|
Log-Analyse und Auswertung: Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs anWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
17.05.2013, 22:52 | #1 |
| Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Guten Abend, ich hab mir offensichtlich eine Trojaner eingefangen, der mich beim Online-Banking stört. Bei der ersten Anmeldung werde ich aufgefordert, Kreditkartendaten anzugeben ("wir haben Ihren PC nicht erkannt.."), bei weiteren Versuchen soll ich meine TANs eingeben. Hab natürlich beides nicht gemacht. Über Google bin ich sehr schnell auf dieses Forum gestoßen, hab mit die Anleitung durchgelesen und nach dem Hinweis, dass man die Lösungen, die für andere Nutzer angeboten wurden, nicht anwenden soll diesen Thread eröffnet. Mein Betriebssystem ist Windows 7 und als Virenschutz verwende ich die Avira Antivir Premium. Für beides lasse ich alle automatischen updates sofort ausführen, von daher ist mir unbegreiflich, wie es dieser Schädling doch auf meinen PC geschafft hat. Für Tipp diesbezüglich bin ich dankbar. Die Logs von Avira und OTL sind angehängt. Die von OTL waren etwas zu groß, so dass ich sie teilen musste. Gmer (Version 2.1.19163) funktioniert leider nicht. Nach etwa 2 Minuten bricht der Scan ab und es erscheint die Fehlermeldung "Programm wird auf Grund eines Problems nicht richtig ausgeführt..." Ein Log-File wurde nicht erstellt. Ich hoffe, Sie können mir helfen bedanke mich schon mal im Voraus... |
18.05.2013, 00:37 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
18.05.2013, 09:28 | #3 |
| Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Guten Morgen und danke für die schnelle Reaktion. Ältere Logs hab ich leider nicht. Zwischenzeitlich ist mir auch aufgefallen, dass das Internet auf dem betroffenen PC sehr langsam läuft. Kann das damit zusammenhängen?
__________________freundliche Grüße Oliver |
19.05.2013, 01:52 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Das Log otl.txt ist leider unvollständig. Bitte die Logs nicht in den Anhang packen sondern in CODE-Tags posten
__________________ Logfiles bitte immer in CODE-Tags posten |
19.05.2013, 13:24 | #5 |
| Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Hallo, bin nihct sehr geübt im Umgang mit Foren. Meist lese ich nur und finde, was ich brauche :-) Beim ersten Versuch habe ich alle Codes - wie oben beschrieben - in den Text kopiert, dann kam die Meldung, die NAchricht sei zu lang. Deshalb hab ich sie angehängt. AUf die Idee, mehrer Beiträge zu verfassen, bin ich leider nicht gekommen. Hier der Inhalt der OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.05.2013 21:51:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oliver\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 70,08% Memory free 6,99 Gb Paging File | 5,79 Gb Available in Paging File | 82,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 446,84 Gb Total Space | 359,87 Gb Free Space | 80,53% Space Free | Partition Type: NTFS Drive D: | 18,62 Gb Total Space | 2,33 Gb Free Space | 12,49% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 90,89 Mb Free Space | 91,79% Space Free | Partition Type: FAT32 Computer Name: NETBOOK | User Name: Oliver | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.17 19:03:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe PRC - [2013.05.16 22:53:03 | 000,844,168 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 23:50:22 | 000,400,704 | ---- | M] () -- C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe PRC - [2013.05.06 12:23:49 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2013.05.06 12:23:47 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.05.06 12:23:47 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.04.23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe PRC - [2013.03.21 14:53:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.21 14:53:20 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.21 14:53:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.04.01 18:40:00 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2011.01.25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010.11.18 19:59:52 | 000,338,208 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe PRC - [2010.11.10 15:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2010.11.10 07:56:08 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.11.10 07:55:38 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.10.25 16:45:32 | 003,511,888 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe PRC - [2010.09.29 15:10:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2010.09.29 15:10:00 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe PRC - [2010.09.03 18:13:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe PRC - [2010.08.31 17:16:10 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2010.08.23 18:06:58 | 000,584,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010.08.23 18:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010.08.05 20:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe PRC - [2010.07.21 15:33:00 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe PRC - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe PRC - [2010.07.16 14:07:54 | 000,508,680 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe PRC - [2010.07.15 12:22:36 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe PRC - [2010.07.15 12:22:24 | 000,901,384 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe PRC - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe PRC - [2010.06.07 12:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezSharedSvcHost.exe PRC - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 07:13:37 | 000,115,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\9ab54aea64046cd2b4ff895b1c027c05\DeviceStoryAlbum.ni.dll MOD - [2013.05.16 07:13:36 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\29be5a9cc5b83e2b30e9d788ac201f83\DevicePodcast.ni.dll MOD - [2013.05.16 07:13:34 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b44e10add0a5276dc3fbbde338c4b5ea\DeviceVideo.ni.dll MOD - [2013.05.16 07:13:33 | 000,355,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\9661c2265a6fb7782243c0633378a1e5\DevicePhoto.ni.dll MOD - [2013.05.16 07:13:31 | 000,307,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ec4ba3e13a88086bf95ea05919513917\DeviceMusic.ni.dll MOD - [2013.05.16 07:13:30 | 000,474,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\df3496a7e1364e2b78bac5b4aef48ae6\VideoManager.ni.dll MOD - [2013.05.16 07:13:28 | 000,782,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\88ec39193b34cf293d0887383c2ccde5\PhotoManager.ni.dll MOD - [2013.05.16 07:13:25 | 001,988,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\be4228490407398b302edeed5ea57879\Phonebook.ni.dll MOD - [2013.05.16 07:13:20 | 000,207,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\ea5424dfc774422fa2038d980b1642d1\StoryAlbumManager.ni.dll MOD - [2013.05.16 07:13:19 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\218ed646a2ca6d2c08509295ce556260\MusicManager.ni.dll MOD - [2013.05.16 07:13:16 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\fbe4134679a5506a54004cd5952d7d29\BATPlugin.ni.dll MOD - [2013.05.16 07:13:10 | 000,534,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\730c70013610eb7e73f49213b1076bab\Kies.Common.MediaDB.ni.dll MOD - [2013.05.16 07:13:08 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\94fd3d4235723a962f8b3f29d7eac567\Kies.Common.AllShare.ni.dll MOD - [2013.05.16 07:13:07 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1784a3c837a81be9ad8608a9405de178\Kies.Common.DBManager.ni.dll MOD - [2013.05.16 07:13:06 | 001,146,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\1f04da0191d585e975a3f43548a70e2e\Podcaster.ni.dll MOD - [2013.05.16 07:13:03 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\35992f641f4348746cfe0c6c1b48ece7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.05.16 07:13:02 | 000,580,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f0dfcf225ea9ee5911a199d90da24d76\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.05.16 07:12:59 | 001,205,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ddd3ef7293ae9ddaca67c1ab86f328c3\Kies.Common.DeviceService.ni.dll MOD - [2013.05.16 07:12:56 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\99bba258903cd892a867461d55d728ff\DeviceCommonLib.ni.dll MOD - [2013.05.16 07:12:53 | 000,743,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\d68e9699b3319f4d4a0d0fdb8855f48a\Kies.Plugin.ContentsManagerLib.ni.dll MOD - [2013.05.16 07:12:51 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\50c6d0af63aa7107ec15d7ef86a62609\Kies.Common.MainUI.ni.dll MOD - [2013.05.16 07:12:37 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6704d4bac5e6b834fe7cd1502f09f2cb\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.05.16 07:12:31 | 002,202,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\dfc6504af8cd62a4a38a5b6ad7ca6566\Kies.Common.Multimedia.ni.dll MOD - [2013.05.16 07:12:26 | 000,638,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2627bfc447a741309a32dbd51ee23dbc\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.05.16 07:12:15 | 007,031,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\be28b9e8726e3ab319a05ee11b0bc412\DeviceHost.ni.dll MOD - [2013.05.16 07:12:02 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\37bb8c2ca86bf868044bce11e73d1efc\Kies.Common.Util.ni.dll MOD - [2013.05.16 07:12:00 | 001,899,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7aef2d5e9f446c4108ed337e465cd196\Kies.UI.ni.dll MOD - [2013.05.16 07:11:56 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.05.16 07:11:55 | 001,273,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0687f786aa9dd34f7dd8d26cdfdb065f\Kies.Interface.ni.dll MOD - [2013.05.16 07:11:10 | 002,177,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\81b8201bf1ea967ba701b63e65e75e47\Kies.ni.exe MOD - [2013.05.16 07:08:29 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013.05.16 07:04:42 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013.05.16 07:04:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 07:03:44 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013.05.16 07:03:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.16 07:03:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.15 23:23:39 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013.05.15 23:23:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll MOD - [2013.05.15 23:23:07 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013.05.15 23:23:05 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013.05.15 23:22:41 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013.05.09 23:50:22 | 000,400,704 | ---- | M] () -- C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe MOD - [2013.05.02 10:30:02 | 017,554,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll MOD - [2013.05.02 10:30:00 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\5face173af94a7083cea1c078a6b4938\DummyStorePlugin.ni.dll MOD - [2013.05.02 10:29:35 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a5bd3f2855afcc1f5bf15057c35bd48d\Kies.Common.StoreManager.ni.dll MOD - [2013.05.02 10:29:31 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\fde643974d1f6bc8843237cedb262c9b\Kies.Common.CRMManager.ni.dll MOD - [2013.05.02 10:29:25 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\94eee0f7d59880d4ff2754ad67877ac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.05.02 10:29:24 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\931b9596988f8d16731b691a35a25727\Interop.DevFileServiceLib.ni.dll MOD - [2013.05.01 11:34:16 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd5cbd625647b2af277b7c5c0ffb8f5b\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.05.01 11:34:11 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\bbd37020633f9e7f190af58b7bf6138f\ZipStore.ni.dll MOD - [2013.05.01 11:34:11 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\bfc490c6779a7a9ae85832ca58c27054\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.05.01 11:34:04 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\15fff4c0b61cdf95cf8c94850bfbde5f\Interop.DeviceServiceModelDBLib.ni.dll MOD - [2013.05.01 11:34:02 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.05.01 11:28:02 | 001,644,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll MOD - [2013.05.01 11:28:00 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll MOD - [2013.02.15 23:05:31 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.15 22:12:59 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.01.31 21:39:01 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll MOD - [2013.01.13 20:01:38 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll MOD - [2013.01.13 20:01:35 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll MOD - [2013.01.13 20:01:13 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.01.13 20:01:12 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.01.13 20:01:12 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.01.13 20:00:58 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll MOD - [2013.01.11 13:36:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.11 13:35:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 13:34:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 13:33:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 13:33:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 13:32:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.11 13:25:42 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 13:25:26 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.11 13:21:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.11 13:21:10 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.11 13:20:57 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2010.12.15 22:23:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.10 15:39:38 | 000,096,256 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.10.25 16:45:46 | 020,895,312 | ---- | M] () -- C:\Program Files\Motorola\Bluetooth\btmshell.dll MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe MOD - [2010.08.31 17:16:10 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe MOD - [2010.07.21 15:33:02 | 000,052,280 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll MOD - [2010.07.21 15:33:00 | 000,030,264 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll MOD - [2010.06.07 12:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Services (SafeList) ========== SRV - [2013.05.15 16:50:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.06 12:23:49 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.05.06 12:23:47 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.03.21 14:53:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.21 14:53:18 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.04.01 18:40:00 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.01.25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010.11.18 19:59:52 | 000,338,208 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES) SRV - [2010.11.10 15:39:34 | 000,284,160 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2010.11.10 07:55:38 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.10.25 16:45:32 | 003,511,888 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.09.29 15:10:00 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2010.08.23 18:06:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010.08.05 20:50:56 | 000,210,488 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV - [2010.07.16 14:07:54 | 000,508,680 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2010.07.15 12:22:24 | 000,901,384 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service) SRV - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) [Auto | Running] -- C:\Windows\System32\ezSharedSvcHost.exe -- (ezSharedSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2013.04.03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2013.04.03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2013.03.21 14:53:30 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.21 14:53:30 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.21 14:53:30 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2012.10.09 22:11:23 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.01.03 17:28:54 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.10 08:33:04 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.11.10 07:18:34 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.10.26 18:59:36 | 000,402,432 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB) DRV - [2010.10.14 11:17:14 | 000,033,280 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmaud.sys -- (btmaudio) DRV - [2010.09.29 15:10:00 | 000,432,640 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010.09.24 17:46:24 | 000,102,416 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.09.03 18:13:32 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd) DRV - [2010.07.21 03:43:16 | 000,194,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.06.30 12:02:08 | 000,041,344 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM) DRV - [2010.04.29 14:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.11.11 13:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://news.google.de/ IE - HKCU\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {A7CBC86F-D1CC-4E19-B69A-6B103FD66D0A} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{A7CBC86F-D1CC-4E19-B69A-6B103FD66D0A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.giga.de/go/wy7" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Oliver\AppData\Roaming\05001.069 [2012.08.10 19:50:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.09 17:06:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.28 18:53:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Oliver\AppData\Roaming\05001.069 [2012.08.10 19:50:34 | 000,000,000 | ---D | M] [2012.01.28 18:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions [2012.03.26 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\fus14huh.default\extensions [2012.01.28 18:54:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\fus14huh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.02.21 08:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.01.28 18:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2012.01.28 18:53:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FF88A983-649D-4207-9336-9B999280B436} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe () O4 - HKCU..\Run: [Edhyevi] C:\Users\Oliver\AppData\Roaming\Onli\eqkem.exe (Mandiant) O4 - HKCU..\Run: [IExplorer Util] C:\Users\Oliver\AppData\Roaming\ie_util.exe (Mandiant) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EA31F7-E149-4EE8-88C1-354F9A8FDBAD}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{efcb11ec-d6e6-11e0-be5d-68b599e29c56}\Shell - "" = AutoRun O33 - MountPoints2\{efcb11ec-d6e6-11e0-be5d-68b599e29c56}\Shell\AutoRun\command - "" = F:\DPFMate.