013.05.16 07:11:56 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013.05.16 07:11:55 | 001,273,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0687f786aa9dd34f7dd8d26cdfdb065f\Kies.Interface.ni.dll
MOD - [2013.05.16 07:11:10 | 002,177,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\81b8201bf1ea967ba701b63e65e75e47\Kies.ni.exe
MOD - [2013.05.16 07:08:29 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013.05.16 07:04:42 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013.05.16 07:04:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 07:03:44 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013.05.16 07:03:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.16 07:03:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.15 23:23:39 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013.05.15 23:23:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013.05.15 23:23:07 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013.05.15 23:23:05 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013.05.15 23:22:41 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013.05.09 23:50:22 | 000,400,704 | ---- | M] () -- C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MOD - [2013.05.02 10:30:02 | 017,554,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll
MOD - [2013.05.02 10:30:00 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\5face173af94a7083cea1c078a6b4938\DummyStorePlugin.ni.dll
MOD - [2013.05.02 10:29:35 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a5bd3f2855afcc1f5bf15057c35bd48d\Kies.Common.StoreManager.ni.dll
MOD - [2013.05.02 10:29:31 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\fde643974d1f6bc8843237cedb262c9b\Kies.Common.CRMManager.ni.dll
MOD - [2013.05.02 10:29:25 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\94eee0f7d59880d4ff2754ad67877ac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013.05.02 10:29:24 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\931b9596988f8d16731b691a35a25727\Interop.DevFileServiceLib.ni.dll
MOD - [2013.05.01 11:34:16 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd5cbd625647b2af277b7c5c0ffb8f5b\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013.05.01 11:34:11 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\bbd37020633f9e7f190af58b7bf6138f\ZipStore.ni.dll
MOD - [2013.05.01 11:34:11 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\bfc490c6779a7a9ae85832ca58c27054\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013.05.01 11:34:04 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\15fff4c0b61cdf95cf8c94850bfbde5f\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013.05.01 11:34:02 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.05.01 11:28:02 | 001,644,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll
MOD - [2013.05.01 11:28:00 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll
MOD - [2013.02.15 23:05:31 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.15 22:12:59 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.01.31 21:39:01 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll
MOD - [2013.01.13 20:01:38 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
MOD - [2013.01.13 20:01:35 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll
MOD - [2013.01.13 20:01:13 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013.01.13 20:01:12 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013.01.13 20:01:12 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013.01.13 20:00:58 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll
MOD - [2013.01.11 13:36:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.11 13:35:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 13:34:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.11 13:33:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.11 13:33:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 13:32:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.11 13:25:42 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 13:25:26 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.11 13:21:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.11 13:21:10 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.11 13:20:57 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2010.12.15 22:23:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.10 15:39:38 | 000,096,256 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.10.25 16:45:46 | 020,895,312 | ---- | M] () -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe
MOD - [2010.08.31 17:16:10 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2010.07.21 15:33:02 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2010.07.21 15:33:00 | 000,030,264 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
MOD - [2010.06.07 12:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.15 16:50:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.06 12:23:49 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.05.06 12:23:47 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.03.21 14:53:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.21 14:53:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.04.01 18:40:00 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.11.18 19:59:52 | 000,338,208 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010.11.10 15:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010.11.10 07:55:38 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.10.25 16:45:32 | 003,511,888 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.09.29 15:10:00 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.08.23 18:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.08.05 20:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.07.16 14:07:54 | 000,508,680 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010.07.15 12:22:24 | 000,901,384 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) [Auto | Running] -- C:\Windows\System32\ezSharedSvcHost.exe -- (ezSharedSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2013.04.03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.04.03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.03.21 14:53:30 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.21 14:53:30 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.21 14:53:30 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012.10.09 22:11:23 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.01.03 17:28:54 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.10 08:33:04 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.11.10 07:18:34 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.10.26 18:59:36 | 000,402,432 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2010.10.14 11:17:14 | 000,033,280 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaud.sys -- (btmaudio)
DRV - [2010.09.29 15:10:00 | 000,432,640 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.09.24 17:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.09.03 18:13:32 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010.07.21 03:43:16 | 000,194,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.06.30 12:02:08 | 000,041,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2010.04.29 14:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.11.11 13:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://news.google.de/
IE - HKCU\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {A7CBC86F-D1CC-4E19-B69A-6B103FD66D0A}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{A7CBC86F-D1CC-4E19-B69A-6B103FD66D0A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.giga.de/go/wy7"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Oliver\AppData\Roaming\05001.069 [2012.08.10 19:50:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.09 17:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.28 18:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Oliver\AppData\Roaming\05001.069 [2012.08.10 19:50:34 | 000,000,000 | ---D | M]
 
[2012.01.28 18:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions
[2012.03.26 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\fus14huh.default\extensions
[2012.01.28 18:54:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\fus14huh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.02.21 08:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.28 18:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.01.28 18:53:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FF88A983-649D-4207-9336-9B999280B436} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [Edhyevi] C:\Users\Oliver\AppData\Roaming\Onli\eqkem.exe (Mandiant)
O4 - HKCU..\Run: [IExplorer Util] C:\Users\Oliver\AppData\Roaming\ie_util.exe (Mandiant)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EA31F7-E149-4EE8-88C1-354F9A8FDBAD}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{efcb11ec-d6e6-11e0-be5d-68b599e29c56}\Shell - "" = AutoRun
O33 - MountPoints2\{efcb11ec-d6e6-11e0-be5d-68b599e29c56}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.17 19:03:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe
[2013.05.17 03:43:08 | 000,053,760 | ---- | C] (Mandiant) -- C:\Users\Oliver\AppData\Roaming\ie_util.exe
[2013.05.16 22:54:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.05.16 22:51:09 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Amazon MP3
[2013.05.16 22:51:00 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013.05.16 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Program Files
[2013.05.16 22:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eb0aa9f5-d90d-429d-91cc-de4db96b16c7
[2013.05.16 22:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Ulyn
[2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Onli
[2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Exef
[2013.05.06 12:24:33 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 10:48:24 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013.05.01 10:48:24 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013.04.29 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Wild Tangent
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Oliver\AppData\Roaming\*.tmp files -> C:\Users\Oliver\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.17 21:56:46 | 000,023,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 21:56:46 | 000,023,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.17 21:56:43 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.17 21:56:43 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.17 21:56:43 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 21:56:43 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.17 21:50:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.17 21:49:58 | 000,019,193 | -HS- | M] () -- C:\ProgramData\5141aca6-a50b-4f62-a338-b275b23fbfe9
[2013.05.17 21:49:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.17 21:48:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.17 21:48:21 | 2813,775,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.17 21:44:32 | 000,000,000 | ---- | M] () -- C:\Users\Oliver\defogger_reenable
[2013.05.17 21:25:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 19:04:43 | 000,377,856 | ---- | M] () -- C:\Users\Oliver\Desktop\gmer_2.1.19163.exe
[2013.05.17 19:03:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe
[2013.05.17 19:03:12 | 000,050,477 | ---- | M] () -- C:\Users\Oliver\Desktop\Defogger.exe
[2013.05.17 03:43:07 | 000,053,760 | ---- | M] (Mandiant) -- C:\Users\Oliver\AppData\Roaming\ie_util.exe
[2013.05.16 07:01:52 | 000,429,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 20:11:52 | 000,000,191 | ---- | M] () -- C:\Users\Oliver\AppData\Local\mv_Photo.xml
[2013.05.06 12:23:59 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.04 13:35:37 | 000,000,176 | ---- | M] () -- C:\Users\Oliver\AppData\Local\mv_music.xml
[2013.05.02 21:47:02 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOliver.job
[2013.05.01 10:49:06 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.05.01 07:12:21 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.25 23:41:51 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2013.04.25 14:19:04 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNETBOOK$.job
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Oliver\AppData\Roaming\*.tmp files -> C:\Users\Oliver\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.17 21:44:32 | 000,000,000 | ---- | C] () -- C:\Users\Oliver\defogger_reenable
[2013.05.17 19:04:43 | 000,377,856 | ---- | C] () -- C:\Users\Oliver\Desktop\gmer_2.1.19163.exe
[2013.05.17 19:03:10 | 000,050,477 | ---- | C] () -- C:\Users\Oliver\Desktop\Defogger.exe
[2013.05.16 22:29:14 | 000,019,193 | -HS- | C] () -- C:\ProgramData\5141aca6-a50b-4f62-a338-b275b23fbfe9
[2013.05.16 22:29:14 | 000,016,725 | -HS- | C] () -- C:\ProgramData\5141aca6-a50b-4f62-a338-b275b23fbfe9
[2013.05.01 07:12:21 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.24 23:03:26 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2013.03.10 20:09:34 | 000,120,695 | ---- | C] () -- C:\Users\Oliver\Saeco_Nova Sup Testmodus.pdf
[2013.03.10 20:08:00 | 000,261,717 | ---- | C] () -- C:\Users\Oliver\Saeco_Nova Sup zerlegen.pdf
[2013.02.26 19:57:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.02.26 19:57:11 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013.02.23 12:46:17 | 000,000,614 | ---- | C] () -- C:\Windows\wiso.ini
[2012.12.28 00:30:26 | 000,009,295 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Kommagetrennte Werte (DOS).EML
[2012.12.19 00:46:01 | 000,076,339 | ---- | C] () -- C:\ProgramData\moshzrzqkbmkgjl
[2012.12.14 18:30:20 | 000,000,158 | ---- | C] () -- C:\Windows\LilliP.ini
[2012.09.16 21:00:46 | 000,022,528 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.08.28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.08.28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.08.10 20:53:33 | 000,000,011 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\urhtps.dat
[2012.08.09 22:43:38 | 000,000,016 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\blckdom.res
[2012.01.28 18:53:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.12.11 18:25:58 | 000,000,032 | ---- | C] () -- C:\Users\Oliver\.simfy
[2011.10.01 14:35:05 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.09.30 22:28:13 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.09.30 15:16:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.09.30 15:16:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.09.15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.07.09 13:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011.06.28 20:54:44 | 000,000,243 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2011.06.28 19:50:01 | 000,000,191 | ---- | C] () -- C:\Users\Oliver\AppData\Local\mv_Photo.xml
[2011.06.28 19:50:01 | 000,000,176 | ---- | C] () -- C:\Users\Oliver\AppData\Local\mv_music.xml
[2011.06.24 13:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.24 13:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.06.24 13:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.06.24 13:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.06.24 13:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.06.24 13:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.06.24 13:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.06.24 13:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.06.24 13:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.06.24 13:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.09 22:43:48 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\05001.067
[2012.08.10 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\05001.069
[2011.12.19 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Amazon
[2013.02.23 12:42:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Buhl Data Service
[2012.11.20 22:47:28 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\calibre
[2012.12.09 23:32:57 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DVDVideoSoft
[2012.12.09 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.23 23:09:47 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\elsterformular
[2012.01.22 16:22:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Engelmann Media
[2013.05.17 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Exef
[2012.01.28 18:57:47 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FlashGet
[2011.09.30 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FreePDF
[2012.08.09 22:43:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\kock
[2011.08.27 16:46:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Mobipocket
[2012.06.02 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\mresreg
[2013.05.16 22:32:18 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Onli
[2011.06.28 19:53:09 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\PictureMover
[2012.07.27 22:12:07 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ROUTE 66 Sync
[2013.01.31 21:09:38 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Samsung
[2011.12.11 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Simfy
[2011.06.28 19:52:05 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Stardock
[2011.06.28 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Synaptics
[2012.08.11 13:15:39 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\UAs
[2013.05.16 22:32:18 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Ulyn
[2013.03.22 21:09:28 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\WildTangent
[2012.12.28 00:17:54 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Windows Live Writer
[2012.08.11 13:16:36 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\xmldm
[2011.06.30 19:57:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ZumoDrive
[2011.06.28 20:02:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Soll ich die übrigen Files auch noch mal schicken?


Alt 19.05.2013, 20:47   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an

Alt 20.05.2013, 11:53   #7
Baumgard
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Hallo,

Hab combofix ausgeführt, Log s.u.
Folgende Fragen hätt ich noch vorab:
Mein Internet geht wieder schneller. Ist das ein Zeichen, dass bestehende Probleme behoben wurden?
Ist es überhaupt ratsam, mit dem infizierten PC ins Netz zu gehen?
Ich hab versucht, die Logs auf einen USB-Stick zu ziehen und wollte die Kommunikation mit dir von einem anderen PC aus durchführen, aber der PC zeigt mir den Stick nicht an. Wurde der mit defogger deaktiviert?