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.17 19:03:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe [2013.05.17 03:43:08 | 000,053,760 | ---- | C] (Mandiant) -- C:\Users\Oliver\AppData\Roaming\ie_util.exe [2013.05.16 22:54:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.05.16 22:51:09 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Amazon MP3 [2013.05.16 22:51:00 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2013.05.16 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Program Files [2013.05.16 22:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eb0aa9f5-d90d-429d-91cc-de4db96b16c7 [2013.05.16 22:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows [2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Ulyn [2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Onli [2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Exef [2013.05.06 12:24:33 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.01 10:48:24 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2013.05.01 10:48:24 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2013.04.29 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Wild Tangent [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Oliver\AppData\Roaming\*.tmp files -> C:\Users\Oliver\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.17 21:56:46 | 000,023,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 21:56:46 | 000,023,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 21:56:43 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.17 21:56:43 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.17 21:56:43 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.17 21:56:43 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.17 21:50:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.17 21:49:58 | 000,019,193 | -HS- | M] () -- C:\ProgramData\5141aca6-a50b-4f62-a338-b275b23fbfe9 [2013.05.17 21:49:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.17 21:48:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.17 21:48:21 | 2813,775,872 | -HS- | M] () -- C:\hiberfil.sys [2013.05.17 21:44:32 | 000,000,000 | ---- | M] () -- C:\Users\Oliver\defogger_reenable [2013.05.17 21:25:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.17 19:04:43 | 000,377,856 | ---- | M] () -- C:\Users\Oliver\Desktop\gmer_2.1.19163.exe [2013.05.17 19:03:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oliver\Desktop\OTL.exe [2013.05.17 19:03:12 | 000,050,477 | ---- | M] () -- C:\Users\Oliver\Desktop\Defogger.exe [2013.05.17 03:43:07 | 000,053,760 | ---- | M] (Mandiant) -- C:\Users\Oliver\AppData\Roaming\ie_util.exe [2013.05.16 07:01:52 | 000,429,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 20:11:52 | 000,000,191 | ---- | M] () -- C:\Users\Oliver\AppData\Local\mv_Photo.xml [2013.05.06 12:23:59 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.04 13:35:37 | 000,000,176 | ---- | M] () -- C:\Users\Oliver\AppData\Local\mv_music.xml [2013.05.02 21:47:02 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOliver.job [2013.05.01 10:49:06 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.05.01 07:12:21 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.25 23:41:51 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat [2013.04.25 14:19:04 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNETBOOK$.job [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Oliver\AppData\Roaming\*.tmp files -> C:\Users\Oliver\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.17 21:44:32 | 000,000,000 | ---- | C] () -- C:\Users\Oliver\defogger_reenable [2013.05.17 19:04:43 | 000,377,856 | ---- | C] () -- C:\Users\Oliver\Desktop\gmer_2.1.19163.exe [2013.05.17 19:03:10 | 000,050,477 | ---- | C] () -- C:\Users\Oliver\Desktop\Defogger.exe [2013.05.16 22:29:14 | 000,019,193 | -HS- | C] () -- C:\ProgramData\5141aca6-a50b-4f62-a338-b275b23fbfe9 [2013.05.16 22:29:14 | 000,016,725 | -HS- | C] () -- C:\ProgramData\5141aca6-a50b-4f62-a338-b275b23fbfe9 [2013.05.01 07:12:21 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.04.24 23:03:26 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2013.03.10 20:09:34 | 000,120,695 | ---- | C] () -- C:\Users\Oliver\Saeco_Nova Sup Testmodus.pdf [2013.03.10 20:08:00 | 000,261,717 | ---- | C] () -- C:\Users\Oliver\Saeco_Nova Sup zerlegen.pdf [2013.02.26 19:57:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2013.02.26 19:57:11 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2013.02.23 12:46:17 | 000,000,614 | ---- | C] () -- C:\Windows\wiso.ini [2012.12.28 00:30:26 | 000,009,295 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Kommagetrennte Werte (DOS).EML [2012.12.19 00:46:01 | 000,076,339 | ---- | C] () -- C:\ProgramData\moshzrzqkbmkgjl [2012.12.14 18:30:20 | 000,000,158 | ---- | C] () -- C:\Windows\LilliP.ini [2012.09.16 21:00:46 | 000,022,528 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.08.28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.08.28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.08.28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.08.28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.08.10 20:53:33 | 000,000,011 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\urhtps.dat [2012.08.09 22:43:38 | 000,000,016 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\blckdom.res [2012.01.28 18:53:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.12.11 18:25:58 | 000,000,032 | ---- | C] () -- C:\Users\Oliver\.simfy [2011.10.01 14:35:05 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.09.30 22:28:13 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.09.30 15:16:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.09.30 15:16:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.09.15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.07.09 13:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll [2011.06.28 20:54:44 | 000,000,243 | ---- | C] () -- C:\ProgramData\MusicStation.xml [2011.06.28 19:50:01 | 000,000,191 | ---- | C] () -- C:\Users\Oliver\AppData\Local\mv_Photo.xml [2011.06.28 19:50:01 | 000,000,176 | ---- | C] () -- C:\Users\Oliver\AppData\Local\mv_music.xml [2011.06.24 13:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.06.24 13:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2011.06.24 13:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2011.06.24 13:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2011.06.24 13:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2011.06.24 13:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2011.06.24 13:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2011.06.24 13:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2011.06.24 13:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2011.06.24 13:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.09 22:43:48 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\05001.067 [2012.08.10 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\05001.069 [2011.12.19 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Amazon [2013.02.23 12:42:46 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Buhl Data Service [2012.11.20 22:47:28 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\calibre [2012.12.09 23:32:57 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DVDVideoSoft [2012.12.09 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.23 23:09:47 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\elsterformular [2012.01.22 16:22:10 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Engelmann Media [2013.05.17 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Exef [2012.01.28 18:57:47 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FlashGet [2011.09.30 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\FreePDF [2012.08.09 22:43:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\kock [2011.08.27 16:46:20 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Mobipocket [2012.06.02 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\mresreg [2013.05.16 22:32:18 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Onli [2011.06.28 19:53:09 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\PictureMover [2012.07.27 22:12:07 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ROUTE 66 Sync [2013.01.31 21:09:38 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Samsung [2011.12.11 18:25:56 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Simfy [2011.06.28 19:52:05 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Stardock [2011.06.28 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Synaptics [2012.08.11 13:15:39 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\UAs [2013.05.16 22:32:18 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Ulyn [2013.03.22 21:09:28 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\WildTangent [2012.12.28 00:17:54 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Windows Live Writer [2012.08.11 13:16:36 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\xmldm [2011.06.30 19:57:24 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\ZumoDrive [2011.06.28 20:02:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > Soll ich die übrigen Files auch noch mal schicken? |
19.05.2013, 20:47 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an |
20.05.2013, 11:53 | #7 |
| Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Hallo, Hab combofix ausgeführt, Log s.u. Folgende Fragen hätt ich noch vorab: Mein Internet geht wieder schneller. Ist das ein Zeichen, dass bestehende Probleme behoben wurden? Ist es überhaupt ratsam, mit dem infizierten PC ins Netz zu gehen? Ich hab versucht, die Logs auf einen USB-Stick zu ziehen und wollte die Kommunikation mit dir von einem anderen PC aus durchführen, aber der PC zeigt mir den Stick nicht an. Wurde der mit defogger deaktiviert? Während Combofix gelaufen ist, sind folgende Eingriffe geschehen: 1) ich hab ne Funkmaus, die sich bei Inaktivität automatisch abschaltet 2) Weil der Bildschirmschoner angesprungen ist, hab ich die Leertaste gedrückt, nach Stufe 41 und nach löschen der Datei ~roaming/onli 3) Nach dem Neustart kam die Meldung "Catalyst Control Center Host Application funktioniert nicht mehr...." Da hab ich den Button "Programm schließen" betätigt. 4) Nachdem Cobofix beendet war, wollte ich mit IE ins Netz und bekam die Meldung "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum löschen vorgemerkt wurde". Das gleiche bei Mozilla und Outlook. Ich hab den PC noch mal neu gestartet, jetzt funktioniert es wieder. Hier der Log: Code:
ATTFilter ComboFix 13-05-18.04 - Oliver 20.05.2013 11:55:11.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3578.2401 [GMT 2:00] ausgeführt von:: c:\users\Oliver\Desktop\Tojaner\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\5141aca6-a50b-4f62-a338-b275b23fbfe9 c:\programdata\windows c:\programdata\windows\dumd.dat c:\programdata\windows\wsse.dll c:\programdata\windows\xdor.dat c:\users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe c:\users\Oliver\AppData\Roaming\05001.067 c:\users\Oliver\AppData\Roaming\05001.067\chrome.manifest c:\users\Oliver\AppData\Roaming\05001.067\components\AcroFF.txt c:\users\Oliver\AppData\Roaming\05001.067\install.rdf c:\users\Oliver\AppData\Roaming\05001.069 c:\users\Oliver\AppData\Roaming\05001.069\chrome.manifest c:\users\Oliver\AppData\Roaming\05001.069\components\AcroFF.txt c:\users\Oliver\AppData\Roaming\05001.069\install.rdf c:\users\Oliver\AppData\Roaming\AcroIEHelpe.txt c:\users\Oliver\AppData\Roaming\ie_util.exe c:\users\Oliver\AppData\Roaming\Onli c:\users\Oliver\AppData\Roaming\Onli\eqkem.exe c:\users\Oliver\AppData\Roaming\srvblck5.tmp c:\windows\security\Database\tmp.edb c:\windows\unin0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-20 bis 2013-05-20 )))))))))))))))))))))))))))))) . . 2013-05-17 20:21 . 2013-05-17 20:21 103680 ----a-w- C:\uxddqpog.sys 2013-05-16 20:50 . 2013-05-16 20:50 -------- d-----w- c:\users\Oliver\AppData\Local\Program Files 2013-05-16 20:33 . 2013-05-20 09:38 -------- d-----w- c:\programdata\eb0aa9f5-d90d-429d-91cc-de4db96b16c7 2013-05-16 20:32 . 2013-05-17 22:42 -------- d-----w- c:\users\Oliver\AppData\Roaming\Exef 2013-05-16 20:32 . 2013-05-16 20:32 -------- d-----w- c:\users\Oliver\AppData\Roaming\Ulyn 2013-05-15 06:16 . 2013-04-01 05:10 77144 ----a-w- c:\windows\system32\mcupdate_AuthenticAMD.dll 2013-05-15 06:16 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-15 06:16 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 06:16 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 06:16 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 06:16 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 06:15 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe 2013-05-15 06:15 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll 2013-05-15 06:15 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll 2013-05-08 20:23 . 2013-05-08 20:25 -------- d-----w- c:\users\Katrin\AppData\Roaming\vlc 2013-05-06 10:24 . 2013-05-06 10:23 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-05-01 08:48 . 2013-04-03 07:58 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-05-01 08:48 . 2013-04-03 07:58 181912 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-04-29 20:18 . 2013-04-29 20:18 -------- d-----w- c:\users\Oliver\AppData\Local\Wild Tangent 2013-04-24 06:06 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-21 17:47 . 2013-04-21 17:47 410984 ----a-w- c:\windows\system32\deploytk.dll 2013-04-21 09:34 . 2013-04-21 09:35 -------- d-----w- c:\users\Katrin\AppData\Roaming\calibre . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 14:50 . 2012-04-13 05:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-15 14:50 . 2011-07-06 04:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-15 06:00 . 2011-12-04 19:42 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-13 04:45 . 2013-05-15 06:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 06:16 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-21 12:53 . 2012-10-10 20:51 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-21 12:53 . 2012-10-10 20:51 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-21 12:53 . 2012-10-10 20:51 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-19 05:04 . 2013-04-10 11:18 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 11:18 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 04:48 . 2013-04-10 11:18 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 02:49 . 2013-04-10 11:18 69632 ----a-w- c:\windows\system32\smss.exe 2013-02-21 06:25 . 2013-02-19 17:12 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-02-21 06:25 . 2010-12-15 13:04 782240 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-16 04:32 . 2012-01-28 16:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-04-23 1561968] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-05-16 844168] "<NO NAME>"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-05-16 844168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 336384] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-29 495708] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176] "BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-10-25 20895312] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-08-31 568888] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-23 584760] "Easybits Recovery"="c:\program files\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088] "FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2013-05-06 148888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2010-11-12 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKLM\~\startupfolder\C:^Users^Oliver^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk] path=c:\users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk backup=c:\windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.Startup backupExtension=.Startup . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x] R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x] R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x] S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [x] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [x] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S2 UI Assistant Service;UI Assistant Service;c:\program files\1&1 Surf-Stick\AssistantServices.exe [x] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x] S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [x] S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x] S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr GPSvcGroup REG_MULTI_SZ GPSvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . Inhalt des "geplante Tasks" Ordners . 2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:50] . 2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 19:02] . 2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 19:02] . 2013-04-25 c:\windows\Tasks\HPCeeScheduleForNETBOOK$.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15] . 2013-05-02 c:\windows\Tasks\HPCeeScheduleForOliver.job - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://news.google.de/ IE: Free YouTube Download - c:\users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\fus14huh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.giga.de/go/wy7 FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{ff88a983-649d-4207-9336-9b999280b436} - (no file) WebBrowser-{FF88A983-649D-4207-9336-9B999280B436} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe HKCU-Run-Edhyevi - c:\users\Oliver\AppData\Roaming\Onli\eqkem.exe HKCU-Run-AmazonMP3DownloaderHelper - c:\users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe HKCU-Run-IExplorer Util - c:\users\Oliver\AppData\Roaming\ie_util.exe AddRemove-Konkordanz 1.0 - c:\windows\unin0407.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\IDT\WDM\STacSV.exe c:\windows\system32\atieclxx.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Hewlett-Packard\Media\Webcam\YCMMirage.exe c:\windows\System32\rundll32.exe c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Motorola\Bluetooth\btplayerctrl.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-05-20 12:34:37 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-05-20 10:34 . Vor Suchlauf: 12 Verzeichnis(se), 394.020.843.520 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 397.626.580.992 Bytes frei . - - End Of File - - 86F0EAF8F4848876E7EBCEE4795A6D17 Oliver |
20.05.2013, 22:56 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Lass mich bitte die Logs auswerten bevor ich Fragen bzgl der Infektion beanworten soll Grundsätzlich ist es immer so: es gibt KEINE Garantie, dass ich oder irgendein Programm alle Infektionen sieht, erkennt und entfernt. Ein Restrisiko ist immer. Wenn du also fragst "bin ich nun 100% sicher, dass alles weg ist?" dann muss ich das verneinen. Es gibt da keine 100 % Garantie. Wenn du die haben willst, musst du alles löschen und Windows neu installieren. Bitte sag mit Bescheid wenn du das gelesen und verstanden hast.
__________________ Logfiles bitte immer in CODE-Tags posten |
21.05.2013, 07:12 | #9 |
| Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Guten Morgen Cosinus, ich hab deine Nachricht - wie auch alle anderen davor - verstanden. Mir war das vorher schon klar, steht ja schließlich auch in der Anleitung "Für alle Hilfesuchenden...". Deshalb hab ich auch nicht gefragt "Ist mein PC jetzt 100% sauber" sondern "Ist das bestehende Problem..." also das Problem, das mein Internet langsamer gemacht hat - gelöst. Die Frage, ob ich mit dem infizierten Rechner besser nicht ins Netz gehen soll, finde ich wichtig und sie sollte meiner Meinung nach nicht warten, bis deine Arbeit beendet ist, denn dann hat sich das je erledigt, oder? Ich finde es fantastisch, dass du deine Freizeit opferst um anderen zu helfen. Es verunsichert mich, dass du wiederholt Hinweise postest, die in der Anleitung bereits enthalten sind und die ich meiner Meinung nach beachte. Bitte weise mich konkret darauf hin, wenn ich was falsch mache und lass die Allgemeinplätze weg. Ich wünsch dir einen schönen Tag Oliver |
21.05.2013, 13:11 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs anZitat:
Deswegen antwortete ich so wie ich es im letzten Posting tat. Bitte GMER nochmal probieren und anschließend MBAR: Rootkitscan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
21.05.2013, 18:26 | #11 |
| Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Hallo Cosinus, dann ist ja alles klar. Ich hab GMER erneut laufen lassen. Nachdem der Bildschirmschoner angesprungen ist, hat es gestoppt. Das Log-File: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-21 18:02:45 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725050A9A364 rev.PC4OCH0A 465,76GB Running: 3_gmer_2.1.19163.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\uxddqpog.sys ---- System - GMER 2.1 ---- SSDT 9285B15E ZwCreateSection SSDT 9285B136 ZwCreateSymbolicLinkObject SSDT 9285B13B ZwLoadDriver SSDT 9285B131 ZwOpenSection SSDT 9285B168 ZwRequestWaitReplyPort SSDT 9285B163 ZwSetContextThread SSDT 9285B16D ZwSetSecurityObject SSDT 9285B140 ZwSetSystemInformation SSDT 9285B172 ZwSystemDebugControl SSDT 9285B0FF ZwTerminateProcess SSDT 9285B0FA ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C54A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8E1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9534C 1 Byte [5E] .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9534C 4 Bytes [5E, B1, 85, 92] {POP ESI; MOV CL, 0x85; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82C95354 4 Bytes [36, B1, 85, 92] {MOV CL, 0x85; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82C95468 4 Bytes [3B, B1, 85, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82C95504 4 Bytes [31, B1, 85, 92] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A3C000, 0x353030, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1112] ntdll.dll!DbgBreakPoint 77A7410C 1 Byte [C3] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1112] ntdll.dll!DbgUiRemoteBreakin 77ADF17D 5 Bytes JMP 77A9E342 C:\Windows\SYSTEM32\ntdll.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{45A296CE-0874-437C-AE0C-9D080DE55A06}\Connection@Name isatap.{A49BE73C-50EE-4F7C-B2C5-EB7E40BFDD35} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{36EF4AF8-8670-4E1D-86CE-4417ED743C32}?\Device\{45A296CE-0874-437C-AE0C-9D080DE55A06}?\Device\{571189A1-065C-4461-98BA-7DFF6E4676A2}?\Device\{8F784BAD-663E-43A7-9BB8-809EA79D4BCD}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{36EF4AF8-8670-4E1D-86CE-4417ED743C32}"?"{45A296CE-0874-437C-AE0C-9D080DE55A06}"?"{571189A1-065C-4461-98BA-7DFF6E4676A2}"?"{8F784BAD-663E-43A7-9BB8-809EA79D4BCD}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{36EF4AF8-8670-4E1D-86CE-4417ED743C32}?\Device\TCPIP6TUNNEL_{45A296CE-0874-437C-AE0C-9D080DE55A06}?\Device\TCPIP6TUNNEL_{571189A1-065C-4461-98BA-7DFF6E4676A2}?\Device\TCPIP6TUNNEL_{8F784BAD-663E-43A7-9BB8-809EA79D4BCD}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9ed9a53 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{45A296CE-0874-437C-AE0C-9D080DE55A06}@InterfaceName isatap.{A49BE73C-50EE-4F7C-B2C5-EB7E40BFDD35} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{45A296CE-0874-437C-AE0C-9D080DE55A06}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9ed9a53 (not active ControlSet) ---- EOF - GMER 2.1 ---- Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-21 18:59:11 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725050A9A364 rev.PC4OCH0A 465,76GB Running: 3_gmer_2.1.19163.exe; Driver: C:\Users\Oliver\AppData\Local\Temp\uxddqpog.sys ---- System - GMER 2.1 ---- SSDT 9285B15E ZwCreateSection SSDT 9285B136 ZwCreateSymbolicLinkObject SSDT 9285B13B ZwLoadDriver SSDT 9285B131 ZwOpenSection SSDT 9285B168 ZwRequestWaitReplyPort SSDT 9285B163 ZwSetContextThread SSDT 9285B16D ZwSetSecurityObject SSDT 9285B140 ZwSetSystemInformation SSDT 9285B172 ZwSystemDebugControl SSDT 9285B0FF ZwTerminateProcess SSDT 9285B0FA ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C54A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8E1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9534C 1 Byte [5E] .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9534C 4 Bytes [5E, B1, 85, 92] {POP ESI; MOV CL, 0x85; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82C95354 4 Bytes [36, B1, 85, 92] {MOV CL, 0x85; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82C95468 4 Bytes [3B, B1, 85, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82C95504 4 Bytes [31, B1, 85, 92] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A3C000, 0x353030, 0xE8000020] ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9ed9a53 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9ed9a53 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 916 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.21.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 Oliver :: NETBOOK [administrator] 21.05.2013 19:19:32 mbar-log-2013-05-21 (19-19-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29751 Time elapsed: 13 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Sehr geehrte/r Herr Oliver Baumgard, heute erhalten Sie eine dringende Nachricht zu Ihrem 1&1 DSL-Anschluss. 1&1 hat es sich zur Aufgabe gemacht, seine Kunden vor den Gefahren des Internets zu sch tzen. Unser Expertenteam hat Hinweise erhalten, dass sich der gef hrliche Virus "Torpig" auf Ihrem Computer befindet. Datum und Uhrzeit des Hinweises: 2013-05-17 17:48:00 freundliche Grüße Oliver |
21.05.2013, 20:13 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
22.05.2013, 06:55 | #13 |
| Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Guten Morgen, ASWMBR ist recht lange gelaufen, hier der log: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-05-21 21:42:21 ----------------------------- 21:42:21.486 OS Version: Windows 6.1.7601 Service Pack 1 21:42:21.486 Number of processors: 2 586 0x100 21:42:21.486 ComputerName: NETBOOK UserName: Oliver 21:42:24.559 Initialize success 21:44:27.418 AVAST engine defs: 13052101 21:44:37.137 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:44:37.153 Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OCH0A Size: 476940MB BusType: 11 21:44:39.134 Disk 0 MBR read successfully 21:44:39.134 Disk 0 MBR scan 21:44:39.149 Disk 0 Windows 7 default MBR code 21:44:39.227 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 21:44:39.368 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 457568 MB offset 409600 21:44:39.539 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19068 MB offset 937508864 21:44:39.727 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128 21:44:39.929 Disk 0 scanning sectors +976771120 21:44:42.098 Disk 0 scanning C:\Windows\system32\drivers 21:48:05.819 Service scanning 21:48:50.809 Modules scanning 21:53:40.893 Disk 0 trace - called modules: 21:53:41.439 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 21:53:41.470 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86716270] 21:53:41.485 3 CLASSPNP.SYS[8c97f59e] -> nt!IofCallDriver -> [0x86716990] 21:53:41.501 5 hpdskflt.sys[8ca09f92] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862a2030] 21:53:43.669 AVAST engine scan C:\Windows 21:58:59.102 AVAST engine scan C:\Windows\system32 22:45:13.177 AVAST engine scan C:\Windows\system32\drivers 22:46:13.814 AVAST engine scan C:\Users\Oliver 23:24:10.210 AVAST engine scan C:\ProgramData 23:27:33.293 Scan finished successfully 07:52:06.690 Disk 0 MBR has been saved successfully to "C:\Users\Oliver\Desktop\Tojaner\MBR.dat" 07:52:06.706 The log file has been saved successfully to "C:\Users\Oliver\Desktop\Tojaner\6_aswMBR.txt" schönen Tag Das ging ja superfix, hier der nächste Log: Code:
ATTFilter 07:56:23.0515 9796 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 07:56:23.0733 9796 ============================================================ 07:56:23.0733 9796 Current date / time: 2013/05/22 07:56:23.0733 07:56:23.0733 9796 SystemInfo: 07:56:23.0733 9796 07:56:23.0733 9796 OS Version: 6.1.7601 ServicePack: 1.0 07:56:23.0733 9796 Product type: Workstation 07:56:23.0733 9796 ComputerName: NETBOOK 07:56:23.0733 9796 UserName: Oliver 07:56:23.0733 9796 Windows directory: C:\Windows 07:56:23.0733 9796 System windows directory: C:\Windows 07:56:23.0733 9796 Processor architecture: Intel x86 07:56:23.0733 9796 Number of processors: 2 07:56:23.0733 9796 Page size: 0x1000 07:56:23.0733 9796 Boot type: Normal boot 07:56:23.0733 9796 ============================================================ 07:56:24.0825 9796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 07:56:24.0825 9796 ============================================================ 07:56:24.0825 9796 \Device\Harddisk0\DR0: 07:56:24.0825 9796 MBR partitions: 07:56:24.0825 9796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 07:56:24.0825 9796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37DB0000 07:56:24.0825 9796 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37E14000, BlocksNum 0x253E000 07:56:24.0825 9796 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830 07:56:24.0825 9796 ============================================================ 07:56:24.0857 9796 C: <-> \Device\Harddisk0\DR0\Partition2 07:56:24.0888 9796 D: <-> \Device\Harddisk0\DR0\Partition3 07:56:24.0903 9796 E: <-> \Device\Harddisk0\DR0\Partition4 07:56:24.0903 9796 ============================================================ 07:56:24.0903 9796 Initialize success 07:56:24.0903 9796 ============================================================ 07:56:49.0317 6992 ============================================================ 07:56:49.0317 6992 Scan started 07:56:49.0317 6992 Mode: Manual; SigCheck; TDLFS; 07:56:49.0317 6992 ============================================================ 07:56:49.0739 6992 ================ Scan system memory ======================== 07:56:49.0739 6992 System memory - ok 07:56:49.0739 6992 ================ Scan services ============================= 07:56:49.0926 6992 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 07:56:50.0066 6992 1394ohci - ok 07:56:50.0113 6992 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 07:56:50.0129 6992 Accelerometer - ok 07:56:50.0160 6992 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 07:56:50.0191 6992 ACPI - ok 07:56:50.0222 6992 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 07:56:50.0269 6992 AcpiPmi - ok 07:56:50.0363 6992 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 07:56:50.0394 6992 AdobeARMservice - ok 07:56:50.0487 6992 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 07:56:50.0503 6992 AdobeFlashPlayerUpdateSvc - ok 07:56:50.0565 6992 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 07:56:50.0597 6992 adp94xx - ok 07:56:50.0628 6992 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 07:56:50.0659 6992 adpahci - ok 07:56:50.0690 6992 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 07:56:50.0706 6992 adpu320 - ok 07:56:50.0753 6992 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 07:56:50.0799 6992 AeLookupSvc - ok 07:56:50.0862 6992 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe 07:56:50.0909 6992 AESTFilters - ok 07:56:50.0955 6992 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 07:56:51.0002 6992 AFD - ok 07:56:51.0018 6992 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 07:56:51.0049 6992 agp440 - ok 07:56:51.0080 6992 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 07:56:51.0111 6992 aic78xx - ok 07:56:51.0143 6992 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 07:56:51.0189 6992 ALG - ok 07:56:51.0205 6992 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 07:56:51.0236 6992 aliide - ok 07:56:51.0267 6992 [ 4381A9A99F56B33DAC58852669E300E8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 07:56:51.0330 6992 AMD External Events Utility - ok 07:56:51.0361 6992 AMD FUEL Service - ok 07:56:51.0408 6992 [ 9FE76D783A7D47965D086A220B54277B ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe 07:56:51.0423 6992 AMD Reservation Manager - ok 07:56:51.0470 6992 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 07:56:51.0486 6992 amdagp - ok 07:56:51.0517 6992 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 07:56:51.0533 6992 amdide - ok 07:56:51.0579 6992 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys 07:56:51.0611 6992 amdiox86 - ok 07:56:51.0657 6992 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 07:56:51.0720 6992 AmdK8 - ok 07:56:51.0860 6992 [ 5D3816A677CA50A618AD7138D2C21CED ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 07:56:52.0032 6992 amdkmdag - ok 07:56:52.0079 6992 [ F3DC5D5C36FEE050A6C7204F0CB12C4C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 07:56:52.0125 6992 amdkmdap - ok 07:56:52.0172 6992 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 07:56:52.0219 6992 AmdPPM - ok 07:56:52.0250 6992 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 07:56:52.0266 6992 amdsata - ok 07:56:52.0297 6992 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 07:56:52.0328 6992 amdsbs - ok 07:56:52.0344 6992 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 07:56:52.0359 6992 amdxata - ok 07:56:52.0437 6992 [ 05676A56207CA37F3E76FAB3CEB97BD7 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe 07:56:52.0469 6992 AntiVirMailService - ok 07:56:52.0515 6992 [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 07:56:52.0531 6992 AntiVirSchedulerService - ok 07:56:52.0578 6992 [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 07:56:52.0609 6992 AntiVirService - ok 07:56:52.0625 6992 [ 3370240F20C2AA5E17CD73F065D02FC1 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 07:56:52.0656 6992 AntiVirWebService - ok 07:56:52.0703 6992 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 07:56:52.0827 6992 AppID - ok 07:56:52.0859 6992 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 07:56:52.0921 6992 AppIDSvc - ok 07:56:52.0952 6992 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll 07:56:53.0015 6992 Appinfo - ok 07:56:53.0061 6992 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 07:56:53.0077 6992 arc - ok 07:56:53.0093 6992 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 07:56:53.0124 6992 arcsas - ok 07:56:53.0155 6992 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 07:56:53.0295 6992 AsyncMac - ok 07:56:53.0327 6992 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 07:56:53.0342 6992 atapi - ok 07:56:53.0405 6992 [ C8B17AC82AD2EE9E0E58E3461008C5F7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys 07:56:53.0436 6992 AtiHDAudioService - ok 07:56:53.0483 6992 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 07:56:53.0545 6992 AudioEndpointBuilder - ok 07:56:53.0561 6992 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 07:56:53.0623 6992 Audiosrv - ok 07:56:53.0670 6992 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 07:56:53.0685 6992 avgntflt - ok 07:56:53.0717 6992 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 07:56:53.0732 6992 avipbb - ok 07:56:53.0779 6992 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 