Während Combofix gelaufen ist, sind folgende Eingriffe geschehen:

1) ich hab ne Funkmaus, die sich bei Inaktivität automatisch abschaltet
2) Weil der Bildschirmschoner angesprungen ist, hab ich die Leertaste gedrückt,
nach Stufe 41 und
nach löschen der Datei ~roaming/onli
3) Nach dem Neustart kam die Meldung "Catalyst Control Center Host Application funktioniert nicht mehr...." Da hab ich den Button "Programm schließen" betätigt.

4) Nachdem Cobofix beendet war, wollte ich mit IE ins Netz und bekam die Meldung "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum löschen vorgemerkt wurde". Das gleiche bei Mozilla und Outlook.
Ich hab den PC noch mal neu gestartet, jetzt funktioniert es wieder.

Hier der Log:
Code:
ATTFilter
ComboFix 13-05-18.04 - Oliver 20.05.2013  11:55:11.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3578.2401 [GMT 2:00]
ausgeführt von:: c:\users\Oliver\Desktop\Tojaner\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\5141aca6-a50b-4f62-a338-b275b23fbfe9
c:\programdata\windows
c:\programdata\windows\dumd.dat
c:\programdata\windows\wsse.dll
c:\programdata\windows\xdor.dat
c:\users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
c:\users\Oliver\AppData\Roaming\05001.067
c:\users\Oliver\AppData\Roaming\05001.067\chrome.manifest
c:\users\Oliver\AppData\Roaming\05001.067\components\AcroFF.txt
c:\users\Oliver\AppData\Roaming\05001.067\install.rdf
c:\users\Oliver\AppData\Roaming\05001.069
c:\users\Oliver\AppData\Roaming\05001.069\chrome.manifest
c:\users\Oliver\AppData\Roaming\05001.069\components\AcroFF.txt
c:\users\Oliver\AppData\Roaming\05001.069\install.rdf
c:\users\Oliver\AppData\Roaming\AcroIEHelpe.txt
c:\users\Oliver\AppData\Roaming\ie_util.exe
c:\users\Oliver\AppData\Roaming\Onli
c:\users\Oliver\AppData\Roaming\Onli\eqkem.exe
c:\users\Oliver\AppData\Roaming\srvblck5.tmp
c:\windows\security\Database\tmp.edb
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-20 bis 2013-05-20  ))))))))))))))))))))))))))))))
.
.
2013-05-17 20:21 . 2013-05-17 20:21	103680	----a-w-	C:\uxddqpog.sys
2013-05-16 20:50 . 2013-05-16 20:50	--------	d-----w-	c:\users\Oliver\AppData\Local\Program Files
2013-05-16 20:33 . 2013-05-20 09:38	--------	d-----w-	c:\programdata\eb0aa9f5-d90d-429d-91cc-de4db96b16c7
2013-05-16 20:32 . 2013-05-17 22:42	--------	d-----w-	c:\users\Oliver\AppData\Roaming\Exef
2013-05-16 20:32 . 2013-05-16 20:32	--------	d-----w-	c:\users\Oliver\AppData\Roaming\Ulyn
2013-05-15 06:16 . 2013-04-01 05:10	77144	----a-w-	c:\windows\system32\mcupdate_AuthenticAMD.dll
2013-05-15 06:16 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 06:16 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 06:16 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 06:16 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 06:16 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 06:15 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-15 06:15 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-15 06:15 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-08 20:23 . 2013-05-08 20:25	--------	d-----w-	c:\users\Katrin\AppData\Roaming\vlc
2013-05-06 10:24 . 2013-05-06 10:23	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-01 08:48 . 2013-04-03 07:58	83864	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-05-01 08:48 . 2013-04-03 07:58	181912	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-04-29 20:18 . 2013-04-29 20:18	--------	d-----w-	c:\users\Oliver\AppData\Local\Wild Tangent
2013-04-24 06:06 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-21 17:47 . 2013-04-21 17:47	410984	----a-w-	c:\windows\system32\deploytk.dll
2013-04-21 09:34 . 2013-04-21 09:35	--------	d-----w-	c:\users\Katrin\AppData\Roaming\calibre
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 14:50 . 2012-04-13 05:41	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-15 14:50 . 2011-07-06 04:48	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 06:00 . 2011-12-04 19:42	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 04:45 . 2013-05-15 06:16	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 06:16	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-21 12:53 . 2012-10-10 20:51	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-21 12:53 . 2012-10-10 20:51	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-21 12:53 . 2012-10-10 20:51	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-19 05:04 . 2013-04-10 11:18	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:18	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 11:18	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 11:18	69632	----a-w-	c:\windows\system32\smss.exe
2013-02-21 06:25 . 2013-02-19 17:12	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-21 06:25 . 2010-12-15 13:04	782240	----a-w-	c:\windows\system32\deployJava1.dll
2011-06-16 04:32 . 2012-01-28 16:53	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-05-16 844168]
"<NO NAME>"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-05-16 844168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 336384]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-29 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-10-25 20895312]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-08-31 568888]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-23 584760]
"Easybits Recovery"="c:\program files\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2013-05-06 148888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2010-11-12 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk]
path=c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup
backupExtension=.Startup
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\1&1 Surf-Stick\AssistantServices.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:50]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 19:02]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 19:02]
.
2013-04-25 c:\windows\Tasks\HPCeeScheduleForNETBOOK$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-05-02 c:\windows\Tasks\HPCeeScheduleForOliver.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://news.google.de/
IE: Free YouTube Download - c:\users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\fus14huh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.giga.de/go/wy7
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ff88a983-649d-4207-9336-9b999280b436} - (no file)
WebBrowser-{FF88A983-649D-4207-9336-9B999280B436} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
HKCU-Run-Edhyevi - c:\users\Oliver\AppData\Roaming\Onli\eqkem.exe
HKCU-Run-AmazonMP3DownloaderHelper - c:\users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKCU-Run-IExplorer Util - c:\users\Oliver\AppData\Roaming\ie_util.exe
AddRemove-Konkordanz 1.0 - c:\windows\unin0407.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\windows\System32\rundll32.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Motorola\Bluetooth\btplayerctrl.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-20  12:34:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-20 10:34
.
Vor Suchlauf: 12 Verzeichnis(se), 394.020.843.520 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 397.626.580.992 Bytes frei
.
- - End Of File - - 86F0EAF8F4848876E7EBCEE4795A6D17
         
freundliche Grüße

Oliver

Alt 20.05.2013, 22:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Lass mich bitte die Logs auswerten bevor ich Fragen bzgl der Infektion beanworten soll
Grundsätzlich ist es immer so: es gibt KEINE Garantie, dass ich oder irgendein Programm alle Infektionen sieht, erkennt und entfernt. Ein Restrisiko ist immer. Wenn du also fragst "bin ich nun 100% sicher, dass alles weg ist?" dann muss ich das verneinen. Es gibt da keine 100 % Garantie. Wenn du die haben willst, musst du alles löschen und Windows neu installieren.

Bitte sag mit Bescheid wenn du das gelesen und verstanden hast.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.05.2013, 07:12   #9
Baumgard
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Guten Morgen Cosinus,

ich hab deine Nachricht - wie auch alle anderen davor - verstanden. Mir war das vorher schon klar, steht ja schließlich auch in der Anleitung "Für alle Hilfesuchenden...". Deshalb hab ich auch nicht gefragt "Ist mein PC jetzt 100% sauber" sondern "Ist das bestehende Problem..." also das Problem, das mein Internet langsamer gemacht hat - gelöst.

Die Frage, ob ich mit dem infizierten Rechner besser nicht ins Netz gehen soll, finde ich wichtig und sie sollte meiner Meinung nach nicht warten, bis deine Arbeit beendet ist, denn dann hat sich das je erledigt, oder?

Ich finde es fantastisch, dass du deine Freizeit opferst um anderen zu helfen. Es verunsichert mich, dass du wiederholt Hinweise postest, die in der Anleitung bereits enthalten sind und die ich meiner Meinung nach beachte. Bitte weise mich konkret darauf hin, wenn ich was falsch mache und lass die Allgemeinplätze weg.

Ich wünsch dir einen schönen Tag

Oliver

Alt 21.05.2013, 13:11   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Zitat:
Ist es überhaupt ratsam, mit dem infizierten PC ins Netz zu gehen?
Na, diese Frage hab ich so interpretiert, dass du noch wissen wolltest, ob der PC infiziert ist oder nicht und ob man dieser Kiste trauen kann auch wenn die Logs sauber sind.
Deswegen antwortete ich so wie ich es im letzten Posting tat.

Bitte GMER nochmal probieren und anschließend MBAR:

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.05.2013, 18:26   #11
Baumgard
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Hallo Cosinus,

dann ist ja alles klar. Ich hab GMER erneut laufen lassen. Nachdem der Bildschirmschoner angesprungen ist, hat es gestoppt. Das Log-File:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-21 18:02:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725050A9A364 rev.PC4OCH0A 465,76GB
Running: 3_gmer_2.1.19163.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\uxddqpog.sys


---- System - GMER 2.1 ----

SSDT            9285B15E                                                                                                                                     ZwCreateSection
SSDT            9285B136                                                                                                                                     ZwCreateSymbolicLinkObject
SSDT            9285B13B                                                                                                                                     ZwLoadDriver
SSDT            9285B131                                                                                                                                     ZwOpenSection
SSDT            9285B168                                                                                                                                     ZwRequestWaitReplyPort
SSDT            9285B163                                                                                                                                     ZwSetContextThread
SSDT            9285B16D                                                                                                                                     ZwSetSecurityObject
SSDT            9285B140                                                                                                                                     ZwSetSystemInformation
SSDT            9285B172                                                                                                                                     ZwSystemDebugControl
SSDT            9285B0FF                                                                                                                                     ZwTerminateProcess
SSDT            9285B0FA                                                                                                                                     ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                     82C54A09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                       82C8E1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                          82C9534C 1 Byte  [5E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                          82C9534C 4 Bytes  [5E, B1, 85, 92] {POP ESI; MOV CL, 0x85; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                                                                          82C95354 4 Bytes  [36, B1, 85, 92] {MOV CL, 0x85; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                                          82C95468 4 Bytes  [3B, B1, 85, 92]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                                                                          82C95504 4 Bytes  [31, B1, 85, 92]
.text           ...                                                                                                                                          
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                     section is writeable [0x92A3C000, 0x353030, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1112] ntdll.dll!DbgBreakPoint                                             77A7410C 1 Byte  [C3]
.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1112] ntdll.dll!DbgUiRemoteBreakin                                        77ADF17D 5 Bytes  JMP 77A9E342 C:\Windows\SYSTEM32\ntdll.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                      Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                      Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                     fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{45A296CE-0874-437C-AE0C-9D080DE55A06}\Connection@Name  isatap.{A49BE73C-50EE-4F7C-B2C5-EB7E40BFDD35}
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind     \Device\{36EF4AF8-8670-4E1D-86CE-4417ED743C32}?\Device\{45A296CE-0874-437C-AE0C-9D080DE55A06}?\Device\{571189A1-065C-4461-98BA-7DFF6E4676A2}?\Device\{8F784BAD-663E-43A7-9BB8-809EA79D4BCD}?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route    "{36EF4AF8-8670-4E1D-86CE-4417ED743C32}"?"{45A296CE-0874-437C-AE0C-9D080DE55A06}"?"{571189A1-065C-4461-98BA-7DFF6E4676A2}"?"{8F784BAD-663E-43A7-9BB8-809EA79D4BCD}"?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export   \Device\TCPIP6TUNNEL_{36EF4AF8-8670-4E1D-86CE-4417ED743C32}?\Device\TCPIP6TUNNEL_{45A296CE-0874-437C-AE0C-9D080DE55A06}?\Device\TCPIP6TUNNEL_{571189A1-065C-4461-98BA-7DFF6E4676A2}?\Device\TCPIP6TUNNEL_{8F784BAD-663E-43A7-9BB8-809EA79D4BCD}?
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9ed9a53                                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{45A296CE-0874-437C-AE0C-9D080DE55A06}@InterfaceName                       isatap.{A49BE73C-50EE-4F7C-B2C5-EB7E40BFDD35}
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{45A296CE-0874-437C-AE0C-9D080DE55A06}@ReusableType                        0
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9ed9a53 (not active ControlSet)                                              

---- EOF - GMER 2.1 ----
         
Also hab ich den Bildschirmschoner deaktiviert und meine Funkmaus abgezogen. Dann den Scan neu gestartet. Ergebnis:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-21 18:59:11
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725050A9A364 rev.PC4OCH0A 465,76GB
Running: 3_gmer_2.1.19163.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\uxddqpog.sys


---- System - GMER 2.1 ----

SSDT            9285B15E                                                                                         ZwCreateSection
SSDT            9285B136                                                                                         ZwCreateSymbolicLinkObject
SSDT            9285B13B                                                                                         ZwLoadDriver
SSDT            9285B131                                                                                         ZwOpenSection
SSDT            9285B168                                                                                         ZwRequestWaitReplyPort
SSDT            9285B163                                                                                         ZwSetContextThread
SSDT            9285B16D                                                                                         ZwSetSecurityObject
SSDT            9285B140                                                                                         ZwSetSystemInformation
SSDT            9285B172                                                                                         ZwSystemDebugControl
SSDT            9285B0FF                                                                                         ZwTerminateProcess
SSDT            9285B0FA                                                                                         ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82C54A09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82C8E1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82C9534C 1 Byte  [5E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82C9534C 4 Bytes  [5E, B1, 85, 92] {POP ESI; MOV CL, 0x85; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                              82C95354 4 Bytes  [36, B1, 85, 92] {MOV CL, 0x85; XCHG EDX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                              82C95468 4 Bytes  [3B, B1, 85, 92]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                              82C95504 4 Bytes  [31, B1, 85, 92]
.text           ...                                                                                              
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x92A3C000, 0x353030, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9ed9a53                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9ed9a53 (not active ControlSet)  
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize                    916

---- EOF - GMER 2.1 ----
         
Mbar hat nichts weiter gefunden und gesagt, ein Neustart wäre nicht nötig. Hier das Log:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.21.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Oliver :: NETBOOK [administrator]

21.05.2013 19:19:32
mbar-log-2013-05-21 (19-19-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29751
Time elapsed: 13 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Heute hab ich von meinem Provider 1&1 folgendes Mail erhalten:
Sehr geehrte/r Herr Oliver Baumgard,

heute erhalten Sie eine dringende Nachricht zu Ihrem 1&1 DSL-Anschluss. 1&1 hat es sich zur Aufgabe gemacht, seine Kunden vor den Gefahren des Internets zu sch tzen.