07:56:53.0810 6992 avkmgr - ok 07:56:53.0841 6992 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 07:56:53.0888 6992 AxInstSV - ok 07:56:53.0919 6992 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 07:56:53.0982 6992 b06bdrv - ok 07:56:54.0013 6992 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 07:56:54.0044 6992 b57nd60x - ok 07:56:54.0091 6992 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 07:56:54.0169 6992 BDESVC - ok 07:56:54.0200 6992 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 07:56:54.0263 6992 Beep - ok 07:56:54.0309 6992 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 07:56:54.0372 6992 BFE - ok 07:56:54.0387 6992 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll 07:56:54.0465 6992 BITS - ok 07:56:54.0497 6992 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 07:56:54.0543 6992 blbdrive - ok 07:56:54.0668 6992 [ F82FE3C3B87934554491D54498F008E4 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe 07:56:54.0793 6992 Bluetooth Device Manager - ok 07:56:54.0824 6992 [ B097D6C522FF0D61EFE6BC85C25E5949 ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe 07:56:54.0871 6992 Bluetooth Media Service - ok 07:56:54.0902 6992 [ 96621958FADE636986F13F32458D8647 ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe 07:56:54.0933 6992 Bluetooth OBEX Service - ok 07:56:54.0965 6992 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 07:56:55.0027 6992 bowser - ok 07:56:55.0074 6992 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 07:56:55.0121 6992 BrFiltLo - ok 07:56:55.0136 6992 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 07:56:55.0199 6992 BrFiltUp - ok 07:56:55.0245 6992 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 07:56:55.0308 6992 BridgeMP - ok 07:56:55.0370 6992 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 07:56:55.0417 6992 Browser - ok 07:56:55.0448 6992 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 07:56:55.0511 6992 Brserid - ok 07:56:55.0526 6992 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 07:56:55.0557 6992 BrSerWdm - ok 07:56:55.0589 6992 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 07:56:55.0620 6992 BrUsbMdm - ok 07:56:55.0635 6992 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 07:56:55.0682 6992 BrUsbSer - ok 07:56:55.0729 6992 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 07:56:55.0838 6992 BthEnum - ok 07:56:55.0869 6992 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 07:56:55.0916 6992 BTHMODEM - ok 07:56:55.0947 6992 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 07:56:55.0979 6992 BthPan - ok 07:56:56.0025 6992 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 07:56:56.0072 6992 BTHPORT - ok 07:56:56.0103 6992 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 07:56:56.0166 6992 bthserv - ok 07:56:56.0197 6992 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 07:56:56.0244 6992 BTHUSB - ok 07:56:56.0275 6992 [ ABA59ABAFE9DCE67F7BF616743418340 ] btmaudio C:\Windows\system32\drivers\btmaud.sys 07:56:56.0369 6992 btmaudio - ok 07:56:56.0400 6992 [ 6F14BB67AE49143DF6D56BD52C1CB925 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys 07:56:56.0447 6992 BTMCOM - ok 07:56:56.0478 6992 [ 70F16E401DFE2882EFD9A0FC10124274 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys 07:56:56.0556 6992 BTMUSB - ok 07:56:56.0712 6992 catchme - ok 07:56:56.0759 6992 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 07:56:56.0837 6992 cdfs - ok 07:56:56.0883 6992 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 07:56:56.0930 6992 cdrom - ok 07:56:56.0961 6992 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 07:56:57.0024 6992 CertPropSvc - ok 07:56:57.0055 6992 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 07:56:57.0086 6992 circlass - ok 07:56:57.0102 6992 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 07:56:57.0133 6992 CLFS - ok 07:56:57.0211 6992 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 07:56:57.0539 6992 clr_optimization_v2.0.50727_32 - ok 07:56:57.0601 6992 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 07:56:57.0632 6992 clr_optimization_v4.0.30319_32 - ok 07:56:57.0679 6992 [ 5BF671E099096143DE7796F696310D86 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys 07:56:57.0695 6992 clwvd - ok 07:56:57.0710 6992 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 07:56:57.0741 6992 CmBatt - ok 07:56:57.0773 6992 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 07:56:57.0804 6992 cmdide - ok 07:56:57.0851 6992 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys 07:56:57.0897 6992 CNG - ok 07:56:57.0929 6992 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 07:56:57.0944 6992 Compbatt - ok 07:56:57.0975 6992 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 07:56:58.0007 6992 CompositeBus - ok 07:56:58.0022 6992 COMSysApp - ok 07:56:58.0053 6992 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 07:56:58.0069 6992 crcdisk - ok 07:56:58.0131 6992 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 07:56:58.0194 6992 CryptSvc - ok 07:56:58.0241 6992 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 07:56:58.0350 6992 DcomLaunch - ok 07:56:58.0397 6992 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 07:56:58.0459 6992 defragsvc - ok 07:56:58.0475 6992 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 07:56:58.0537 6992 DfsC - ok 07:56:58.0568 6992 dgderdrv - ok 07:56:58.0646 6992 [ B575C523F537F24D66D31F8877E6BCAB ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 07:56:58.0677 6992 dg_ssudbus - ok 07:56:58.0724 6992 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 07:56:58.0787 6992 Dhcp - ok 07:56:58.0802 6992 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 07:56:58.0865 6992 discache - ok 07:56:58.0911 6992 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 07:56:58.0927 6992 Disk - ok 07:56:58.0958 6992 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 07:56:59.0021 6992 Dnscache - ok 07:56:59.0036 6992 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 07:56:59.0114 6992 dot3svc - ok 07:56:59.0145 6992 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 07:56:59.0223 6992 DPS - ok 07:56:59.0255 6992 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 07:56:59.0301 6992 drmkaud - ok 07:56:59.0333 6992 [ FF7A7A1E0F9A0AB892A454FFB9D14BBE ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys 07:56:59.0364 6992 DVMIO - ok 07:56:59.0457 6992 [ 22910DCFC77AD946AA7D7DE2DD4224D0 ] DvmMDES C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe 07:56:59.0504 6992 DvmMDES - ok 07:56:59.0551 6992 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 07:56:59.0582 6992 DXGKrnl - ok 07:56:59.0613 6992 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 07:56:59.0676 6992 EapHost - ok 07:56:59.0769 6992 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 07:56:59.0863 6992 ebdrv - ok 07:56:59.0894 6992 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 07:56:59.0957 6992 EFS - ok 07:57:00.0019 6992 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 07:57:00.0081 6992 ehRecvr - ok 07:57:00.0128 6992 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 07:57:00.0191 6992 ehSched - ok 07:57:00.0237 6992 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 07:57:00.0284 6992 elxstor - ok 07:57:00.0315 6992 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 07:57:00.0347 6992 ErrDev - ok 07:57:00.0409 6992 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 07:57:00.0471 6992 EventSystem - ok 07:57:00.0503 6992 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 07:57:00.0565 6992 exfat - ok 07:57:00.0612 6992 [ CA793DCC1D5F619021EF1D37CC7A831E ] ezSharedSvc C:\Windows\System32\ezSharedSvcHost.exe 07:57:00.0659 6992 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning 07:57:00.0659 6992 ezSharedSvc - detected UnsignedFile.Multi.Generic (1) 07:57:00.0705 6992 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 07:57:00.0768 6992 fastfat - ok 07:57:00.0815 6992 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 07:57:00.0877 6992 Fax - ok 07:57:00.0908 6992 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 07:57:00.0939 6992 fdc - ok 07:57:00.0971 6992 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 07:57:01.0033 6992 fdPHost - ok 07:57:01.0033 6992 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 07:57:01.0095 6992 FDResPub - ok 07:57:01.0127 6992 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 07:57:01.0158 6992 FileInfo - ok 07:57:01.0173 6992 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 07:57:01.0220 6992 Filetrace - ok 07:57:01.0314 6992 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 07:57:01.0345 6992 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 07:57:01.0345 6992 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 07:57:01.0361 6992 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 07:57:01.0407 6992 flpydisk - ok 07:57:01.0439 6992 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 07:57:01.0470 6992 FltMgr - ok 07:57:01.0532 6992 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 07:57:01.0595 6992 FontCache - ok 07:57:01.0657 6992 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 07:57:01.0688 6992 FontCache3.0.0.0 - ok 07:57:01.0719 6992 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 07:57:01.0735 6992 FsDepends - ok 07:57:01.0766 6992 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS 07:57:01.0797 6992 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 07:57:01.0797 6992 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 07:57:01.0860 6992 [ 0796C1E47ADB9825269E64B9DAB4E741 ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe 07:57:01.0907 6992 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning 07:57:01.0907 6992 FsUsbExService - detected UnsignedFile.Multi.Generic (1) 07:57:01.0938 6992 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 07:57:01.0953 6992 Fs_Rec - ok 07:57:02.0000 6992 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 07:57:02.0031 6992 fvevol - ok 07:57:02.0063 6992 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 07:57:02.0094 6992 gagp30kx - ok 07:57:02.0156 6992 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe 07:57:02.0172 6992 GamesAppService - ok 07:57:02.0219 6992 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 07:57:02.0297 6992 gpsvc - ok 07:57:02.0406 6992 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 07:57:02.0453 6992 gupdate - ok 07:57:02.0468 6992 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 07:57:02.0484 6992 gupdatem - ok 07:57:02.0515 6992 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 07:57:02.0546 6992 gusvc - ok 07:57:02.0577 6992 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 07:57:02.0655 6992 hcw85cir - ok 07:57:02.0687 6992 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 07:57:02.0749 6992 HdAudAddService - ok 07:57:02.0780 6992 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 07:57:02.0811 6992 HDAudBus - ok 07:57:02.0843 6992 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 07:57:02.0874 6992 HidBatt - ok 07:57:02.0905 6992 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 07:57:02.0952 6992 HidBth - ok 07:57:02.0983 6992 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 07:57:03.0014 6992 HidIr - ok 07:57:03.0045 6992 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll 07:57:03.0108 6992 hidserv - ok 07:57:03.0155 6992 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 07:57:03.0186 6992 HidUsb - ok 07:57:03.0217 6992 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 07:57:03.0279 6992 hkmsvc - ok 07:57:03.0326 6992 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 07:57:03.0389 6992 HomeGroupListener - ok 07:57:03.0404 6992 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 07:57:03.0435 6992 HomeGroupProvider - ok 07:57:03.0513 6992 [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 07:57:03.0529 6992 HP Health Check Service - ok 07:57:03.0591 6992 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe 07:57:03.0623 6992 HP Wireless Assistant Service - ok 07:57:03.0654 6992 [ CDC21913A2564DF9CBAC38A57DC19202 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 07:57:03.0669 6992 HPClientSvc - ok 07:57:03.0716 6992 [ F55442690A70A0278A7EED4FAAEBF576 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe 07:57:03.0747 6992 HPDrvMntSvc.exe - ok 07:57:03.0763 6992 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 07:57:03.0794 6992 hpdskflt - ok 07:57:03.0825 6992 [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 07:57:03.0872 6992 hpqwmiex - ok 07:57:03.0919 6992 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 07:57:03.0935 6992 HpSAMD - ok 07:57:03.0966 6992 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\Windows\system32\Hpservice.exe 07:57:03.0981 6992 hpsrv - ok 07:57:04.0028 6992 [ 760D9B546AB3EC551D7827C88C026194 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 07:57:04.0059 6992 HPWMISVC - ok 07:57:04.0106 6992 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 07:57:04.0153 6992 HTTP - ok 07:57:04.0184 6992 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 07:57:04.0215 6992 hwpolicy - ok 07:57:04.0247 6992 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 07:57:04.0278 6992 i8042prt - ok 07:57:04.0309 6992 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 07:57:04.0340 6992 iaStorV - ok 07:57:04.0403 6992 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 07:57:04.0449 6992 idsvc - ok 07:57:04.0590 6992 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 07:57:04.0730 6992 igfx - ok 07:57:04.0761 6992 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 07:57:04.0793 6992 iirsp - ok 07:57:04.0839 6992 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 07:57:04.0917 6992 IKEEXT - ok 07:57:04.0964 6992 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 07:57:04.0980 6992 intelide - ok 07:57:05.0027 6992 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 07:57:05.0042 6992 intelppm - ok 07:57:05.0073 6992 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 07:57:05.0151 6992 IPBusEnum - ok 07:57:05.0167 6992 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 07:57:05.0229 6992 IpFilterDriver - ok 07:57:05.0261 6992 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 07:57:05.0354 6992 iphlpsvc - ok 07:57:05.0385 6992 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 07:57:05.0417 6992 IPMIDRV - ok 07:57:05.0463 6992 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 07:57:05.0510 6992 IPNAT - ok 07:57:05.0541 6992 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 07:57:05.0588 6992 IRENUM - ok 07:57:05.0619 6992 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 07:57:05.0635 6992 isapnp - ok 07:57:05.0666 6992 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 07:57:05.0697 6992 iScsiPrt - ok 07:57:05.0713 6992 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 07:57:05.0744 6992 kbdclass - ok 07:57:05.0775 6992 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 07:57:05.0807 6992 kbdhid - ok 07:57:05.0822 6992 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 07:57:05.0853 6992 KeyIso - ok 07:57:05.0885 6992 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 07:57:05.0916 6992 KSecDD - ok 07:57:05.0947 6992 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 07:57:05.0978 6992 KSecPkg - ok 07:57:06.0009 6992 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 07:57:06.0072 6992 KtmRm - ok 07:57:06.0103 6992 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll 07:57:06.0181 6992 LanmanServer - ok 07:57:06.0212 6992 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 07:57:06.0275 6992 LanmanWorkstation - ok 07:57:06.0337 6992 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 07:57:06.0384 6992 lltdio - ok 07:57:06.0399 6992 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 07:57:06.0477 6992 lltdsvc - ok 07:57:06.0493 6992 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 07:57:06.0555 6992 lmhosts - ok 07:57:06.0602 6992 