Unser Expertenteam hat Hinweise erhalten, dass sich der gef hrliche Virus "Torpig" auf Ihrem Computer befindet.

Datum und Uhrzeit des Hinweises: 2013-05-17 17:48:00


freundliche Grüße

Oliver

Alt 21.05.2013, 20:13   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.05.2013, 06:55   #13
Baumgard
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Guten Morgen,

ASWMBR ist recht lange gelaufen, hier der log:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-21 21:42:21
-----------------------------
21:42:21.486    OS Version: Windows 6.1.7601 Service Pack 1
21:42:21.486    Number of processors: 2 586 0x100
21:42:21.486    ComputerName: NETBOOK  UserName: Oliver
21:42:24.559    Initialize success
21:44:27.418    AVAST engine defs: 13052101
21:44:37.137    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:44:37.153    Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OCH0A Size: 476940MB BusType: 11
21:44:39.134    Disk 0 MBR read successfully
21:44:39.134    Disk 0 MBR scan
21:44:39.149    Disk 0 Windows 7 default MBR code
21:44:39.227    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
21:44:39.368    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       457568 MB offset 409600
21:44:39.539    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        19068 MB offset 937508864
21:44:39.727    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
21:44:39.929    Disk 0 scanning sectors +976771120
21:44:42.098    Disk 0 scanning C:\Windows\system32\drivers
21:48:05.819    Service scanning
21:48:50.809    Modules scanning
21:53:40.893    Disk 0 trace - called modules:
21:53:41.439    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 
21:53:41.470    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86716270]
21:53:41.485    3 CLASSPNP.SYS[8c97f59e] -> nt!IofCallDriver -> [0x86716990]
21:53:41.501    5 hpdskflt.sys[8ca09f92] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862a2030]
21:53:43.669    AVAST engine scan C:\Windows
21:58:59.102    AVAST engine scan C:\Windows\system32
22:45:13.177    AVAST engine scan C:\Windows\system32\drivers
22:46:13.814    AVAST engine scan C:\Users\Oliver
23:24:10.210    AVAST engine scan C:\ProgramData
23:27:33.293    Scan finished successfully
07:52:06.690    Disk 0 MBR has been saved successfully to "C:\Users\Oliver\Desktop\Tojaner\MBR.dat"
07:52:06.706    The log file has been saved successfully to "C:\Users\Oliver\Desktop\Tojaner\6_aswMBR.txt"
         
Aktuell läuft TDSSKiller log schick ich heut abend

schönen Tag

Das ging ja superfix,

hier der nächste Log:
Code:
ATTFilter
07:56:23.0515 9796  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:56:23.0733 9796  ============================================================
07:56:23.0733 9796  Current date / time: 2013/05/22 07:56:23.0733
07:56:23.0733 9796  SystemInfo:
07:56:23.0733 9796  
07:56:23.0733 9796  OS Version: 6.1.7601 ServicePack: 1.0
07:56:23.0733 9796  Product type: Workstation
07:56:23.0733 9796  ComputerName: NETBOOK
07:56:23.0733 9796  UserName: Oliver
07:56:23.0733 9796  Windows directory: C:\Windows
07:56:23.0733 9796  System windows directory: C:\Windows
07:56:23.0733 9796  Processor architecture: Intel x86
07:56:23.0733 9796  Number of processors: 2
07:56:23.0733 9796  Page size: 0x1000
07:56:23.0733 9796  Boot type: Normal boot
07:56:23.0733 9796  ============================================================
07:56:24.0825 9796  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:56:24.0825 9796  ============================================================
07:56:24.0825 9796  \Device\Harddisk0\DR0:
07:56:24.0825 9796  MBR partitions:
07:56:24.0825 9796  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
07:56:24.0825 9796  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37DB0000
07:56:24.0825 9796  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37E14000, BlocksNum 0x253E000
07:56:24.0825 9796  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
07:56:24.0825 9796  ============================================================
07:56:24.0857 9796  C: <-> \Device\Harddisk0\DR0\Partition2
07:56:24.0888 9796  D: <-> \Device\Harddisk0\DR0\Partition3
07:56:24.0903 9796  E: <-> \Device\Harddisk0\DR0\Partition4
07:56:24.0903 9796  ============================================================
07:56:24.0903 9796  Initialize success
07:56:24.0903 9796  ============================================================
07:56:49.0317 6992  ============================================================
07:56:49.0317 6992  Scan started
07:56:49.0317 6992  Mode: Manual; SigCheck; TDLFS; 
07:56:49.0317 6992  ============================================================
07:56:49.0739 6992  ================ Scan system memory ========================
07:56:49.0739 6992  System memory - ok
07:56:49.0739 6992  ================ Scan services =============================
07:56:49.0926 6992  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:56:50.0066 6992  1394ohci - ok
07:56:50.0113 6992  [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
07:56:50.0129 6992  Accelerometer - ok
07:56:50.0160 6992  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:56:50.0191 6992  ACPI - ok
07:56:50.0222 6992  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:56:50.0269 6992  AcpiPmi - ok
07:56:50.0363 6992  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:56:50.0394 6992  AdobeARMservice - ok
07:56:50.0487 6992  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:56:50.0503 6992  AdobeFlashPlayerUpdateSvc - ok
07:56:50.0565 6992  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
07:56:50.0597 6992  adp94xx - ok
07:56:50.0628 6992  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
07:56:50.0659 6992  adpahci - ok
07:56:50.0690 6992  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
07:56:50.0706 6992  adpu320 - ok
07:56:50.0753 6992  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:56:50.0799 6992  AeLookupSvc - ok
07:56:50.0862 6992  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Program Files\IDT\WDM\aestsrv.exe
07:56:50.0909 6992  AESTFilters - ok
07:56:50.0955 6992  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
07:56:51.0002 6992  AFD - ok
07:56:51.0018 6992  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
07:56:51.0049 6992  agp440 - ok
07:56:51.0080 6992  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
07:56:51.0111 6992  aic78xx - ok
07:56:51.0143 6992  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
07:56:51.0189 6992  ALG - ok
07:56:51.0205 6992  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:56:51.0236 6992  aliide - ok
07:56:51.0267 6992  [ 4381A9A99F56B33DAC58852669E300E8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:56:51.0330 6992  AMD External Events Utility - ok
07:56:51.0361 6992  AMD FUEL Service - ok
07:56:51.0408 6992  [ 9FE76D783A7D47965D086A220B54277B ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
07:56:51.0423 6992  AMD Reservation Manager - ok
07:56:51.0470 6992  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
07:56:51.0486 6992  amdagp - ok
07:56:51.0517 6992  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:56:51.0533 6992  amdide - ok
07:56:51.0579 6992  [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
07:56:51.0611 6992  amdiox86 - ok
07:56:51.0657 6992  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
07:56:51.0720 6992  AmdK8 - ok
07:56:51.0860 6992  [ 5D3816A677CA50A618AD7138D2C21CED ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:56:52.0032 6992  amdkmdag - ok
07:56:52.0079 6992  [ F3DC5D5C36FEE050A6C7204F0CB12C4C ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
07:56:52.0125 6992  amdkmdap - ok
07:56:52.0172 6992  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
07:56:52.0219 6992  AmdPPM - ok
07:56:52.0250 6992  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:56:52.0266 6992  amdsata - ok
07:56:52.0297 6992  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
07:56:52.0328 6992  amdsbs - ok
07:56:52.0344 6992  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:56:52.0359 6992  amdxata - ok
07:56:52.0437 6992  [ 05676A56207CA37F3E76FAB3CEB97BD7 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
07:56:52.0469 6992  AntiVirMailService - ok
07:56:52.0515 6992  [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
07:56:52.0531 6992  AntiVirSchedulerService - ok
07:56:52.0578 6992  [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
07:56:52.0609 6992  AntiVirService - ok
07:56:52.0625 6992  [ 3370240F20C2AA5E17CD73F065D02FC1 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
07:56:52.0656 6992  AntiVirWebService - ok
07:56:52.0703 6992  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
07:56:52.0827 6992  AppID - ok
07:56:52.0859 6992  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:56:52.0921 6992  AppIDSvc - ok
07:56:52.0952 6992  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
07:56:53.0015 6992  Appinfo - ok
07:56:53.0061 6992  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
07:56:53.0077 6992  arc - ok
07:56:53.0093 6992  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
07:56:53.0124 6992  arcsas - ok
07:56:53.0155 6992  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:56:53.0295 6992  AsyncMac - ok
07:56:53.0327 6992  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
07:56:53.0342 6992  atapi - ok
07:56:53.0405 6992  [ C8B17AC82AD2EE9E0E58E3461008C5F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
07:56:53.0436 6992  AtiHDAudioService - ok
07:56:53.0483 6992  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:56:53.0545 6992  AudioEndpointBuilder - ok
07:56:53.0561 6992  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:56:53.0623 6992  Audiosrv - ok
07:56:53.0670 6992  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
07:56:53.0685 6992  avgntflt - ok
07:56:53.0717 6992  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
07:56:53.0732 6992  avipbb - ok
07:56:53.0779 6992  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
07:56:53.0810 6992  avkmgr - ok
07:56:53.0841 6992  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:56:53.0888 6992  AxInstSV - ok
07:56:53.0919 6992  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
07:56:53.0982 6992  b06bdrv - ok
07:56:54.0013 6992  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
07:56:54.0044 6992  b57nd60x - ok
07:56:54.0091 6992  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:56:54.0169 6992  BDESVC - ok
07:56:54.0200 6992  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:56:54.0263 6992  Beep - ok
07:56:54.0309 6992  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
07:56:54.0372 6992  BFE - ok
07:56:54.0387 6992  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
07:56:54.0465 6992  BITS - ok
07:56:54.0497 6992  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:56:54.0543 6992  blbdrive - ok
07:56:54.0668 6992  [ F82FE3C3B87934554491D54498F008E4 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
07:56:54.0793 6992  Bluetooth Device Manager - ok
07:56:54.0824 6992  [ B097D6C522FF0D61EFE6BC85C25E5949 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
07:56:54.0871 6992  Bluetooth Media Service - ok
07:56:54.0902 6992  [ 96621958FADE636986F13F32458D8647 ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
07:56:54.0933 6992  Bluetooth OBEX Service - ok
07:56:54.0965 6992  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:56:55.0027 6992  bowser - ok
07:56:55.0074 6992  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:56:55.0121 6992  BrFiltLo - ok
07:56:55.0136 6992  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:56:55.0199 6992  BrFiltUp - ok
07:56:55.0245 6992  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:56:55.0308 6992  BridgeMP - ok
07:56:55.0370 6992  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
07:56:55.0417 6992  Browser - ok
07:56:55.0448 6992  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:56:55.0511 6992  Brserid - ok
07:56:55.0526 6992  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:56:55.0557 6992  BrSerWdm - ok
07:56:55.0589 6992  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:56:55.0620 6992  BrUsbMdm - ok
07:56:55.0635 6992  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:56:55.0682 6992  BrUsbSer - ok
07:56:55.0729 6992  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
07:56:55.0838 6992  BthEnum - ok
07:56:55.0869 6992  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
07:56:55.0916 6992  BTHMODEM - ok
07:56:55.0947 6992  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
07:56:55.0979 6992  BthPan - ok
07:56:56.0025 6992  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
07:56:56.0072 6992  BTHPORT - ok
07:56:56.0103 6992  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
07:56:56.0166 6992  bthserv - ok
07:56:56.0197 6992  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
07:56:56.0244 6992  BTHUSB - ok
07:56:56.0275 6992  [ ABA59ABAFE9DCE67F7BF616743418340 ] btmaudio        C:\Windows\system32\drivers\btmaud.sys
07:56:56.0369 6992  btmaudio - ok
07:56:56.0400 6992  [ 6F14BB67AE49143DF6D56BD52C1CB925 ] BTMCOM          C:\Windows\system32\Drivers\btmcom.sys
07:56:56.0447 6992  BTMCOM - ok
07:56:56.0478 6992  [ 70F16E401DFE2882EFD9A0FC10124274 ] BTMUSB          C:\Windows\system32\Drivers\btmusb.sys
07:56:56.0556 6992  BTMUSB - ok
07:56:56.0712 6992  catchme - ok
07:56:56.0759 6992  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:56:56.0837 6992  cdfs - ok
07:56:56.0883 6992  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:56:56.0930 6992  cdrom - ok
07:56:56.0961 6992  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
07:56:57.0024 6992  CertPropSvc - ok
07:56:57.0055 6992  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
07:56:57.0086 6992  circlass - ok
07:56:57.0102 6992  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
07:56:57.0133 6992  CLFS - ok
07:56:57.0211 6992  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:56:57.0539 6992  clr_optimization_v2.0.50727_32 - ok
07:56:57.0601 6992  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:56:57.0632 6992  clr_optimization_v4.0.30319_32 - ok
07:56:57.0679 6992  [ 5BF671E099096143DE7796F696310D86 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
07:56:57.0695 6992  clwvd - ok
07:56:57.0710 6992  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:56:57.0741 6992  CmBatt - ok
07:56:57.0773 6992  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:56:57.0804 6992  cmdide - ok
07:56:57.0851 6992  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
07:56:57.0897 6992  CNG - ok
07:56:57.0929 6992  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:56:57.0944 6992  Compbatt - ok
07:56:57.0975 6992  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
07:56:58.0007 6992  CompositeBus - ok
07:56:58.0022 6992  COMSysApp - ok
07:56:58.0053 6992  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
07:56:58.0069 6992  crcdisk - ok
07:56:58.0131 6992  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:56:58.0194 6992  CryptSvc - ok
07:56:58.0241 6992  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:56:58.0350 6992  DcomLaunch - ok
07:56:58.0397 6992  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:56:58.0459 6992  defragsvc - ok
07:56:58.0475 6992  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:56:58.0537 6992  DfsC - ok
07:56:58.0568 6992  dgderdrv - ok
07:56:58.0646 6992  [ B575C523F537F24D66D31F8877E6BCAB ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
07:56:58.0677 6992  dg_ssudbus - ok
07:56:58.0724 6992  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:56:58.0787 6992  Dhcp - ok
07:56:58.0802 6992  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
07:56:58.0865 6992  discache - ok
07:56:58.0911 6992  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
07:56:58.0927 6992  Disk - ok
07:56:58.0958 6992  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:56:59.0021 6992  Dnscache - ok
07:56:59.0036 6992  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:56:59.0114 6992  dot3svc - ok
07:56:59.0145 6992  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
07:56:59.0223 6992  DPS - ok
07:56:59.0255 6992  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:56:59.0301 6992  drmkaud - ok
07:56:59.0333 6992  [ FF7A7A1E0F9A0AB892A454FFB9D14BBE ] DVMIO           C:\Windows\system32\DRIVERS\dvmio.sys
07:56:59.0364 6992  DVMIO - ok
07:56:59.0457 6992  [ 22910DCFC77AD946AA7D7DE2DD4224D0 ] DvmMDES         C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
07:56:59.0504 6992  DvmMDES - ok
07:56:59.0551 6992  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:56:59.0582 6992  DXGKrnl - ok
07:56:59.0613 6992  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
07:56:59.0676 6992  EapHost - ok
07:56:59.0769 6992  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
07:56:59.0863 6992  ebdrv - ok
07:56:59.0894 6992  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
07:56:59.0957 6992  EFS - ok
07:57:00.0019 6992  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:57:00.0081 6992  ehRecvr - ok
07:57:00.0128 6992  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
07:57:00.0191 6992  ehSched - ok
07:57:00.0237 6992  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
07:57:00.0284 6992  elxstor - ok
07:57:00.0315 6992  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:57:00.0347 6992  ErrDev - ok
07:57:00.0409 6992  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
07:57:00.0471 6992  EventSystem - ok
07:57:00.0503 6992  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
07:57:00.0565 6992  exfat - ok
07:57:00.0612 6992  [ CA793DCC1D5F619021EF1D37CC7A831E ] ezSharedSvc     C:\Windows\System32\ezSharedSvcHost.exe
07:57:00.0659 6992  ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
07:57:00.0659 6992  ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
07:57:00.0705 6992  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:57:00.0768 6992  fastfat - ok
07:57:00.0815 6992  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
07:57:00.0877 6992  Fax - ok
07:57:00.0908 6992  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:57:00.0939 6992  fdc - ok
07:57:00.0971 6992  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
07:57:01.0033 6992  fdPHost - ok
07:57:01.0033 6992  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
07:57:01.0095 6992  FDResPub - ok
07:57:01.0127 6992  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:57:01.0158 6992  FileInfo - ok
07:57:01.0173 6992  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:57:01.0220 6992  Filetrace - ok
07:57:01.0314 6992  [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:57:01.0345 6992  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
07:57:01.0345 6992  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
07:57:01.0361 6992  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:57:01.0407 6992  flpydisk - ok
07:57:01.0439 6992  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:57:01.0470 6992  FltMgr - ok
07:57:01.0532 6992  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
07:57:01.0595 6992  FontCache - ok
07:57:01.0657 6992  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:57:01.0688 6992  FontCache3.0.0.0 - ok
07:57:01.0719 6992  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:57:01.0735 6992  FsDepends - ok
07:57:01.0766 6992  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
07:57:01.0797 6992  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
07:57:01.0797 6992  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
07:57:01.0860 6992  [ 0796C1E47ADB9825269E64B9DAB4E741 ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
07:57:01.0907 6992  FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
07:57:01.0907 6992  FsUsbExService - detected UnsignedFile.Multi.Generic (1)
07:57:01.0938 6992  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:57:01.0953 6992  Fs_Rec - ok
07:57:02.0000 6992  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:57:02.0031 6992  fvevol - ok
07:57:02.0063 6992  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
07:57:02.0094 6992  gagp30kx - ok
07:57:02.0156 6992  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
07:57:02.0172 6992  GamesAppService - ok
07:57:02.0219 6992  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:57:02.0297 6992  gpsvc - ok
07:57:02.0406 6992  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
07:57:02.0453 6992  gupdate - ok
07:57:02.0468 6992  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