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 07:57:06.0633 6992 LSI_FC - ok 07:57:06.0665 6992 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 07:57:06.0680 6992 LSI_SAS - ok 07:57:06.0711 6992 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 07:57:06.0743 6992 LSI_SAS2 - ok 07:57:06.0774 6992 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 07:57:06.0805 6992 LSI_SCSI - ok 07:57:06.0836 6992 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 07:57:06.0883 6992 luafv - ok 07:57:06.0945 6992 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\drivers\massfilter.sys 07:57:06.0992 6992 massfilter - ok 07:57:07.0023 6992 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 07:57:07.0055 6992 Mcx2Svc - ok 07:57:07.0070 6992 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 07:57:07.0101 6992 megasas - ok 07:57:07.0133 6992 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 07:57:07.0164 6992 MegaSR - ok 07:57:07.0195 6992 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 07:57:07.0257 6992 MMCSS - ok 07:57:07.0273 6992 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 07:57:07.0351 6992 Modem - ok 07:57:07.0382 6992 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 07:57:07.0429 6992 monitor - ok 07:57:07.0445 6992 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 07:57:07.0476 6992 mouclass - ok 07:57:07.0491 6992 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 07:57:07.0538 6992 mouhid - ok 07:57:07.0585 6992 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 07:57:07.0616 6992 mountmgr - ok 07:57:07.0632 6992 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 07:57:07.0663 6992 mpio - ok 07:57:07.0679 6992 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 07:57:07.0741 6992 mpsdrv - ok 07:57:07.0788 6992 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 07:57:07.0850 6992 MpsSvc - ok 07:57:07.0881 6992 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 07:57:07.0928 6992 MRxDAV - ok 07:57:07.0944 6992 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 07:57:08.0006 6992 mrxsmb - ok 07:57:08.0037 6992 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 07:57:08.0084 6992 mrxsmb10 - ok 07:57:08.0100 6992 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 07:57:08.0131 6992 mrxsmb20 - ok 07:57:08.0162 6992 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 07:57:08.0193 6992 msahci - ok 07:57:08.0209 6992 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 07:57:08.0240 6992 msdsm - ok 07:57:08.0256 6992 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 07:57:08.0303 6992 MSDTC - ok 07:57:08.0349 6992 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 07:57:08.0396 6992 Msfs - ok 07:57:08.0412 6992 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 07:57:08.0474 6992 mshidkmdf - ok 07:57:08.0490 6992 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 07:57:08.0521 6992 msisadrv - ok 07:57:08.0552 6992 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 07:57:08.0615 6992 MSiSCSI - ok 07:57:08.0630 6992 msiserver - ok 07:57:08.0661 6992 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 07:57:08.0724 6992 MSKSSRV - ok 07:57:08.0739 6992 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 07:57:08.0802 6992 MSPCLOCK - ok 07:57:08.0817 6992 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 07:57:08.0864 6992 MSPQM - ok 07:57:08.0880 6992 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 07:57:08.0911 6992 MsRPC - ok 07:57:08.0942 6992 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 07:57:08.0973 6992 mssmbios - ok 07:57:08.0989 6992 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 07:57:09.0036 6992 MSTEE - ok 07:57:09.0067 6992 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 07:57:09.0098 6992 MTConfig - ok 07:57:09.0098 6992 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 07:57:09.0129 6992 Mup - ok 07:57:09.0161 6992 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 07:57:09.0223 6992 napagent - ok 07:57:09.0254 6992 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 07:57:09.0285 6992 NativeWifiP - ok 07:57:09.0332 6992 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 07:57:09.0379 6992 NDIS - ok 07:57:09.0395 6992 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 07:57:09.0457 6992 NdisCap - ok 07:57:09.0488 6992 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 07:57:09.0551 6992 NdisTapi - ok 07:57:09.0582 6992 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 07:57:09.0644 6992 Ndisuio - ok 07:57:09.0691 6992 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 07:57:09.0753 6992 NdisWan - ok 07:57:09.0800 6992 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 07:57:09.0847 6992 NDProxy - ok 07:57:09.0878 6992 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 07:57:09.0941 6992 NetBIOS - ok 07:57:09.0972 6992 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 07:57:10.0034 6992 NetBT - ok 07:57:10.0065 6992 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 07:57:10.0097 6992 Netlogon - ok 07:57:10.0128 6992 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 07:57:10.0190 6992 Netman - ok 07:57:10.0221 6992 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 07:57:10.0284 6992 netprofm - ok 07:57:10.0331 6992 [ 9E8C8625432FE5F81F9DF9D353340292 ] netr28 C:\Windows\system32\DRIVERS\netr28.sys 07:57:10.0377 6992 netr28 - ok 07:57:10.0393 6992 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 07:57:10.0424 6992 NetTcpPortSharing - ok 07:57:10.0533 6992 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys 07:57:10.0658 6992 netw5v32 - ok 07:57:10.0705 6992 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 07:57:10.0721 6992 nfrd960 - ok 07:57:10.0767 6992 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 07:57:10.0799 6992 NlaSvc - ok 07:57:10.0830 6992 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 07:57:10.0892 6992 Npfs - ok 07:57:10.0923 6992 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 07:57:10.0970 6992 nsi - ok 07:57:10.0986 6992 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 07:57:11.0064 6992 nsiproxy - ok 07:57:11.0126 6992 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 07:57:11.0173 6992 Ntfs - ok 07:57:11.0189 6992 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 07:57:11.0251 6992 Null - ok 07:57:11.0282 6992 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 07:57:11.0313 6992 nvraid - ok 07:57:11.0329 6992 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 07:57:11.0360 6992 nvstor - ok 07:57:11.0391 6992 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 07:57:11.0407 6992 nv_agp - ok 07:57:11.0485 6992 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 07:57:11.0516 6992 odserv - ok 07:57:11.0547 6992 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 07:57:11.0579 6992 ohci1394 - ok 07:57:11.0610 6992 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 07:57:11.0641 6992 ose - ok 07:57:11.0688 6992 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 07:57:11.0750 6992 p2pimsvc - ok 07:57:11.0766 6992 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 07:57:11.0813 6992 p2psvc - ok 07:57:11.0844 6992 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 07:57:11.0875 6992 Parport - ok 07:57:11.0906 6992 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 07:57:11.0937 6992 partmgr - ok 07:57:11.0969 6992 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 07:57:12.0000 6992 Parvdm - ok 07:57:12.0031 6992 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 07:57:12.0062 6992 PcaSvc - ok 07:57:12.0093 6992 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 07:57:12.0109 6992 pci - ok 07:57:12.0140 6992 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 07:57:12.0171 6992 pciide - ok 07:57:12.0203 6992 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 07:57:12.0218 6992 pcmcia - ok 07:57:12.0249 6992 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 07:57:12.0281 6992 pcw - ok 07:57:12.0312 6992 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 07:57:12.0390 6992 PEAUTH - ok 07:57:12.0468 6992 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 07:57:12.0577 6992 pla - ok 07:57:12.0608 6992 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 07:57:12.0655 6992 PlugPlay - ok 07:57:12.0686 6992 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 07:57:12.0717 6992 PNRPAutoReg - ok 07:57:12.0749 6992 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 07:57:12.0780 6992 PNRPsvc - ok 07:57:12.0811 6992 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 07:57:12.0889 6992 PolicyAgent - ok 07:57:12.0936 6992 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 07:57:12.0983 6992 Power - ok 07:57:13.0014 6992 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 07:57:13.0076 6992 PptpMiniport - ok 07:57:13.0107 6992 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 07:57:13.0139 6992 Processor - ok 07:57:13.0170 6992 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 07:57:13.0217 6992 ProfSvc - ok 07:57:13.0248 6992 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 07:57:13.0279 6992 ProtectedStorage - ok 07:57:13.0310 6992 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 07:57:13.0373 6992 Psched - ok 07:57:13.0404 6992 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 07:57:13.0482 6992 ql2300 - ok 07:57:13.0513 6992 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 07:57:13.0529 6992 ql40xx - ok 07:57:13.0560 6992 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 07:57:13.0607 6992 QWAVE - ok 07:57:13.0622 6992 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 07:57:13.0653 6992 QWAVEdrv - ok 07:57:13.0716 6992 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 07:57:13.0747 6992 RapiMgr - ok 07:57:13.0763 6992 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 07:57:13.0825 6992 RasAcd - ok 07:57:13.0841 6992 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 07:57:13.0903 6992 RasAgileVpn - ok 07:57:13.0919 6992 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 07:57:13.0981 6992 RasAuto - ok 07:57:13.0997 6992 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 07:57:14.0059 6992 Rasl2tp - ok 07:57:14.0106 6992 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 07:57:14.0184 6992 RasMan - ok 07:57:14.0199 6992 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 07:57:14.0246 6992 RasPppoe - ok 07:57:14.0277 6992 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 07:57:14.0340 6992 RasSstp - ok 07:57:14.0355 6992 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 07:57:14.0433 6992 rdbss - ok 07:57:14.0449 6992 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 07:57:14.0496 6992 rdpbus - ok 07:57:14.0527 6992 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 07:57:14.0589 6992 RDPCDD - ok 07:57:14.0621 6992 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 07:57:14.0667 6992 RDPENCDD - ok 07:57:14.0683 6992 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 07:57:14.0745 6992 RDPREFMP - ok 07:57:14.0792 6992 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 07:57:14.0855 6992 RdpVideoMiniport - ok 07:57:14.0886 6992 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 07:57:14.0948 6992 RDPWD - ok 07:57:14.0979 6992 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 07:57:15.0011 6992 rdyboost - ok 07:57:15.0042 6992 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 07:57:15.0104 6992 RemoteAccess - ok 07:57:15.0135 6992 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 07:57:15.0198 6992 RemoteRegistry - ok 07:57:15.0229 6992 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 07:57:15.0276 6992 RFCOMM - ok 07:57:15.0307 6992 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 07:57:15.0369 6992 RpcEptMapper - ok 07:57:15.0401 6992 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 07:57:15.0432 6992 RpcLocator - ok 07:57:15.0463 6992 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 07:57:15.0525 6992 RpcSs - ok 07:57:15.0557 6992 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 07:57:15.0619 6992 rspndr - ok 07:57:15.0666 6992 [ B38E89386993E69A959B941561F3E5F3 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 07:57:15.0681 6992 RSUSBSTOR - ok 07:57:15.0697 6992 [ 52A5332B280A2E80A92ABCD2140A62E8 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 07:57:15.0728 6992 RTL8167 - ok 07:57:15.0759 6992 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 07:57:15.0775 6992 SamSs - ok 07:57:15.0806 6992 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 07:57:15.0822 6992 sbp2port - ok 07:57:15.0853 6992 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 07:57:15.0931 6992 SCardSvr - ok 07:57:15.0947 6992 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 07:57:16.0009 6992 scfilter - ok 07:57:16.0056 6992 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 07:57:16.0134 6992 Schedule - ok 07:57:16.0149 6992 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 07:57:16.0212 6992 SCPolicySvc - ok 07:57:16.0243 6992 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys 07:57:16.0290 6992 sdbus - ok 07:57:16.0305 6992 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 07:57:16.0368 6992 SDRSVC - ok 07:57:16.0399 6992 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 07:57:16.0461 6992 secdrv - ok 07:57:16.0493 6992 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 07:57:16.0555 6992 seclogon - ok 07:57:16.0586 6992 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll 07:57:16.0649 6992 SENS - ok 07:57:16.0680 6992 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 07:57:16.0727 6992 SensrSvc - ok 07:57:16.0758 6992 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 07:57:16.0789 6992 Serenum - ok 07:57:16.0851 6992 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 07:57:16.0883 6992 Serial - ok 07:57:16.0914 6992 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 07:57:16.0961 6992 sermouse - ok 07:57:17.0007 6992 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 07:57:17.0070 6992 SessionEnv - ok 07:57:17.0101 6992 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 07:57:17.0148 6992 sffdisk - ok 07:57:17.0163 6992 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 07:57:17.0195 6992 sffp_mmc - ok 07:57:17.0210 6992 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 07:57:17.0241 6992 sffp_sd - ok 07:57:17.0257 6992 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 07:57:17.0288 6992 sfloppy - ok 07:57:17.0319 6992 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 07:57:17.0397 6992 SharedAccess - ok 07:57:17.0429 6992 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 07:57:17.0507 6992 ShellHWDetection - ok 07:57:17.0522 6992 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 07:57:17.0553 6992 sisagp - ok 07:57:17.0585 6992 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 07:57:17.0616 6992 SiSRaid2 - ok 07:57:17.0631 6992 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 07:57:17.0663 6992 SiSRaid4 - ok 07:57:17.0725 6992 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 07:57:17.0741 6992 SkypeUpdate - ok 07:57:17.0787 6992 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 07:57:17.0834 6992 Smb - ok 07:57:17.0881 6992 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 07:57:17.0912 6992 SNMPTRAP - ok 07:57:17.0928 6992 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 07:57:17.0943 6992 spldr - ok 07:57:17.0990 6992 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 07:57:18.0053 6992 Spooler - ok 07:57:18.0146 6992 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 07:57:18.0255 6992 sppsvc - ok 07:57:18.0287 6992 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 07:57:18.0365 6992 sppuinotify - ok 07:57:18.0396 6992 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 07:57:18.0443 6992 srv - ok 07:57:18.0458 6992 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 07:57:18.0505 6992 srv2 - ok 07:57:18.0552 6992 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS 07:57:18.0614 