07:57:02.0484 6992  gupdatem - ok
07:57:02.0515 6992  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:57:02.0546 6992  gusvc - ok
07:57:02.0577 6992  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:57:02.0655 6992  hcw85cir - ok
07:57:02.0687 6992  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:57:02.0749 6992  HdAudAddService - ok
07:57:02.0780 6992  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
07:57:02.0811 6992  HDAudBus - ok
07:57:02.0843 6992  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
07:57:02.0874 6992  HidBatt - ok
07:57:02.0905 6992  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
07:57:02.0952 6992  HidBth - ok
07:57:02.0983 6992  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
07:57:03.0014 6992  HidIr - ok
07:57:03.0045 6992  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
07:57:03.0108 6992  hidserv - ok
07:57:03.0155 6992  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:57:03.0186 6992  HidUsb - ok
07:57:03.0217 6992  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:57:03.0279 6992  hkmsvc - ok
07:57:03.0326 6992  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:57:03.0389 6992  HomeGroupListener - ok
07:57:03.0404 6992  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:57:03.0435 6992  HomeGroupProvider - ok
07:57:03.0513 6992  [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
07:57:03.0529 6992  HP Health Check Service - ok
07:57:03.0591 6992  [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
07:57:03.0623 6992  HP Wireless Assistant Service - ok
07:57:03.0654 6992  [ CDC21913A2564DF9CBAC38A57DC19202 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
07:57:03.0669 6992  HPClientSvc - ok
07:57:03.0716 6992  [ F55442690A70A0278A7EED4FAAEBF576 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
07:57:03.0747 6992  HPDrvMntSvc.exe - ok
07:57:03.0763 6992  [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
07:57:03.0794 6992  hpdskflt - ok
07:57:03.0825 6992  [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
07:57:03.0872 6992  hpqwmiex - ok
07:57:03.0919 6992  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:57:03.0935 6992  HpSAMD - ok
07:57:03.0966 6992  [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv           C:\Windows\system32\Hpservice.exe
07:57:03.0981 6992  hpsrv - ok
07:57:04.0028 6992  [ 760D9B546AB3EC551D7827C88C026194 ] HPWMISVC        C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
07:57:04.0059 6992  HPWMISVC - ok
07:57:04.0106 6992  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:57:04.0153 6992  HTTP - ok
07:57:04.0184 6992  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:57:04.0215 6992  hwpolicy - ok
07:57:04.0247 6992  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:57:04.0278 6992  i8042prt - ok
07:57:04.0309 6992  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:57:04.0340 6992  iaStorV - ok
07:57:04.0403 6992  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:57:04.0449 6992  idsvc - ok
07:57:04.0590 6992  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
07:57:04.0730 6992  igfx - ok
07:57:04.0761 6992  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
07:57:04.0793 6992  iirsp - ok
07:57:04.0839 6992  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:57:04.0917 6992  IKEEXT - ok
07:57:04.0964 6992  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:57:04.0980 6992  intelide - ok
07:57:05.0027 6992  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:57:05.0042 6992  intelppm - ok
07:57:05.0073 6992  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:57:05.0151 6992  IPBusEnum - ok
07:57:05.0167 6992  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:57:05.0229 6992  IpFilterDriver - ok
07:57:05.0261 6992  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:57:05.0354 6992  iphlpsvc - ok
07:57:05.0385 6992  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:57:05.0417 6992  IPMIDRV - ok
07:57:05.0463 6992  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:57:05.0510 6992  IPNAT - ok
07:57:05.0541 6992  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:57:05.0588 6992  IRENUM - ok
07:57:05.0619 6992  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:57:05.0635 6992  isapnp - ok
07:57:05.0666 6992  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:57:05.0697 6992  iScsiPrt - ok
07:57:05.0713 6992  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:57:05.0744 6992  kbdclass - ok
07:57:05.0775 6992  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:57:05.0807 6992  kbdhid - ok
07:57:05.0822 6992  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
07:57:05.0853 6992  KeyIso - ok
07:57:05.0885 6992  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:57:05.0916 6992  KSecDD - ok
07:57:05.0947 6992  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:57:05.0978 6992  KSecPkg - ok
07:57:06.0009 6992  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:57:06.0072 6992  KtmRm - ok
07:57:06.0103 6992  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
07:57:06.0181 6992  LanmanServer - ok
07:57:06.0212 6992  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:57:06.0275 6992  LanmanWorkstation - ok
07:57:06.0337 6992  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:57:06.0384 6992  lltdio - ok
07:57:06.0399 6992  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:57:06.0477 6992  lltdsvc - ok
07:57:06.0493 6992  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:57:06.0555 6992  lmhosts - ok
07:57:06.0602 6992  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
07:57:06.0633 6992  LSI_FC - ok
07:57:06.0665 6992  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
07:57:06.0680 6992  LSI_SAS - ok
07:57:06.0711 6992  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:57:06.0743 6992  LSI_SAS2 - ok
07:57:06.0774 6992  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:57:06.0805 6992  LSI_SCSI - ok
07:57:06.0836 6992  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
07:57:06.0883 6992  luafv - ok
07:57:06.0945 6992  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\Windows\system32\drivers\massfilter.sys
07:57:06.0992 6992  massfilter - ok
07:57:07.0023 6992  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:57:07.0055 6992  Mcx2Svc - ok
07:57:07.0070 6992  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
07:57:07.0101 6992  megasas - ok
07:57:07.0133 6992  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
07:57:07.0164 6992  MegaSR - ok
07:57:07.0195 6992  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
07:57:07.0257 6992  MMCSS - ok
07:57:07.0273 6992  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
07:57:07.0351 6992  Modem - ok
07:57:07.0382 6992  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:57:07.0429 6992  monitor - ok
07:57:07.0445 6992  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:57:07.0476 6992  mouclass - ok
07:57:07.0491 6992  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:57:07.0538 6992  mouhid - ok
07:57:07.0585 6992  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:57:07.0616 6992  mountmgr - ok
07:57:07.0632 6992  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:57:07.0663 6992  mpio - ok
07:57:07.0679 6992  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:57:07.0741 6992  mpsdrv - ok
07:57:07.0788 6992  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:57:07.0850 6992  MpsSvc - ok
07:57:07.0881 6992  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:57:07.0928 6992  MRxDAV - ok
07:57:07.0944 6992  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:57:08.0006 6992  mrxsmb - ok
07:57:08.0037 6992  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:57:08.0084 6992  mrxsmb10 - ok
07:57:08.0100 6992  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:57:08.0131 6992  mrxsmb20 - ok
07:57:08.0162 6992  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
07:57:08.0193 6992  msahci - ok
07:57:08.0209 6992  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:57:08.0240 6992  msdsm - ok
07:57:08.0256 6992  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
07:57:08.0303 6992  MSDTC - ok
07:57:08.0349 6992  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:57:08.0396 6992  Msfs - ok
07:57:08.0412 6992  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:57:08.0474 6992  mshidkmdf - ok
07:57:08.0490 6992  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:57:08.0521 6992  msisadrv - ok
07:57:08.0552 6992  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:57:08.0615 6992  MSiSCSI - ok
07:57:08.0630 6992  msiserver - ok
07:57:08.0661 6992  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:57:08.0724 6992  MSKSSRV - ok
07:57:08.0739 6992  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:57:08.0802 6992  MSPCLOCK - ok
07:57:08.0817 6992  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:57:08.0864 6992  MSPQM - ok
07:57:08.0880 6992  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:57:08.0911 6992  MsRPC - ok
07:57:08.0942 6992  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
07:57:08.0973 6992  mssmbios - ok
07:57:08.0989 6992  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:57:09.0036 6992  MSTEE - ok
07:57:09.0067 6992  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
07:57:09.0098 6992  MTConfig - ok
07:57:09.0098 6992  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
07:57:09.0129 6992  Mup - ok
07:57:09.0161 6992  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
07:57:09.0223 6992  napagent - ok
07:57:09.0254 6992  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:57:09.0285 6992  NativeWifiP - ok
07:57:09.0332 6992  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:57:09.0379 6992  NDIS - ok
07:57:09.0395 6992  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:57:09.0457 6992  NdisCap - ok
07:57:09.0488 6992  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:57:09.0551 6992  NdisTapi - ok
07:57:09.0582 6992  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:57:09.0644 6992  Ndisuio - ok
07:57:09.0691 6992  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:57:09.0753 6992  NdisWan - ok
07:57:09.0800 6992  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:57:09.0847 6992  NDProxy - ok
07:57:09.0878 6992  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:57:09.0941 6992  NetBIOS - ok
07:57:09.0972 6992  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:57:10.0034 6992  NetBT - ok
07:57:10.0065 6992  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
07:57:10.0097 6992  Netlogon - ok
07:57:10.0128 6992  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
07:57:10.0190 6992  Netman - ok
07:57:10.0221 6992  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
07:57:10.0284 6992  netprofm - ok
07:57:10.0331 6992  [ 9E8C8625432FE5F81F9DF9D353340292 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
07:57:10.0377 6992  netr28 - ok
07:57:10.0393 6992  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:57:10.0424 6992  NetTcpPortSharing - ok
07:57:10.0533 6992  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
07:57:10.0658 6992  netw5v32 - ok
07:57:10.0705 6992  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
07:57:10.0721 6992  nfrd960 - ok
07:57:10.0767 6992  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:57:10.0799 6992  NlaSvc - ok
07:57:10.0830 6992  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:57:10.0892 6992  Npfs - ok
07:57:10.0923 6992  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
07:57:10.0970 6992  nsi - ok
07:57:10.0986 6992  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:57:11.0064 6992  nsiproxy - ok
07:57:11.0126 6992  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:57:11.0173 6992  Ntfs - ok
07:57:11.0189 6992  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
07:57:11.0251 6992  Null - ok
07:57:11.0282 6992  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:57:11.0313 6992  nvraid - ok
07:57:11.0329 6992  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:57:11.0360 6992  nvstor - ok
07:57:11.0391 6992  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:57:11.0407 6992  nv_agp - ok
07:57:11.0485 6992  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:57:11.0516 6992  odserv - ok
07:57:11.0547 6992  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:57:11.0579 6992  ohci1394 - ok
07:57:11.0610 6992  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:57:11.0641 6992  ose - ok
07:57:11.0688 6992  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:57:11.0750 6992  p2pimsvc - ok
07:57:11.0766 6992  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:57:11.0813 6992  p2psvc - ok
07:57:11.0844 6992  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
07:57:11.0875 6992  Parport - ok
07:57:11.0906 6992  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:57:11.0937 6992  partmgr - ok
07:57:11.0969 6992  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
07:57:12.0000 6992  Parvdm - ok
07:57:12.0031 6992  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:57:12.0062 6992  PcaSvc - ok
07:57:12.0093 6992  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
07:57:12.0109 6992  pci - ok
07:57:12.0140 6992  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
07:57:12.0171 6992  pciide - ok
07:57:12.0203 6992  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
07:57:12.0218 6992  pcmcia - ok
07:57:12.0249 6992  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
07:57:12.0281 6992  pcw - ok
07:57:12.0312 6992  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:57:12.0390 6992  PEAUTH - ok
07:57:12.0468 6992  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
07:57:12.0577 6992  pla - ok
07:57:12.0608 6992  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:57:12.0655 6992  PlugPlay - ok
07:57:12.0686 6992  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:57:12.0717 6992  PNRPAutoReg - ok
07:57:12.0749 6992  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:57:12.0780 6992  PNRPsvc - ok
07:57:12.0811 6992  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:57:12.0889 6992  PolicyAgent - ok
07:57:12.0936 6992  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
07:57:12.0983 6992  Power - ok
07:57:13.0014 6992  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:57:13.0076 6992  PptpMiniport - ok
07:57:13.0107 6992  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
07:57:13.0139 6992  Processor - ok
07:57:13.0170 6992  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
07:57:13.0217 6992  ProfSvc - ok
07:57:13.0248 6992  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:57:13.0279 6992  ProtectedStorage - ok
07:57:13.0310 6992  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:57:13.0373 6992  Psched - ok
07:57:13.0404 6992  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
07:57:13.0482 6992  ql2300 - ok
07:57:13.0513 6992  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
07:57:13.0529 6992  ql40xx - ok
07:57:13.0560 6992  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
07:57:13.0607 6992  QWAVE - ok
07:57:13.0622 6992  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:57:13.0653 6992  QWAVEdrv - ok
07:57:13.0716 6992  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
07:57:13.0747 6992  RapiMgr - ok
07:57:13.0763 6992  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:57:13.0825 6992  RasAcd - ok
07:57:13.0841 6992  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:57:13.0903 6992  RasAgileVpn - ok
07:57:13.0919 6992  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
07:57:13.0981 6992  RasAuto - ok
07:57:13.0997 6992  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:57:14.0059 6992  Rasl2tp - ok
07:57:14.0106 6992  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
07:57:14.0184 6992  RasMan - ok
07:57:14.0199 6992  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:57:14.0246 6992  RasPppoe - ok
07:57:14.0277 6992  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:57:14.0340 6992  RasSstp - ok
07:57:14.0355 6992  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:57:14.0433 6992  rdbss - ok
07:57:14.0449 6992  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:57:14.0496 6992  rdpbus - ok
07:57:14.0527 6992  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:57:14.0589 6992  RDPCDD - ok
07:57:14.0621 6992  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:57:14.0667 6992  RDPENCDD - ok
07:57:14.0683 6992  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:57:14.0745 6992  RDPREFMP - ok
07:57:14.0792 6992  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:57:14.0855 6992  RdpVideoMiniport - ok
07:57:14.0886 6992  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:57:14.0948 6992  RDPWD - ok
07:57:14.0979 6992  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:57:15.0011 6992  rdyboost - ok
07:57:15.0042 6992  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:57:15.0104 6992  RemoteAccess - ok
07:57:15.0135 6992  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:57:15.0198 6992  RemoteRegistry - ok
07:57:15.0229 6992  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
07:57:15.0276 6992  RFCOMM - ok
07:57:15.0307 6992  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:57:15.0369 6992  RpcEptMapper - ok
07:57:15.0401 6992  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
07:57:15.0432 6992  RpcLocator - ok
07:57:15.0463 6992  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
07:57:15.0525 6992  RpcSs - ok
07:57:15.0557 6992  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:57:15.0619 6992  rspndr - ok
07:57:15.0666 6992  [ B38E89386993E69A959B941561F3E5F3 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
07:57:15.0681 6992  RSUSBSTOR - ok
07:57:15.0697 6992  [ 52A5332B280A2E80A92ABCD2140A62E8 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
07:57:15.0728 6992  RTL8167 - ok
07:57:15.0759 6992  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
07:57:15.0775 6992  SamSs - ok
07:57:15.0806 6992  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:57:15.0822 6992  sbp2port - ok
07:57:15.0853 6992  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:57:15.0931 6992  SCardSvr - ok
07:57:15.0947 6992  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:57:16.0009 6992  scfilter - ok
07:57:16.0056 6992  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
07:57:16.0134 6992  Schedule - ok
07:57:16.0149 6992  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:57:16.0212 6992  SCPolicySvc - ok
07:57:16.0243 6992  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
07:57:16.0290 6992  sdbus - ok
07:57:16.0305 6992  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:57:16.0368 6992  SDRSVC - ok
07:57:16.0399 6992  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:57:16.0461 6992  secdrv - ok
07:57:16.0493 6992  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
07:57:16.0555 6992  seclogon - ok
07:57:16.0586 6992  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
07:57:16.0649 6992  SENS - ok
07:57:16.0680 6992  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:57:16.0727 6992  SensrSvc - ok
07:57:16.0758 6992  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:57:16.0789 6992  Serenum - ok
07:57:16.0851 6992  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:57:16.0883 6992  Serial - ok
07:57:16.0914 6992  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
07:57:16.0961 6992  sermouse - ok
07:57:17.0007 6992  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:57:17.0070 6992  SessionEnv - ok
07:57:17.0101 6992  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:57:17.0148 6992  sffdisk - ok
07:57:17.0163 6992  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:57:17.0195 6992  sffp_mmc - ok
07:57:17.0210 6992  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:57:17.0241 6992  sffp_sd - ok
07:57:17.0257 6992  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
07:57:17.0288 6992  sfloppy - ok
07:57:17.0319 6992  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:57:17.0397 6992  SharedAccess - ok
07:57:17.0429 6992  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:57:17.0507 6992  ShellHWDetection - ok
07:57:17.0522 6992  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
07:57:17.0553 6992  sisagp - ok
07:57:17.0585 6992  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:57:17.0616 6992  SiSRaid2 - ok
07:57:17.0631 6992  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
07:57:17.0663 6992  SiSRaid4 - ok
07:57:17.0725 6992  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
07:57:17.0741 6992  SkypeUpdate - ok
07:57:17.0787 6992  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:57:17.0834 6992  Smb - ok
07:57:17.0881 6992  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:57:17.0912 6992  SNMPTRAP - ok
07:57:17.0928 6992  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:57:17.0943 6992  spldr - ok
07:57:17.0990 6992  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
07:57:18.0053 6992  Spooler - ok
07:57:18.0146 6992  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
07:57:18.0255 6992  sppsvc - ok
07:57:18.0287 6992  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:57:18.0365 6992  sppuinotify - ok
07:57:18.0396 6992  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:57:18.0443 6992  srv - ok
07:57:18.0458 6992  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:57:18.0505 6992  srv2 - ok
07:57:18.0552 6992  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
07:57:18.0614 6992  SrvHsfHDA - ok
07:57:18.0645 6992  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
07:57:18.0692 6992  SrvHsfV92 - ok
07:57:18.0723 6992  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
07:57:18.0770 6992  SrvHsfWinac - ok
07:57:18.0801 6992  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:57:18.0848 6992  srvnet - ok
07:57:18.0879 6992  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:57:18.0926 6992  SSDPSRV - ok
07:57:18.0973 6992  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
07:57:18.0989 6992  ssmdrv - ok
07:57:19.0035 6992  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
07:57:19.0051 6992  SSPORT ( UnsignedFile.Multi.Generic ) - warning
07:57:19.0051 6992  SSPORT - detected UnsignedFile.Multi.Generic (1)
07:57:19.0067 6992  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:57:19.0129 6992  SstpSvc - ok
07:57:19.0176 6992  [ CA22092117F4F8BA3700B4BF9962444A ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
07:57:19.0207 6992  ssudmdm - ok
07:57:19.0238 6992  [ 502A44A06086B6CC9E119BCEEF77344C ] STacSV          C:\Program Files\IDT\WDM\STacSV.exe
07:57:19.0285 6992  STacSV - ok
07:57:19.0316 6992  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
07:57:19.0332 6992  stexstor - ok
07:57:19.0363 6992  [ 965D9D71056BF62A11132E0517149070 ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
07:57:19.0410 6992  STHDA - ok
07:57:19.0472 6992  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
07:57:19.0519 6992  StiSvc - ok
07:57:19.0550 6992  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
07:57:19.0566 6992  swenum - ok
07:57:19.0597 6992  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
07:57:19.0659 6992  swprv - ok
07:57:19.0706 6992  [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
07:57:19.0737 6992  SynTP - ok
07:57:19.0784 6992  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
07:57:19.0847 6992  SysMain - ok
07:57:19.0878 6992  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:57:19.0909 6992  TabletInputService - ok
07:57:19.0940 6992  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:57:20.0003 6992  TapiSrv - ok
07:57:20.0049 6992  [ D7F411C5AF992BB44E86083A6AA7B045 ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
07:57:20.0081 6992  tbhsd - ok
07:57:20.0112 6992  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
07:57:20.0174 6992  TBS - ok
07:57:20.0237 6992  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:57:20.0299 6992  Tcpip - ok
07:57:20.0330 6992  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:57:20.0393 6992  TCPIP6 - ok
07:57:20.0424 6992  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:57:20.0455 6992  tcpipreg - ok
07:57:20.0486 6992  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:57:20.0533 6992  TDPIPE - ok
07:57:20.0564 6992  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:57:20.0595 6992  TDTCP - ok
07:57:20.0642 6992  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:57:20.0705 6992  tdx - ok
07:57:20.0720 6992  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
07:57:20.0751 6992  TermDD - ok
07:57:20.0783 6992  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
07:57:20.0845 6992  TermService - ok
07:57:20.0876 6992  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
07:57:20.0923 6992  Themes - ok
07:57:20.0954 6992  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
07:57:21.0001 6992  THREADORDER - ok
07:57:21.0032 6992  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
07:57:21.0095 6992  TrkWks - ok
07:57:21.0141 6992  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:57:21.0204 6992  TrustedInstaller - ok
07:57:21.0235 6992  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:57:21.0297 6992  tssecsrv - ok
07:57:21.0329 6992  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:57:21.0375 6992  TsUsbFlt - ok
07:57:21.0422 6992  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:57:21.0485 6992  tunnel - ok
07:57:21.0516 6992  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
07:57:21.0531 6992  uagp35 - ok
07:57:21.0563 6992  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:57:21.0641 6992  udfs - ok
07:57:21.0687 6992  [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
07:57:21.0719 6992  UI Assistant Service - ok
07:57:21.0750 6992  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:57:21.0781 6992  UI0Detect - ok
07:57:21.0828 6992  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:57:21.0843 6992  uliagpkx - ok
07:57:21.0875 6992  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:57:21.0890 6992  umbus - ok
07:57:21.0922 6992  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
07:57:21.0953 6992  UmPass - ok
07:57:21.0984 6992  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
07:57:22.0046 6992  upnphost - ok
07:57:22.0078 6992  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:57:22.0140 6992  usbccgp - ok
07:57:22.0171 6992  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:57:22.0202 6992  usbcir - ok
07:57:22.0234 6992  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
07:57:22.0249 6992  usbehci - ok
07:57:22.0280 6992  [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
07:57:22.0312 6992  usbfilter - ok
07:57:22.0327 6992  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:57:22.0374 6992  usbhub - ok
07:57:22.0390 6992  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
07:57:22.0421 6992  usbohci - ok
07:57:22.0468 6992  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:57:22.0499 6992  usbprint - ok
07:57:22.0530 6992  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:57:22.0592 6992  USBSTOR - ok
07:57:22.0608 6992  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:57:22.0639 6992  usbuhci - ok
07:57:22.0670 6992  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
07:57:22.0702 6992  usbvideo - ok
07:57:22.0748 6992  [ AF77716205C97E902E6C5B78DECE2CCA ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
07:57:22.0780 6992  usb_rndisx - ok
07:57:22.0811 6992  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
07:57:22.0904 6992  UxSms - ok
07:57:22.0920 6992  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
07:57:22.0951 6992  VaultSvc - ok
07:57:22.0967 6992  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:57:22.0998 6992  vdrvroot - ok
07:57:23.0045 6992  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
07:57:23.0107 6992  vds - ok
07:57:23.0154 6992  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:57:23.0170 6992  vga - ok
07:57:23.0185 6992  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:57:23.0248 6992  VgaSave - ok
07:57:23.0279 6992  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:57:23.0310 6992  vhdmp - ok
07:57:23.0326 6992  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
07:57:23.0357 6992  viaagp - ok
07:57:23.0388 6992  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
07:57:23.0419 6992  ViaC7 - ok
07:57:23.0435 6992  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
07:57:23.0466 6992  viaide - ok
07:57:23.0482 6992  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:57:23.0497 6992  volmgr - ok
07:57:23.0513 6992  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:57:23.0560 6992  volmgrx - ok
07:57:23.0575 6992  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:57:23.0606 6992  volsnap - ok
07:57:23.0638 6992  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
07:57:23.0653 6992  vsmraid - ok
07:57:23.0716 6992  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
07:57:23.0809 6992  VSS - ok
07:57:23.0825 6992  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
07:57:23.0872 6992  vwifibus - ok
07:57:23.0903 6992  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:57:23.0934 6992  vwififlt - ok
07:57:23.0950 6992  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
07:57:23.0996 6992  vwifimp - ok
07:57:24.0043 6992  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
07:57:24.0106 6992  W32Time - ok
07:57:24.0137 6992  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
07:57:24.0168 6992  WacomPen - ok
07:57:24.0199 6992  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:57:24.0262 6992  WANARP - ok
07:57:24.0262 6992  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:57:24.0324 6992  Wanarpv6 - ok
07:57:24.0355 6992  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
07:57:24.0433 6992  wbengine - ok
07:57:24.0464 6992  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:57:24.0496 6992  WbioSrvc - ok
07:57:24.0542 6992  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
07:57:24.0574 6992  WcesComm - ok
07:57:24.0605 6992  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:57:24.0652 6992  wcncsvc - ok
07:57:24.0667 6992  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:57:24.0714 6992  WcsPlugInService - ok
07:57:24.0745 6992  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
07:57:24.0761 6992  Wd - ok
07:57:24.0808 6992  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:57:24.0854 6992  Wdf01000 - ok
07:57:24.0870 6992  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:57:24.0948 6992  WdiServiceHost - ok
07:57:24.0948 6992  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:57:24.0979 6992  WdiSystemHost - ok
07:57:25.0026 6992  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
07:57:25.0057 6992  WebClient - ok
07:57:25.0104 6992  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:57:25.0151 6992  Wecsvc - ok
07:57:25.0182 6992  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:57:25.0244 6992  wercplsupport - ok
07:57:25.0276 6992  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:57:25.0354 6992  WerSvc - ok
07:57:25.0385 6992  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:57:25.0432 6992  WfpLwf - ok
07:57:25.0447 6992  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:57:25.0478 6992  WIMMount - ok
07:57:25.0541 6992  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
07:57:25.0588 6992  WinDefend - ok
07:57:25.0619 6992  WinHttpAutoProxySvc - ok
07:57:25.0681 6992  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:57:25.0744 6992  Winmgmt - ok
07:57:25.0790 6992  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
07:57:25.0884 6992  WinRM - ok
07:57:25.0931 6992  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:57:25.0978 6992  WinUsb - ok
07:57:26.0009 6992  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:57:26.0087 6992  Wlansvc - ok
07:57:26.0196 6992  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:57:26.0274 6992  wlidsvc - ok
07:57:26.0305 6992  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:57:26.0352 6992  WmiAcpi - ok
07:57:26.0383 6992  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:57:26.0430 6992  wmiApSrv - ok
07:57:26.0508 6992  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:57:26.0602 6992  WMPNetworkSvc - ok
07:57:26.0633 6992  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:57:26.0695 6992  WPCSvc - ok
07:57:26.0726 6992  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:57:26.0789 6992  WPDBusEnum - ok
07:57:26.0820 6992  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:57:26.0882 6992  ws2ifsl - ok
07:57:26.0914 6992  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
07:57:26.0960 6992  wscsvc - ok
07:57:26.0976 6992  WSearch - ok
07:57:27.0038 6992  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
07:57:27.0132 6992  wuauserv - ok
07:57:27.0163 6992  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:57:27.0210 6992  WudfPf - ok
07:57:27.0241 6992  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:57:27.0288 6992  WUDFRd - ok
07:57:27.0335 6992  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:57:27.0366 6992  wudfsvc - ok
07:57:27.0397 6992  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:57:27.0460 6992  WwanSvc - ok
07:57:27.0506 6992  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
07:57:27.0538 6992  yukonw7 - ok
07:57:27.0584 6992  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
07:57:27.0631 6992  ZTEusbmdm6k - ok
07:57:27.0647 6992  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
07:57:27.0678 6992  ZTEusbnmea - ok
07:57:27.0694 6992  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
07:57:27.0709 6992  ZTEusbser6k - ok
07:57:27.0756 6992  ================ Scan global ===============================
07:57:27.0787 6992  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
07:57:27.0818 6992  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
07:57:27.0834 6992  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
07:57:27.0865 6992  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:57:27.0881 6992  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:57:27.0881 6992  [Global] - ok
07:57:27.0896 6992  ================ Scan MBR ==================================
07:57:27.0896 6992  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:57:28.0286 6992  \Device\Harddisk0\DR0 - ok
07:57:28.0286 6992  ================ Scan VBR ==================================
07:57:28.0286 6992  [ C6116B5FB2B5F427BD2C7D1B300761D5 ] \Device\Harddisk0\DR0\Partition1
07:57:28.0286 6992  \Device\Harddisk0\DR0\Partition1 - ok
07:57:28.0318 6992  [ EE4638E8E422CE0DCA83CE5CCA3F7E3F ] \Device\Harddisk0\DR0\Partition2
07:57:28.0333 6992  \Device\Harddisk0\DR0\Partition2 - ok
07:57:28.0349 6992  [ A0D2800E79FB5D87E041A9E5A41226A2 ] \Device\Harddisk0\DR0\Partition3
07:57:28.0349 6992  \Device\Harddisk0\DR0\Partition3 - ok
07:57:28.0380 6992  [ C0B578EE4F51CC2DB2BD489E529ECF11 ] \Device\Harddisk0\DR0\Partition4
07:57:28.0380 6992  \Device\Harddisk0\DR0\Partition4 - ok
07:57:28.0380 6992  ============================================================
07:57:28.0380 6992  Scan finished
07:57:28.0380 6992  ============================================================
07:57:28.0396 6468  Detected object count: 5
07:57:28.0396 6468  Actual detected object count: 5
07:57:43.0652 6468  ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:43.0652 6468  ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:43.0652 6468  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:43.0652 6468  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:43.0668 6468  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:43.0668 6468  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:43.0668 6468  FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:43.0668 6468  FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:57:43.0668 6468  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
07:57:43.0668 6468  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 22.05.2013, 08:16   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Standard

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.05.2013, 19:04   #15
Baumgard
 
Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Icon24

Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an



Hallo

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Oliver on 22.05.2013 at 18:53:41,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B?

   Val Name      Type   Value Data
   ========      ====   ==========
    BTMTrayAgent    REG_SZ    rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3031778
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\conduitengine.tmp"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Oliver\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Oliver\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Oliver\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Oliver\appdata\local\{80749BF8-046A-4043-83A9-8274F9BA77CC}
Successfully deleted: [Empty Folder] C:\Users\Oliver\appdata\local\{B7C4C262-F82B-45F8-8AC7-1F517F3ED4E6}
Successfully deleted: [Empty Folder] C:\Users\Oliver\appdata\local\{D3817B76-6FE8-4566-8EB9-10F4764EF740}
Successfully deleted: [Empty Folder] C:\Users\Oliver\appdata\local\{DE3DC57B-37A0-4C71-8F47-722DD0ADFEBA}



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2013 at 18:56:58,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 22/05/2013 um 19:24:11 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Oliver - NETBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oliver\Desktop\Tojaner\9_adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : DvmMDES

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Katrin\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Oliver\AppData\Local\PackageAware

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\PIP

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v5.0 (de)

Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\fus14huh.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1461 octets] - [22/05/2013 19:24:11]

########## EOF - C:\AdwCleaner[S1].txt - [1521 octets] ##########
         
Code:
ATTFilter
OTL Extras logfile created on: 22.05.2013 19:33:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oliver\Desktop\Tojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 62,41% Memory free
6,99 Gb Paging File | 5,44 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 446,84 Gb Total Space | 370,32 Gb Free Space | 82,88% Space Free | Partition Type: NTFS
Drive D: | 18,62 Gb Total Space | 2,33 Gb Free Space | 12,49% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 90,89 Mb Free Space | 91,79% Space Free | Partition Type: FAT32
 
Computer Name: NETBOOK | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09392DFE-57E6-4A47-83CB-841C776B4F89}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0DCF2716-EAC4-4B30-A267-C600BCBBCD9F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{24332EDA-FD03-48D7-A35E-B04376BF965F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{25CA2A87-41C5-43E2-AD41-C710D6EBF681}" = rport=445 | protocol=6 | dir=out | app=system | 
"{26F71287-FB88-4F05-B40F-A507CB87A081}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3367F160-98B6-4AC1-9295-D257C2540E0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{33ED3F6D-33BA-46F2-8958-E86E29A05D6A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{3495530D-0720-4CC3-AF3F-33090DA286E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{35C4B3EB-4418-440A-A5F6-4316237CD3E2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{443475FC-E0C7-4304-AE5C-7816464718B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4565D990-CEDD-4D65-8D63-E0FC5D3BECF5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4B2CCE4C-48FC-41F5-9D45-EDB5D20553B9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{52C50114-7C14-407A-82F9-196F5E0B0705}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{57A4467C-D607-425E-83E8-585EA041CD8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5A8A436A-A0E6-4913-B276-A68329974063}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6212E7B3-169B-46DA-948F-EEFD96E80E91}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{68C7FAC9-1111-4FA0-958E-473512E86CD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6EA3133E-D5F9-462F-8B3D-5EAF6FFF2D00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99F4C7EC-E611-4DAF-BF76-B7ADDF5D7B57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{99F7041C-8E9B-449D-B5C4-954052779D94}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{9A5AB1CA-4F0F-491E-B21A-3E7141266562}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9D0EEC3B-B6C5-44CB-92CA-2C2556E6DA75}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9E00B9AD-1EB1-4EF1-BD56-4F852550A878}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A7CAFD3D-45CB-4D65-89A7-ADAFBE98420C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AC20228C-E8AF-4E9C-A278-8F05206E919C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AC99B9E8-321D-4E6C-997E-AFA90A1B704A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B046F301-B1A9-482A-A682-C50B4325111B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B6DEFC95-AB98-403B-83C2-C7FF909AADB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD95663D-AB9D-4CC8-8EF9-0C9F9C5BD168}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF5CA24C-D243-4259-933D-F27B8881D1E0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D6648CB7-2683-46A2-821B-4306E9428A9F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E06A07FB-099B-44CA-8E18-71F1BA242E53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E30DBC71-337D-4693-97C4-353BFEC1427F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF70539A-7F3F-4583-A2FC-7B80ACEA0915}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F4845DC0-03EB-4746-9E99-CAF405268E41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037F0543-61F5-4BA5-A6D3-042F10F038AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0AD9BBF7-FBD8-4A52-B2A0-16D42B3C9D0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1CE04EB8-5E28-4E53-B972-02FA24B4BA51}" = protocol=6 | dir=in | app=c:\program files\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{246065F7-79CF-4CBB-9A13-E8BD97D05A81}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{268A6EBC-3466-4191-85C4-203B430CBC64}" = protocol=6 | dir=out | app=system | 
"{2AB6CAE6-4A8A-4155-B704-3FFA5D398474}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{371F2B0F-7A50-48DE-921B-F3FECE8E2550}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{373489D0-5CFB-4A5E-A0C4-EB03D30750E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A52A4C5-5F6B-4B0C-9655-8CA625A60641}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr8.exe | 
"{4A2B07C2-1931-4117-BC26-8208F5C4C4D0}" = dir=out | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe | 
"{4C48FE45-7602-42A7-8DC3-6A7B4688AED7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{507A2EF4-BCB7-4BD2-AEDD-CA18062FF271}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{563FFA63-90B3-4886-AC58-D3B611872D63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58D6E8CA-E690-4357-9A1C-23B9605AE9B5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{5F0B1E74-FC37-4F7C-AA98-D77B7E84BF8C}" = dir=in | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe | 
"{68B90767-810F-41B3-8B28-565A89E77013}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6D58F4A6-D610-4402-9B42-A90E98CD8220}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{723373B7-5623-4549-B33E-2DD7FBA5512A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{73D327A6-AE8D-4657-998F-1626A85A2299}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{78D88389-7D3E-4628-8F4D-EA64B677C92B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{800817C9-AE74-4017-8807-1AF6BDF9B0AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{811F99A2-DDEA-4AED-B243-ACF190203085}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8A9DAF19-8F6E-430C-919D-953E899F7F7E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{9ACE89DE-D9A6-4AE9-A046-91D6DFEA3DEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7552B3E-C7AD-4883-8E5E-9E0AB292536F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{ADBC96DB-01FD-4A73-A305-168DBE473C45}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B13E4010-D835-4AB9-B955-44AEB3F86DF0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B356EA62-C026-478D-A6C2-419E0C7D09C3}" = dir=in | app=c:\program files\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe | 
"{BDEDAEC9-FB38-4B96-B98E-431A57FE7B10}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C5FD9D1D-437A-405C-AE29-B96DAD65E8BB}" = dir=in | app=c:\program files\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe | 
"{CB1804E7-A131-403B-84C2-A39055E6E9C5}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 
"{CEDB6547-B9AF-4382-8ACC-68025CD90F20}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D370891E-9D46-42C3-B643-4967DA815207}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3399E08-2837-46E8-A92F-49A0F10B73B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5FB13DD-3C40-4721-8CFC-0F1035095BDB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EA5285E7-3B47-424B-8DA6-E2866B8906C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F095A95D-D7EE-4222-98D6-EEA9FF58755F}" = protocol=17 | dir=in | app=c:\program files\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{F81BAF36-5D12-49AB-9CEB-B69CD010792A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FABB5B7E-F4D2-4CC4-8EC2-150439E87B10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{62ACD3BA-E43F-46F5-B308-48FE5F734A06}C:\program files\cutesoft\netschafkopf\netschk.exe" = protocol=6 | dir=in | app=c:\program files\cutesoft\netschafkopf\netschk.exe | 
"TCP Query User{704FBB74-2511-45F9-B60B-26F6FC647786}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{BD849C66-E1E1-4163-8C28-5CC425C96DB1}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{127492C6-C6C4-4A4F-B54C-1754ABDBB8BB}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{510CA9C7-B260-4453-A2A2-7CFB973F951B}C:\program files\cutesoft\netschafkopf\netschk.exe" = protocol=17 | dir=in | app=c:\program files\cutesoft\netschafkopf\netschk.exe | 
"UDP Query User{F6263D23-7F24-4568-9FF0-B27FDCD1CA9D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B674336-6374-B29B-C5AF-C89E3CAB64A7}" = CCC Help Thai
"{0BFF1302-ADE5-9EFB-C0B7-D5D31837C8EC}" = CCC Help Spanish
"{0D9ADF08-1BAC-AD8D-BA31-BF575E7F1008}" = CCC Help Japanese
"{14213933-B31D-0433-E903-963E06FE577E}" = AMD Fuel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C8BEECD-87F4-44A6-B7F4-C738922B0C2E}" = HP Software Framework
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"{214A5B65-5432-F3C2-BFF2-EA793713C463}" = CCC Help Hungarian
"{21BA06AB-7619-F86C-3DCD-904860A8F57A}" = CCC Help Italian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26DC39B4-88B0-52AE-7FD7-9B50011F2DED}" = ATI Catalyst Install Manager
"{28375E61-16A8-48E0-9BF5-07B313A001B8}" = HP Documentation
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28C6DBD4-3B0A-0B96-6AC4-92B61D901DA7}" = Catalyst Control Center Localization All
"{2B4C6DE8-AE91-743A-103D-22C0B183057B}" = CCC Help Czech
"{2E076B90-57E0-97A8-0B58-436935683B15}" = CCC Help Russian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{301AFE5D-74CB-DD97-CA3E-8CFA4B30D2F7}" = WMV9/VC-1 Video Playback
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3623E33A-6E9A-442F-9628-570C28E01EDF}" = HP 3D DriveGuard
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre
"{3D92520A-CA63-4CC8-BB4F-DE5E09E50E01}" = HP MediaSmart SmartMenu
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{467A5C10-8152-6FBA-03F5-2BE95B8A1B73}" = CCC Help Danish
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{50324109-3BD7-B267-E00E-7FD01CB88D43}" = CCC Help Portuguese
"{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{54415FFC-4AB0-B66F-CC2A-C0A3CE1D002E}" = CCC Help Norwegian
"{626B5918-B395-4B69-A06B-14C3EB1C3942}" = HP Quick Launch
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729C02AB-6C49-4DFB-8E48-680702F4836F}" = NetSchafkopf
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79AB1DC0-89B1-5125-8374-404AC780F32B}" = CCC Help English
"{7C9B9A96-BF31-A19C-B517-1618A1E62A56}" = ccc-utility
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{A15FCAAF-6FA9-331F-BEBE-C4F49A2EAFED}" = CCC Help Dutch
"{A3CDC601-4840-C0FE-702A-C898DF56B3CA}" = CCC Help French
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83540E9-9A19-434B-51FB-BD301000086F}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BB253F06-91BA-34C4-5D40-6FA7F01CAEEC}" = CCC Help Korean
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BDCCD186-DE1F-F443-62C2-C888AE111D74}" = CCC Help German
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE4A6D41-0094-C56C-26A3-AF8A16C6D459}" = Catalyst Control Center Profiles Mobile
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEB8DD3E-546A-77FE-AF2A-79F9088DE458}" = CCC Help Finnish
"{CEE8C1C1-2C92-9CB3-8636-2080865E0BB2}" = CCC Help Greek
"{D046F248-D151-CEB4-095D-CD10F66D1F56}" = CCC Help Swedish
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D782F0AC-8036-E194-1A97-3C3261378466}" = Catalyst Control Center Graphics Previews Common
"{DF7141BA-7CAB-5488-CB92-986822210200}" = CCC Help Polish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E74E7F63-E70F-43f2-873F-35FB66F263B2}" = MusicStation
"{EA96FE3A-2D81-4AEE-6D74-A47BDA29C060}" = CCC Help Chinese Traditional
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF5B2C16-D640-8E94-DA95-B48A07F7C4D5}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCD89426-8409-2394-06EA-679DB494C68F}" = ccc-core-static
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Ralink Motorola BC8 Bluetooth 3.0+HS Adapter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Digital Editions" = Adobe Digital Editions
"EasyBits Magic Desktop" = Magic Desktop
"ElsterFormular" = ElsterFormular
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Media Player - Codec Pack" = Media Player Codec Pack 4.0.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"Simfy" = simfy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vereinfachte Ausgangsschrift VA_is1" = Pelikan Schulschriften
"VLC media player" = VLC media player 2.0.3
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089303" = Build-a-Lot - The Elizabethan Era
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WTA-19393a62-476d-42f1-a6c9-5745b00f4b84" = Bubble Shooter Premium Edition
"WTA-35c303e1-f1aa-4e83-b860-6fb550a69783" = Bejeweled 3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18
 
========== Last 20 Event Log Errors ==========
 
[ Hewlett-Packard Events ]
Error - 03.09.2011 16:50:53 | Computer Name = Netbook | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HP.ActiveSupportLibrary

   bei HP.ActiveSupportLibrary.Issues.HPSFSession.?() 
 
Error - 27.10.2011 15:58:13 | Computer Name = Netbook | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101127095810.xml
 File not created by asset agent
 
Error - 23.02.2012 16:20:11 | Computer Name = Netbook | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021223092008.xml
 File not created by asset agent
 
[ HP Wireless Assistant Events ]
Error - 28.06.2011 16:24:47 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 System.Management.ManagementBaseObject.get_Item(String propertyName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 28.06.2011 16:24:52 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 System.Management.ManagementBaseObject.get_Item(String propertyName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 28.06.2011 16:25:57 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 System.Management.ManagementBaseObject.get_Item(String propertyName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 28.06.2011 16:26:02 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 System.Management.ManagementBaseObject.get_Item(String propertyName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 12.07.2011 10:41:17 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unerwarteter Fehler     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

   bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

   bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 22.08.2011 02:26:05 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 19.11.2011 06:40:09 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 25.04.2012 15:27:02 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
 radios)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 20.05.2012 09:55:33 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unerwarteter Fehler     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

   bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

   bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 17.09.2012 05:23:04 | Computer Name = Netbook | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unerwarteter Fehler     bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

   bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

   bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ OSession Events ]
Error - 30.06.2011 15:20:31 | Computer Name = Netbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.06.2011 15:21:38 | Computer Name = Netbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2011 22:23:16 | Computer Name = Netbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24864
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 29.04.2013 16:03:27 | Computer Name = Netbook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 92508
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.05.2013 13:29:49 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 22.05.2013 19:33:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oliver\Desktop\Tojaner
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 62,41% Memory free
6,99 Gb Paging File | 5,44 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 446,84 Gb Total Space | 370,32 Gb Free Space | 82,88% Space Free | Partition Type: NTFS
Drive D: | 18,62 Gb Total Space | 2,33 Gb Free Space | 12,49% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 90,89 Mb Free Space | 91,79% Space Free | Partition Type: FAT32
 
Computer Name: NETBOOK | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Oliver\Desktop\Tojaner\4_OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
PRC - C:\Program Files\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
PRC - C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\9ab54aea64046cd2b4ff895b1c027c05\DeviceStoryAlbum.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\29be5a9cc5b83e2b30e9d788ac201f83\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b44e10add0a5276dc3fbbde338c4b5ea\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\9661c2265a6fb7782243c0633378a1e5\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ec4ba3e13a88086bf95ea05919513917\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\df3496a7e1364e2b78bac5b4aef48ae6\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\88ec39193b34cf293d0887383c2ccde5\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\be4228490407398b302edeed5ea57879\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\ea5424dfc774422fa2038d980b1642d1\StoryAlbumManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\218ed646a2ca6d2c08509295ce556260\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\fbe4134679a5506a54004cd5952d7d29\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\730c70013610eb7e73f49213b1076bab\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\94fd3d4235723a962f8b3f29d7eac567\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1784a3c837a81be9ad8608a9405de178\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\1f04da0191d585e975a3f43548a70e2e\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\35992f641f4348746cfe0c6c1b48ece7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f0dfcf225ea9ee5911a199d90da24d76\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ddd3ef7293ae9ddaca67c1ab86f328c3\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\99bba258903cd892a867461d55d728ff\DeviceCommonLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\d68e9699b3319f4d4a0d0fdb8855f48a\Kies.Plugin.ContentsManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\50c6d0af63aa7107ec15d7ef86a62609\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6704d4bac5e6b834fe7cd1502f09f2cb\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\dfc6504af8cd62a4a38a5b6ad7ca6566\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2627bfc447a741309a32dbd51ee23dbc\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\be28b9e8726e3ab319a05ee11b0bc412\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\37bb8c2ca86bf868044bce11e73d1efc\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7aef2d5e9f446c4108ed337e465cd196\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0687f786aa9dd34f7dd8d26cdfdb065f\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\81b8201bf1ea967ba701b63e65e75e47\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\5face173af94a7083cea1c078a6b4938\DummyStorePlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a5bd3f2855afcc1f5bf15057c35bd48d\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\fde643974d1f6bc8843237cedb262c9b\Kies.Common.CRMManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\94eee0f7d59880d4ff2754ad67877ac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\931b9596988f8d16731b691a35a25727\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd5cbd625647b2af277b7c5c0ffb8f5b\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\bbd37020633f9e7f190af58b7bf6138f\ZipStore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\bfc490c6779a7a9ae85832ca58c27054\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\15fff4c0b61cdf95cf8c94850bfbde5f\Interop.DeviceServiceModelDBLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
MOD - C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (UI Assistant Service) -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (catchme) -- C:\Users\Oliver\AppData\Local\Temp\catchme.sys File not found
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (BTMUSB) -- C:\Windows\System32\drivers\btmusb.sys (Motorola, Inc.)
DRV - (btmaudio) -- C:\Windows\System32\drivers\btmaud.sys (Motorola, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (DVMIO) -- C:\Windows\System32\drivers\dvmio.sys (DeviceVM, Inc.)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://news.google.de/
IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes,DefaultScope = {A7CBC86F-D1CC-4E19-B69A-6B103FD66D0A}
IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{A7CBC86F-D1CC-4E19-B69A-6B103FD66D0A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.giga.de/go/wy7"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Oliver\AppData\Roaming\05001.069
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.28 18:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Oliver\AppData\Roaming\05001.069
 
[2012.01.28 18:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions
[2012.03.26 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\fus14huh.default\extensions
[2012.01.28 18:54:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\fus14huh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.02.21 08:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.28 18:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012.01.28 18:53:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.20 12:23:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EA31F7-E149-4EE8-88C1-354F9A8FDBAD}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 18:53:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 18:53:20 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.21 19:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.20 12:34:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.20 12:26:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.20 11:50:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.20 11:50:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.20 11:50:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.20 11:48:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.20 11:47:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.17 23:54:53 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Desktop\Tojaner
[2013.05.17 22:21:10 | 000,103,680 | ---- | C] (GMER) -- C:\uxddqpog.sys
[2013.05.16 22:54:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.05.16 22:51:09 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Amazon MP3
[2013.05.16 22:51:00 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013.05.16 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Program Files
[2013.05.16 22:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eb0aa9f5-d90d-429d-91cc-de4db96b16c7
[2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Ulyn
[2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Exef
[2013.05.15 23:24:14 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 23:24:12 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 23:24:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.15 23:24:11 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 23:24:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 23:24:09 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 23:24:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.15 23:24:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.15 23:24:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.15 23:24:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.15 08:16:57 | 000,077,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_AuthenticAMD.dll
[2013.05.15 08:16:56 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 08:16:55 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 08:16:02 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 08:15:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 08:15:51 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.06 12:24:33 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 10:48:24 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013.05.01 10:48:24 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013.05.01 07:12:24 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.01 07:12:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.01 07:12:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.01 07:12:24 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.01 07:12:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.01 07:12:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.01 07:12:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.01 07:12:23 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.01 07:12:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.01 07:12:22 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.01 07:12:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.01 07:12:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.01 07:12:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.01 07:12:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.01 07:12:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.01 07:12:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.01 07:12:21 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.01 07:12:21 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.01 07:12:21 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.01 07:12:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.01 07:12:21 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.01 07:12:21 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.01 07:12:21 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.01 07:12:21 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.01 07:12:20 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.01 07:12:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.29 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Wild Tangent
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 19:36:58 | 000,023,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 19:36:58 | 000,023,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 19:30:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 19:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 19:29:14 | 2813,775,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 19:25:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 18:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 18:38:43 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.22 18:38:43 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.22 18:38:43 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.22 18:38:43 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.22 13:18:15 | 000,000,055 | ---- | M] () -- C:\Users\Oliver\AppData\Local\mv_music.xml
[2013.05.22 12:15:54 | 000,000,058 | ---- | M] () -- C:\Users\Oliver\AppData\Local\mv_Photo.xml
[2013.05.20 12:23:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.17 22:21:10 | 000,103,680 | ---- | M] (GMER) -- C:\uxddqpog.sys
[2013.05.17 21:44:32 | 000,000,000 | ---- | M] () -- C:\Users\Oliver\defogger_reenable
[2013.05.16 07:01:52 | 000,429,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 16:50:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 16:50:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.06 12:23:59 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.02 21:47:02 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOliver.job
[2013.05.01 10:49:06 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.05.01 07:12:24 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.05.01 07:12:24 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.05.01 07:12:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.05.01 07:12:24 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.05.01 07:12:24 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.05.01 07:12:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.05.01 07:12:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.05.01 07:12:23 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.01 07:12:23 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.05.01 07:12:22 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.05.01 07:12:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.05.01 07:12:22 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.05.01 07:12:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.05.01 07:12:22 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.05.01 07:12:22 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.05.01 07:12:22 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.05.01 07:12:21 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.05.01 07:12:21 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.05.01 07:12:21 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.05.01 07:12:21 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.05.01 07:12:21 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.05.01 07:12:21 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.05.01 07:12:21 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.01 07:12:21 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.05.01 07:12:21 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.01 07:12:20 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.01 07:12:20 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.25 23:41:51 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
[2013.04.25 14:19:04 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNETBOOK$.job
 
========== Files Created - No Company Name ==========
 
[2013.05.20 11:50:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.20 11:50:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.20 11:50:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.20 11:50:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.20 11:50:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.17 21:44:32 | 000,000,000 | ---- | C] () -- C:\Users\Oliver\defogger_reenable
[2013.05.01 07:12:21 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.24 23:03:26 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2013.03.10 20:09:34 | 000,120,695 | ---- | C] () -- C:\Users\Oliver\Saeco_Nova Sup Testmodus.pdf
[2013.03.10 20:08:00 | 000,261,717 | ---- | C] () -- C:\Users\Oliver\Saeco_Nova Sup zerlegen.pdf
[2013.02.26 19:57:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.02.26 19:57:11 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013.02.23 12:46:17 | 000,000,614 | ---- | C] () -- C:\Windows\wiso.ini
[2012.12.28 00:30:26 | 000,009,295 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Kommagetrennte Werte (DOS).EML
[2012.12.19 00:46:01 | 000,076,339 | ---- | C] () -- C:\ProgramData\moshzrzqkbmkgjl
[2012.12.14 18:30:20 | 000,000,158 | ---- | C] () -- C:\Windows\LilliP.ini
[2012.09.16 21:00:46 | 000,022,528 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.08.28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.08.28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.08.10 20:53:33 | 000,000,011 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\urhtps.dat
[2012.08.09 22:43:38 | 000,000,016 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\blckdom.res
[2012.01.28 18:53:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.12.11 18:25:58 | 000,000,032 | ---- | C] () -- C:\Users\Oliver\.simfy
[2011.10.01 14:35:05 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.09.30 22:28:13 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.09.30 15:16:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.09.30 15:16:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.09.15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011.07.09 13:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011.06.28 20:54:44 | 000,000,243 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2011.06.28 19:50:01 | 000,000,058 | ---- | C] () -- C:\Users\Oliver\AppData\Local\mv_Photo.xml
[2011.06.28 19:50:01 | 000,000,055 | ---- | C] () -- C:\Users\Oliver\AppData\Local\mv_music.xml
[2011.06.24 13:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.24 13:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.06.24 13:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.06.24 13:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.06.24 13:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.06.24 13:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.06.24 13:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.06.24 13:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.06.24 13:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.06.24 13:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
viel Spass damit hxxp://www.trojaner-board.de/images/icons/icon24.gif

Antwort

Themen zu Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an
anleitung, anmeldung, antivir, automatische, avira, avira antivir, betriebssystem, e-banking, fehlermeldung, forum, funktioniert, gen, google, karte, kreditkarte, log-file, online-banking, programm, scan, schnell, schutz, schädling, tans, tr/bublik.i.11, trojaner, updates, virenschutz, windows



Ähnliche Themen: Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an


  1. IT-Behörde der EU fordert sichereres Online-Banking
    Nachrichten - 21.01.2014 (0)
  2. Trojaner beim Online-Banking
    Log-Analyse und Auswertung - 15.06.2013 (17)
  3. Volksbank Online Banking fordert TAN Liste
    Plagegeister aller Art und deren Bekämpfung - 21.08.2011 (5)
  4. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  5. Volksbank Online-Banking fordert Tan-Liste
    Log-Analyse und Auswertung - 06.08.2011 (1)
  6. 1. Java lädt Viren runter, 2. Online Banking TANs gesperrt
    Log-Analyse und Auswertung - 21.07.2011 (3)
  7. Volksbank Online-Banking fordert Tan-Liste
    Log-Analyse und Auswertung - 19.07.2011 (1)
  8. Volksbank Online-Banking fordert Tan-Liste
    Plagegeister aller Art und deren Bekämpfung - 16.06.2011 (18)
  9. Online Banking Sparkasse- mehrere Tans eingeben
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (14)
  10. Postbank Online-Banking: Aufforderung zur Eingabe von 40 TANs
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (3)
  11. 40 TANs Eingabe beim Online Banking
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (17)
  12. Trojaner - Fishing der TANs beim Online Banking der Postbank
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (17)
  13. BDS/Papras.PK in Windows\system21\jvienify.dll, 30 Tans bei Postbank online-Banking
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (1)
  14. Trojaner: Online Banking Sparkasse - 50 Tans eingeben
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (10)
  15. Trojaner beim Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (38)
  16. Trojaner möchte 40 Tans zum Sparkassen Online Banking
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (16)
  17. Aufforderung 10 TANs einzugeben auf Online-Banking Sparkasse - Problem auf meinem PC?
    Log-Analyse und Auswertung - 24.10.2008 (1)

Zum Thema Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an - Guten Abend, ich hab mir offensichtlich eine Trojaner eingefangen, der mich beim Online-Banking stört. Bei der ersten Anmeldung werde ich aufgefordert, Kreditkartendaten anzugeben ("wir haben Ihren PC nicht erkannt.."), bei - Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an...
Archiv
Du betrachtest: Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.