6992 SrvHsfHDA - ok 07:57:18.0645 6992 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 07:57:18.0692 6992 SrvHsfV92 - ok 07:57:18.0723 6992 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 07:57:18.0770 6992 SrvHsfWinac - ok 07:57:18.0801 6992 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 07:57:18.0848 6992 srvnet - ok 07:57:18.0879 6992 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 07:57:18.0926 6992 SSDPSRV - ok 07:57:18.0973 6992 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 07:57:18.0989 6992 ssmdrv - ok 07:57:19.0035 6992 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys 07:57:19.0051 6992 SSPORT ( UnsignedFile.Multi.Generic ) - warning 07:57:19.0051 6992 SSPORT - detected UnsignedFile.Multi.Generic (1) 07:57:19.0067 6992 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 07:57:19.0129 6992 SstpSvc - ok 07:57:19.0176 6992 [ CA22092117F4F8BA3700B4BF9962444A ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 07:57:19.0207 6992 ssudmdm - ok 07:57:19.0238 6992 [ 502A44A06086B6CC9E119BCEEF77344C ] STacSV C:\Program Files\IDT\WDM\STacSV.exe 07:57:19.0285 6992 STacSV - ok 07:57:19.0316 6992 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 07:57:19.0332 6992 stexstor - ok 07:57:19.0363 6992 [ 965D9D71056BF62A11132E0517149070 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys 07:57:19.0410 6992 STHDA - ok 07:57:19.0472 6992 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 07:57:19.0519 6992 StiSvc - ok 07:57:19.0550 6992 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 07:57:19.0566 6992 swenum - ok 07:57:19.0597 6992 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 07:57:19.0659 6992 swprv - ok 07:57:19.0706 6992 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 07:57:19.0737 6992 SynTP - ok 07:57:19.0784 6992 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 07:57:19.0847 6992 SysMain - ok 07:57:19.0878 6992 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 07:57:19.0909 6992 TabletInputService - ok 07:57:19.0940 6992 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 07:57:20.0003 6992 TapiSrv - ok 07:57:20.0049 6992 [ D7F411C5AF992BB44E86083A6AA7B045 ] tbhsd C:\Windows\system32\drivers\tbhsd.sys 07:57:20.0081 6992 tbhsd - ok 07:57:20.0112 6992 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 07:57:20.0174 6992 TBS - ok 07:57:20.0237 6992 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 07:57:20.0299 6992 Tcpip - ok 07:57:20.0330 6992 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 07:57:20.0393 6992 TCPIP6 - ok 07:57:20.0424 6992 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 07:57:20.0455 6992 tcpipreg - ok 07:57:20.0486 6992 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 07:57:20.0533 6992 TDPIPE - ok 07:57:20.0564 6992 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 07:57:20.0595 6992 TDTCP - ok 07:57:20.0642 6992 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 07:57:20.0705 6992 tdx - ok 07:57:20.0720 6992 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 07:57:20.0751 6992 TermDD - ok 07:57:20.0783 6992 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 07:57:20.0845 6992 TermService - ok 07:57:20.0876 6992 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 07:57:20.0923 6992 Themes - ok 07:57:20.0954 6992 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 07:57:21.0001 6992 THREADORDER - ok 07:57:21.0032 6992 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 07:57:21.0095 6992 TrkWks - ok 07:57:21.0141 6992 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 07:57:21.0204 6992 TrustedInstaller - ok 07:57:21.0235 6992 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 07:57:21.0297 6992 tssecsrv - ok 07:57:21.0329 6992 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 07:57:21.0375 6992 TsUsbFlt - ok 07:57:21.0422 6992 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 07:57:21.0485 6992 tunnel - ok 07:57:21.0516 6992 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 07:57:21.0531 6992 uagp35 - ok 07:57:21.0563 6992 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 07:57:21.0641 6992 udfs - ok 07:57:21.0687 6992 [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files\1&1 Surf-Stick\AssistantServices.exe 07:57:21.0719 6992 UI Assistant Service - ok 07:57:21.0750 6992 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 07:57:21.0781 6992 UI0Detect - ok 07:57:21.0828 6992 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 07:57:21.0843 6992 uliagpkx - ok 07:57:21.0875 6992 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 07:57:21.0890 6992 umbus - ok 07:57:21.0922 6992 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 07:57:21.0953 6992 UmPass - ok 07:57:21.0984 6992 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 07:57:22.0046 6992 upnphost - ok 07:57:22.0078 6992 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 07:57:22.0140 6992 usbccgp - ok 07:57:22.0171 6992 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 07:57:22.0202 6992 usbcir - ok 07:57:22.0234 6992 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 07:57:22.0249 6992 usbehci - ok 07:57:22.0280 6992 [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 07:57:22.0312 6992 usbfilter - ok 07:57:22.0327 6992 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 07:57:22.0374 6992 usbhub - ok 07:57:22.0390 6992 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 07:57:22.0421 6992 usbohci - ok 07:57:22.0468 6992 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 07:57:22.0499 6992 usbprint - ok 07:57:22.0530 6992 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 07:57:22.0592 6992 USBSTOR - ok 07:57:22.0608 6992 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 07:57:22.0639 6992 usbuhci - ok 07:57:22.0670 6992 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 07:57:22.0702 6992 usbvideo - ok 07:57:22.0748 6992 [ AF77716205C97E902E6C5B78DECE2CCA ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys 07:57:22.0780 6992 usb_rndisx - ok 07:57:22.0811 6992 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 07:57:22.0904 6992 UxSms - ok 07:57:22.0920 6992 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 07:57:22.0951 6992 VaultSvc - ok 07:57:22.0967 6992 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 07:57:22.0998 6992 vdrvroot - ok 07:57:23.0045 6992 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 07:57:23.0107 6992 vds - ok 07:57:23.0154 6992 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 07:57:23.0170 6992 vga - ok 07:57:23.0185 6992 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 07:57:23.0248 6992 VgaSave - ok 07:57:23.0279 6992 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 07:57:23.0310 6992 vhdmp - ok 07:57:23.0326 6992 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 07:57:23.0357 6992 viaagp - ok 07:57:23.0388 6992 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 07:57:23.0419 6992 ViaC7 - ok 07:57:23.0435 6992 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 07:57:23.0466 6992 viaide - ok 07:57:23.0482 6992 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 07:57:23.0497 6992 volmgr - ok 07:57:23.0513 6992 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 07:57:23.0560 6992 volmgrx - ok 07:57:23.0575 6992 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 07:57:23.0606 6992 volsnap - ok 07:57:23.0638 6992 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 07:57:23.0653 6992 vsmraid - ok 07:57:23.0716 6992 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 07:57:23.0809 6992 VSS - ok 07:57:23.0825 6992 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 07:57:23.0872 6992 vwifibus - ok 07:57:23.0903 6992 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 07:57:23.0934 6992 vwififlt - ok 07:57:23.0950 6992 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 07:57:23.0996 6992 vwifimp - ok 07:57:24.0043 6992 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 07:57:24.0106 6992 W32Time - ok 07:57:24.0137 6992 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 07:57:24.0168 6992 WacomPen - ok 07:57:24.0199 6992 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 07:57:24.0262 6992 WANARP - ok 07:57:24.0262 6992 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 07:57:24.0324 6992 Wanarpv6 - ok 07:57:24.0355 6992 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 07:57:24.0433 6992 wbengine - ok 07:57:24.0464 6992 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 07:57:24.0496 6992 WbioSrvc - ok 07:57:24.0542 6992 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 07:57:24.0574 6992 WcesComm - ok 07:57:24.0605 6992 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 07:57:24.0652 6992 wcncsvc - ok 07:57:24.0667 6992 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 07:57:24.0714 6992 WcsPlugInService - ok 07:57:24.0745 6992 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 07:57:24.0761 6992 Wd - ok 07:57:24.0808 6992 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 07:57:24.0854 6992 Wdf01000 - ok 07:57:24.0870 6992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 07:57:24.0948 6992 WdiServiceHost - ok 07:57:24.0948 6992 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 07:57:24.0979 6992 WdiSystemHost - ok 07:57:25.0026 6992 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 07:57:25.0057 6992 WebClient - ok 07:57:25.0104 6992 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 07:57:25.0151 6992 Wecsvc - ok 07:57:25.0182 6992 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 07:57:25.0244 6992 wercplsupport - ok 07:57:25.0276 6992 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 07:57:25.0354 6992 WerSvc - ok 07:57:25.0385 6992 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 07:57:25.0432 6992 WfpLwf - ok 07:57:25.0447 6992 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 07:57:25.0478 6992 WIMMount - ok 07:57:25.0541 6992 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 07:57:25.0588 6992 WinDefend - ok 07:57:25.0619 6992 WinHttpAutoProxySvc - ok 07:57:25.0681 6992 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 07:57:25.0744 6992 Winmgmt - ok 07:57:25.0790 6992 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 07:57:25.0884 6992 WinRM - ok 07:57:25.0931 6992 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 07:57:25.0978 6992 WinUsb - ok 07:57:26.0009 6992 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 07:57:26.0087 6992 Wlansvc - ok 07:57:26.0196 6992 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 07:57:26.0274 6992 wlidsvc - ok 07:57:26.0305 6992 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 07:57:26.0352 6992 WmiAcpi - ok 07:57:26.0383 6992 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 07:57:26.0430 6992 wmiApSrv - ok 07:57:26.0508 6992 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 07:57:26.0602 6992 WMPNetworkSvc - ok 07:57:26.0633 6992 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 07:57:26.0695 6992 WPCSvc - ok 07:57:26.0726 6992 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 07:57:26.0789 6992 WPDBusEnum - ok 07:57:26.0820 6992 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 07:57:26.0882 6992 ws2ifsl - ok 07:57:26.0914 6992 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll 07:57:26.0960 6992 wscsvc - ok 07:57:26.0976 6992 WSearch - ok 07:57:27.0038 6992 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 07:57:27.0132 6992 wuauserv - ok 07:57:27.0163 6992 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 07:57:27.0210 6992 WudfPf - ok 07:57:27.0241 6992 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 07:57:27.0288 6992 WUDFRd - ok 07:57:27.0335 6992 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 07:57:27.0366 6992 wudfsvc - ok 07:57:27.0397 6992 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll 07:57:27.0460 6992 WwanSvc - ok 07:57:27.0506 6992 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys 07:57:27.0538 6992 yukonw7 - ok 07:57:27.0584 6992 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 07:57:27.0631 6992 ZTEusbmdm6k - ok 07:57:27.0647 6992 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 07:57:27.0678 6992 ZTEusbnmea - ok 07:57:27.0694 6992 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 07:57:27.0709 6992 ZTEusbser6k - ok 07:57:27.0756 6992 ================ Scan global =============================== 07:57:27.0787 6992 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 07:57:27.0818 6992 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 07:57:27.0834 6992 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 07:57:27.0865 6992 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 07:57:27.0881 6992 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 07:57:27.0881 6992 [Global] - ok 07:57:27.0896 6992 ================ Scan MBR ================================== 07:57:27.0896 6992 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 07:57:28.0286 6992 \Device\Harddisk0\DR0 - ok 07:57:28.0286 6992 ================ Scan VBR ================================== 07:57:28.0286 6992 [ C6116B5FB2B5F427BD2C7D1B300761D5 ] \Device\Harddisk0\DR0\Partition1 07:57:28.0286 6992 \Device\Harddisk0\DR0\Partition1 - ok 07:57:28.0318 6992 [ EE4638E8E422CE0DCA83CE5CCA3F7E3F ] \Device\Harddisk0\DR0\Partition2 07:57:28.0333 6992 \Device\Harddisk0\DR0\Partition2 - ok 07:57:28.0349 6992 [ A0D2800E79FB5D87E041A9E5A41226A2 ] \Device\Harddisk0\DR0\Partition3 07:57:28.0349 6992 \Device\Harddisk0\DR0\Partition3 - ok 07:57:28.0380 6992 [ C0B578EE4F51CC2DB2BD489E529ECF11 ] \Device\Harddisk0\DR0\Partition4 07:57:28.0380 6992 \Device\Harddisk0\DR0\Partition4 - ok 07:57:28.0380 6992 ============================================================ 07:57:28.0380 6992 Scan finished 07:57:28.0380 6992 ============================================================ 07:57:28.0396 6468 Detected object count: 5 07:57:28.0396 6468 Actual detected object count: 5 07:57:43.0652 6468 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user 07:57:43.0652 6468 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:57:43.0652 6468 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 07:57:43.0652 6468 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:57:43.0668 6468 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 07:57:43.0668 6468 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:57:43.0668 6468 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user 07:57:43.0668 6468 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:57:43.0668 6468 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user 07:57:43.0668 6468 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip |
22.05.2013, 08:16 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
22.05.2013, 19:04 | #15 |
| Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an Hallo Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x86 Ran by Oliver on 22.05.2013 at 18:53:41,49 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B? Val Name Type Value Data ======== ==== ========== BTMTrayAgent REG_SZ rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3031778 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} ~~~ Files Successfully deleted: [File] "C:\Windows\system32\conduitengine.tmp" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\Users\Oliver\AppData\Roaming\dvdvideosoftiehelpers" Successfully deleted: [Folder] "C:\Users\Oliver\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Oliver\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Oliver\appdata\local\{80749BF8-046A-4043-83A9-8274F9BA77CC} Successfully deleted: [Empty Folder] C:\Users\Oliver\appdata\local\{B7C4C262-F82B-45F8-8AC7-1F517F3ED4E6} Successfully deleted: [Empty Folder] C:\Users\Oliver\appdata\local\{D3817B76-6FE8-4566-8EB9-10F4764EF740} Successfully deleted: [Empty Folder] C:\Users\Oliver\appdata\local\{DE3DC57B-37A0-4C71-8F47-722DD0ADFEBA} ~~~ FireFox Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 22.05.2013 at 18:56:58,97 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.301 - Datei am 22/05/2013 um 19:24:11 erstellt # Aktualisiert am 16/05/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : Oliver - NETBOOK # Bootmodus : Normal # Ausgeführt unter : C:\Users\Oliver\Desktop\Tojaner\9_adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : DvmMDES ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Katrin\Desktop\eBay.lnk Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Users\Oliver\AppData\Local\PackageAware ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\Software\DeviceVM Schlüssel Gelöscht : HKLM\Software\PIP ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v5.0 (de) Datei : C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\fus14huh.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1461 octets] - [22/05/2013 19:24:11] ########## EOF - C:\AdwCleaner[S1].txt - [1521 octets] ########## Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 19:33:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oliver\Desktop\Tojaner Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 62,41% Memory free 6,99 Gb Paging File | 5,44 Gb Available in Paging File | 77,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 446,84 Gb Total Space | 370,32 Gb Free Space | 82,88% Space Free | Partition Type: NTFS Drive D: | 18,62 Gb Total Space | 2,33 Gb Free Space | 12,49% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 90,89 Mb Free Space | 91,79% Space Free | Partition Type: FAT32 Computer Name: NETBOOK | User Name: Oliver | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09392DFE-57E6-4A47-83CB-841C776B4F89}" = lport=137 | protocol=17 | dir=in | app=system | "{0DCF2716-EAC4-4B30-A267-C600BCBBCD9F}" = lport=139 | protocol=6 | dir=in | app=system | "{24332EDA-FD03-48D7-A35E-B04376BF965F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{25CA2A87-41C5-43E2-AD41-C710D6EBF681}" = rport=445 | protocol=6 | dir=out | app=system | "{26F71287-FB88-4F05-B40F-A507CB87A081}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3367F160-98B6-4AC1-9295-D257C2540E0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{33ED3F6D-33BA-46F2-8958-E86E29A05D6A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{3495530D-0720-4CC3-AF3F-33090DA286E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{35C4B3EB-4418-440A-A5F6-4316237CD3E2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{443475FC-E0C7-4304-AE5C-7816464718B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4565D990-CEDD-4D65-8D63-E0FC5D3BECF5}" = rport=137 | protocol=17 | dir=out | app=system | "{4B2CCE4C-48FC-41F5-9D45-EDB5D20553B9}" = rport=139 | protocol=6 | dir=out | app=system | "{52C50114-7C14-407A-82F9-196F5E0B0705}" = lport=2869 | protocol=6 | dir=in | app=system | "{57A4467C-D607-425E-83E8-585EA041CD8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5A8A436A-A0E6-4913-B276-A68329974063}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6212E7B3-169B-46DA-948F-EEFD96E80E91}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{68C7FAC9-1111-4FA0-958E-473512E86CD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6EA3133E-D5F9-462F-8B3D-5EAF6FFF2D00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{99F4C7EC-E611-4DAF-BF76-B7ADDF5D7B57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{99F7041C-8E9B-449D-B5C4-954052779D94}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{9A5AB1CA-4F0F-491E-B21A-3E7141266562}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9D0EEC3B-B6C5-44CB-92CA-2C2556E6DA75}" = lport=138 | protocol=17 | dir=in | app=system | "{9E00B9AD-1EB1-4EF1-BD56-4F852550A878}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A7CAFD3D-45CB-4D65-89A7-ADAFBE98420C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AC20228C-E8AF-4E9C-A278-8F05206E919C}" = lport=10243 | protocol=6 | dir=in | app=system | "{AC99B9E8-321D-4E6C-997E-AFA90A1B704A}" = rport=10243 | protocol=6 | dir=out | app=system | "{B046F301-B1A9-482A-A682-C50B4325111B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B6DEFC95-AB98-403B-83C2-C7FF909AADB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BD95663D-AB9D-4CC8-8EF9-0C9F9C5BD168}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BF5CA24C-D243-4259-933D-F27B8881D1E0}" = lport=2869 | protocol=6 | dir=in | app=system | "{D6648CB7-2683-46A2-821B-4306E9428A9F}" = rport=138 | protocol=17 | dir=out | app=system | "{E06A07FB-099B-44CA-8E18-71F1BA242E53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E30DBC71-337D-4693-97C4-353BFEC1427F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EF70539A-7F3F-4583-A2FC-7B80ACEA0915}" = lport=445 | protocol=6 | dir=in | app=system | "{F4845DC0-03EB-4746-9E99-CAF405268E41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{037F0543-61F5-4BA5-A6D3-042F10F038AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0AD9BBF7-FBD8-4A52-B2A0-16D42B3C9D0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1CE04EB8-5E28-4E53-B972-02FA24B4BA51}" = protocol=6 | dir=in | app=c:\program files\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{246065F7-79CF-4CBB-9A13-E8BD97D05A81}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{268A6EBC-3466-4191-85C4-203B430CBC64}" = protocol=6 | dir=out | app=system | "{2AB6CAE6-4A8A-4155-B704-3FFA5D398474}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{371F2B0F-7A50-48DE-921B-F3FECE8E2550}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{373489D0-5CFB-4A5E-A0C4-EB03D30750E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3A52A4C5-5F6B-4B0C-9655-8CA625A60641}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr8.exe | "{4A2B07C2-1931-4117-BC26-8208F5C4C4D0}" = dir=out | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe | "{4C48FE45-7602-42A7-8DC3-6A7B4688AED7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{507A2EF4-BCB7-4BD2-AEDD-CA18062FF271}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{563FFA63-90B3-4886-AC58-D3B611872D63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{58D6E8CA-E690-4357-9A1C-23B9605AE9B5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | "{5F0B1E74-FC37-4F7C-AA98-D77B7E84BF8C}" = dir=in | app=c:\program files\hewlett-packard\hp clouddrive\zumodrive.exe | "{68B90767-810F-41B3-8B28-565A89E77013}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6D58F4A6-D610-4402-9B42-A90E98CD8220}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{723373B7-5623-4549-B33E-2DD7FBA5512A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{73D327A6-AE8D-4657-998F-1626A85A2299}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{78D88389-7D3E-4628-8F4D-EA64B677C92B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{800817C9-AE74-4017-8807-1AF6BDF9B0AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{811F99A2-DDEA-4AED-B243-ACF190203085}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8A9DAF19-8F6E-430C-919D-953E899F7F7E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{9ACE89DE-D9A6-4AE9-A046-91D6DFEA3DEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A7552B3E-C7AD-4883-8E5E-9E0AB292536F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{ADBC96DB-01FD-4A73-A305-168DBE473C45}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B13E4010-D835-4AB9-B955-44AEB3F86DF0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B356EA62-C026-478D-A6C2-419E0C7D09C3}" = dir=in | app=c:\program files\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe | "{BDEDAEC9-FB38-4B96-B98E-431A57FE7B10}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{C5FD9D1D-437A-405C-AE29-B96DAD65E8BB}" = dir=in | app=c:\program files\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe | "{CB1804E7-A131-403B-84C2-A39055E6E9C5}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | "{CEDB6547-B9AF-4382-8ACC-68025CD90F20}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D370891E-9D46-42C3-B643-4967DA815207}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E3399E08-2837-46E8-A92F-49A0F10B73B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E5FB13DD-3C40-4721-8CFC-0F1035095BDB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EA5285E7-3B47-424B-8DA6-E2866B8906C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F095A95D-D7EE-4222-98D6-EEA9FF58755F}" = protocol=17 | dir=in | app=c:\program files\easybits for kids\programs\my first browser\myfirstbrowser.exe | "{F81BAF36-5D12-49AB-9CEB-B69CD010792A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FABB5B7E-F4D2-4CC4-8EC2-150439E87B10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{62ACD3BA-E43F-46F5-B308-48FE5F734A06}C:\program files\cutesoft\netschafkopf\netschk.exe" = protocol=6 | dir=in | app=c:\program files\cutesoft\netschafkopf\netschk.exe | "TCP Query User{704FBB74-2511-45F9-B60B-26F6FC647786}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{BD849C66-E1E1-4163-8C28-5CC425C96DB1}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | "UDP Query User{127492C6-C6C4-4A4F-B54C-1754ABDBB8BB}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | "UDP Query User{510CA9C7-B260-4453-A2A2-7CFB973F951B}C:\program files\cutesoft\netschafkopf\netschk.exe" = protocol=17 | dir=in | app=c:\program files\cutesoft\netschafkopf\netschk.exe | "UDP Query User{F6263D23-7F24-4568-9FF0-B27FDCD1CA9D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B674336-6374-B29B-C5AF-C89E3CAB64A7}" = CCC Help Thai "{0BFF1302-ADE5-9EFB-C0B7-D5D31837C8EC}" = CCC Help Spanish "{0D9ADF08-1BAC-AD8D-BA31-BF575E7F1008}" = CCC Help Japanese "{14213933-B31D-0433-E903-963E06FE577E}" = AMD Fuel "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C8BEECD-87F4-44A6-B7F4-C738922B0C2E}" = HP Software Framework "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync "{214A5B65-5432-F3C2-BFF2-EA793713C463}" = CCC Help Hungarian "{21BA06AB-7619-F86C-3DCD-904860A8F57A}" = CCC Help Italian "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{26DC39B4-88B0-52AE-7FD7-9B50011F2DED}" = ATI Catalyst Install Manager "{28375E61-16A8-48E0-9BF5-07B313A001B8}" = HP Documentation "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{28C6DBD4-3B0A-0B96-6AC4-92B61D901DA7}" = Catalyst Control Center Localization All "{2B4C6DE8-AE91-743A-103D-22C0B183057B}" = CCC Help Czech "{2E076B90-57E0-97A8-0B58-436935683B15}" = CCC Help Russian "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{301AFE5D-74CB-DD97-CA3E-8CFA4B30D2F7}" = WMV9/VC-1 Video Playback "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2 "{3623E33A-6E9A-442F-9628-570C28E01EDF}" = HP 3D DriveGuard "{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer "{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre "{3D92520A-CA63-4CC8-BB4F-DE5E09E50E01}" = HP MediaSmart SmartMenu "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{467A5C10-8152-6FBA-03F5-2BE95B8A1B73}" = CCC Help Danish "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{50324109-3BD7-B267-E00E-7FD01CB88D43}" = CCC Help Portuguese "{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup "{54415FFC-4AB0-B66F-CC2A-C0A3CE1D002E}" = CCC Help Norwegian "{626B5918-B395-4B69-A06B-14C3EB1C3942}" = HP Quick Launch "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729C02AB-6C49-4DFB-8E48-680702F4836F}" = NetSchafkopf "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79AB1DC0-89B1-5125-8374-404AC780F32B}" = CCC Help English "{7C9B9A96-BF31-A19C-B517-1618A1E62A56}" = ccc-utility "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant "{A15FCAAF-6FA9-331F-BEBE-C4F49A2EAFED}" = CCC Help Dutch "{A3CDC601-4840-C0FE-702A-C898DF56B3CA}" = CCC Help French "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83540E9-9A19-434B-51FB-BD301000086F}" = Catalyst Control Center InstallProxy "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{BB253F06-91BA-34C4-5D40-6FA7F01CAEEC}" = CCC Help Korean "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{BDCCD186-DE1F-F443-62C2-C888AE111D74}" = CCC Help German "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{CE4A6D41-0094-C56C-26A3-AF8A16C6D459}" = Catalyst Control Center Profiles Mobile "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEB8DD3E-546A-77FE-AF2A-79F9088DE458}" = CCC Help Finnish "{CEE8C1C1-2C92-9CB3-8636-2080865E0BB2}" = CCC Help Greek "{D046F248-D151-CEB4-095D-CD10F66D1F56}" = CCC Help Swedish "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D782F0AC-8036-E194-1A97-3C3261378466}" = Catalyst Control Center Graphics Previews Common "{DF7141BA-7CAB-5488-CB92-986822210200}" = CCC Help Polish "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E74E7F63-E70F-43f2-873F-35FB66F263B2}" = MusicStation "{EA96FE3A-2D81-4AEE-6D74-A47BDA29C060}" = CCC Help Chinese Traditional "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF5B2C16-D640-8E94-DA95-B48A07F7C4D5}" = CCC Help Chinese Standard "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FCD89426-8409-2394-06EA-679DB494C68F}" = ccc-core-static "1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Ralink Motorola BC8 Bluetooth 3.0+HS Adapter "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Antivirus Premium "Digital Editions" = Adobe Digital Editions "EasyBits Magic Desktop" = Magic Desktop "ElsterFormular" = ElsterFormular "Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 9.04" = GPL Ghostscript "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Media Player - Codec Pack" = Media Player Codec Pack 4.0.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "PROPLUSR" = Microsoft Office Professional Plus 2007 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series "Simfy" = simfy "SynTPDeinstKey" = Synaptics Pointing Device Driver "Vereinfachte Ausgangsschrift VA_is1" = Pelikan Schulschriften "VLC media player" = VLC media player 2.0.3 "WildTangent hp Master Uninstall" = HP Games "WildTangent wildgames Master Uninstall" = WildTangent-Spiele "WinLiveSuite" = Windows Live Essentials "WT087330" = Bounce Symphony "WT087361" = FATE "WT087380" = John Deere Drive Green "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087480" = Insaniquarium Deluxe "WT087485" = Jewel Quest II "WT087490" = Jewel Quest Solitaire "WT087501" = Plants vs. Zombies "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue "WT089303" = Build-a-Lot - The Elizabethan Era "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089359" = Cake Mania "WT089362" = Agatha Christie - Peril at End House "WTA-19393a62-476d-42f1-a6c9-5745b00f4b84" = Bubble Shooter Premium Edition "WTA-35c303e1-f1aa-4e83-b860-6fb550a69783" = Bejeweled 3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18 ========== Last 20 Event Log Errors ========== [ Hewlett-Packard Events ] Error - 03.09.2011 16:50:53 | Computer Name = Netbook | Source = Hewlett-Packard | ID = 0 Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. HP.ActiveSupportLibrary bei HP.ActiveSupportLibrary.Issues.HPSFSession.?() Error - 27.10.2011 15:58:13 | Computer Name = Netbook | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101127095810.xml File not created by asset agent Error - 23.02.2012 16:20:11 | Computer Name = Netbook | Source = Hewlett-Packard | ID = 0 Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021223092008.xml File not created by asset agent [ HP Wireless Assistant Events ] Error - 28.06.2011 16:24:47 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei System.Management.ManagementBaseObject.get_Item(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 28.06.2011 16:24:52 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei System.Management.ManagementBaseObject.get_Item(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 28.06.2011 16:25:57 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei System.Management.ManagementBaseObject.get_Item(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 28.06.2011 16:26:02 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean getObject) bei System.Management.ManagementBaseObject.get_Properties() bei System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei System.Management.ManagementBaseObject.get_Item(String propertyName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 12.07.2011 10:41:17 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Management.ManagementException Unerwarteter Fehler bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 22.08.2011 02:26:05 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 19.11.2011 06:40:09 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 25.04.2012 15:27:02 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 20.05.2012 09:55:33 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Management.ManagementException Unerwarteter Fehler bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 17.09.2012 05:23:04 | Computer Name = Netbook | Source = HP WA Service | ID = 0 Description = System.Management.ManagementException Unerwarteter Fehler bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList() [ OSession Events ] Error - 30.06.2011 15:20:31 | Computer Name = Netbook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 30.06.2011 15:21:38 | Computer Name = Netbook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 13.12.2011 22:23:16 | Computer Name = Netbook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24864 seconds with 360 seconds of active time. This session ended with a crash. Error - 29.04.2013 16:03:27 | Computer Name = Netbook | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 92508 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 22.05.2013 13:29:49 | Computer Name = Netbook | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom < End of report > Code:
ATTFilter OTL logfile created on: 22.05.2013 19:33:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oliver\Desktop\Tojaner Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 62,41% Memory free 6,99 Gb Paging File | 5,44 Gb Available in Paging File | 77,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 446,84 Gb Total Space | 370,32 Gb Free Space | 82,88% Space Free | Partition Type: NTFS Drive D: | 18,62 Gb Total Space | 2,33 Gb Free Space | 12,49% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 90,89 Mb Free Space | 91,79% Space Free | Partition Type: FAT32 Computer Name: NETBOOK | User Name: Oliver | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Oliver\Desktop\Tojaner\4_OTL.exe (OldTimer Tools) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) PRC - C:\Program Files\1&1 Surf-Stick\AssistantServices.exe () PRC - C:\Program Files\1&1 Surf-Stick\UIExec.exe () PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink) PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) PRC - C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.) PRC - C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) PRC - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) PRC - C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\9ab54aea64046cd2b4ff895b1c027c05\DeviceStoryAlbum.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\29be5a9cc5b83e2b30e9d788ac201f83\DevicePodcast.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b44e10add0a5276dc3fbbde338c4b5ea\DeviceVideo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\9661c2265a6fb7782243c0633378a1e5\DevicePhoto.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ec4ba3e13a88086bf95ea05919513917\DeviceMusic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\df3496a7e1364e2b78bac5b4aef48ae6\VideoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\88ec39193b34cf293d0887383c2ccde5\PhotoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\be4228490407398b302edeed5ea57879\Phonebook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\ea5424dfc774422fa2038d980b1642d1\StoryAlbumManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\218ed646a2ca6d2c08509295ce556260\MusicManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\fbe4134679a5506a54004cd5952d7d29\BATPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\730c70013610eb7e73f49213b1076bab\Kies.Common.MediaDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\94fd3d4235723a962f8b3f29d7eac567\Kies.Common.AllShare.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1784a3c837a81be9ad8608a9405de178\Kies.Common.DBManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\1f04da0191d585e975a3f43548a70e2e\Podcaster.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\35992f641f4348746cfe0c6c1b48ece7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f0dfcf225ea9ee5911a199d90da24d76\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ddd3ef7293ae9ddaca67c1ab86f328c3\Kies.Common.DeviceService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\99bba258903cd892a867461d55d728ff\DeviceCommonLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\d68e9699b3319f4d4a0d0fdb8855f48a\Kies.Plugin.ContentsManagerLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\50c6d0af63aa7107ec15d7ef86a62609\Kies.Common.MainUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6704d4bac5e6b834fe7cd1502f09f2cb\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\dfc6504af8cd62a4a38a5b6ad7ca6566\Kies.Common.Multimedia.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2627bfc447a741309a32dbd51ee23dbc\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\be28b9e8726e3ab319a05ee11b0bc412\DeviceHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\37bb8c2ca86bf868044bce11e73d1efc\Kies.Common.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7aef2d5e9f446c4108ed337e465cd196\Kies.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0687f786aa9dd34f7dd8d26cdfdb065f\Kies.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\81b8201bf1ea967ba701b63e65e75e47\Kies.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\5face173af94a7083cea1c078a6b4938\DummyStorePlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a5bd3f2855afcc1f5bf15057c35bd48d\Kies.Common.StoreManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\fde643974d1f6bc8843237cedb262c9b\Kies.Common.CRMManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\94eee0f7d59880d4ff2754ad67877ac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\931b9596988f8d16731b691a35a25727\Interop.DevFileServiceLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd5cbd625647b2af277b7c5c0ffb8f5b\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\bbd37020633f9e7f190af58b7bf6138f\ZipStore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\bfc490c6779a7a9ae85832ca58c27054\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\15fff4c0b61cdf95cf8c94850bfbde5f\Interop.DeviceServiceModelDBLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Program Files\Motorola\Bluetooth\btmshell.dll () MOD - C:\Program Files\1&1 Surf-Stick\UIExec.exe () MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll () MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (UI Assistant Service) -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe () SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) SRV - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) SRV - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (ezSharedSvc) -- C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (catchme) -- C:\Users\Oliver\AppData\Local\Temp\catchme.sys File not found DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (BTMUSB) -- C:\Windows\System32\drivers\btmusb.sys (Motorola, Inc.) DRV - (btmaudio) -- C:\Windows\System32\drivers\btmaud.sys (Motorola, Inc.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.) DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (DVMIO) -- C:\Windows\System32\drivers\dvmio.sys (DeviceVM, Inc.) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://news.google.de/ IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes,DefaultScope = {A7CBC86F-D1CC-4E19-B69A-6B103FD66D0A} IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{A7CBC86F-D1CC-4E19-B69A-6B103FD66D0A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-0/4?satitle={searchTerms}&mfe=Notebooks IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.giga.de/go/wy7" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.8.20110620112826 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Oliver\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Oliver\AppData\Roaming\05001.069 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.28 18:53:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Oliver\AppData\Roaming\05001.069 [2012.01.28 18:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Extensions [2012.03.26 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\fus14huh.default\extensions [2012.01.28 18:54:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Oliver\AppData\Roaming\mozilla\Firefox\Profiles\fus14huh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.02.21 08:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.01.28 18:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions [2012.01.28 18:53:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.20 12:23:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Oliver\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKU\S-1-5-21-1476546957-615971951-4105233114-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03EA31F7-E149-4EE8-88C1-354F9A8FDBAD}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 18:53:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.22 18:53:20 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.21 19:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.20 12:34:42 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.20 12:26:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.05.20 11:50:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.20 11:50:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.20 11:50:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.20 11:48:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.20 11:47:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.17 23:54:53 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Desktop\Tojaner [2013.05.17 22:21:10 | 000,103,680 | ---- | C] (GMER) -- C:\uxddqpog.sys [2013.05.16 22:54:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.05.16 22:51:09 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\Amazon MP3 [2013.05.16 22:51:00 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2013.05.16 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Program Files [2013.05.16 22:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eb0aa9f5-d90d-429d-91cc-de4db96b16c7 [2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Ulyn [2013.05.16 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Exef [2013.05.15 23:24:14 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.15 23:24:12 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.15 23:24:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.15 23:24:11 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.15 23:24:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.15 23:24:09 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.15 23:24:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.15 23:24:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.15 23:24:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.15 23:24:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.15 08:16:57 | 000,077,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_AuthenticAMD.dll [2013.05.15 08:16:56 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013.05.15 08:16:55 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.05.15 08:16:02 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013.05.15 08:15:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013.05.15 08:15:51 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013.05.06 12:24:33 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.01 10:48:24 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2013.05.01 10:48:24 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2013.05.01 07:12:24 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.05.01 07:12:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.05.01 07:12:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.05.01 07:12:24 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.05.01 07:12:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.05.01 07:12:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.05.01 07:12:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.05.01 07:12:23 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.05.01 07:12:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.05.01 07:12:22 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.05.01 07:12:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.05.01 07:12:22 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.05.01 07:12:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.05.01 07:12:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.05.01 07:12:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.05.01 07:12:22 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.05.01 07:12:21 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.05.01 07:12:21 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.05.01 07:12:21 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.05.01 07:12:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.05.01 07:12:21 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.05.01 07:12:21 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.05.01 07:12:21 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.05.01 07:12:21 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.05.01 07:12:20 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.05.01 07:12:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.29 22:18:49 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\Wild Tangent ========== Files - Modified Within 30 Days ========== [2013.05.22 19:36:58 | 000,023,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 19:36:58 | 000,023,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 19:30:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 19:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 19:29:14 | 2813,775,872 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 19:25:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.22 18:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.22 18:38:43 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.22 18:38:43 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.22 18:38:43 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.22 18:38:43 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.22 13:18:15 | 000,000,055 | ---- | M] () -- C:\Users\Oliver\AppData\Local\mv_music.xml [2013.05.22 12:15:54 | 000,000,058 | ---- | M] () -- C:\Users\Oliver\AppData\Local\mv_Photo.xml [2013.05.20 12:23:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.17 22:21:10 | 000,103,680 | ---- | M] (GMER) -- C:\uxddqpog.sys [2013.05.17 21:44:32 | 000,000,000 | ---- | M] () -- C:\Users\Oliver\defogger_reenable [2013.05.16 07:01:52 | 000,429,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 16:50:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 16:50:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.06 12:23:59 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.02 21:47:02 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOliver.job [2013.05.01 10:49:06 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.05.01 07:12:24 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.05.01 07:12:24 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.05.01 07:12:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.05.01 07:12:24 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.05.01 07:12:24 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.05.01 07:12:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.05.01 07:12:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.05.01 07:12:23 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.05.01 07:12:23 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.05.01 07:12:22 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.05.01 07:12:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.05.01 07:12:22 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.05.01 07:12:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.05.01 07:12:22 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.05.01 07:12:22 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.05.01 07:12:22 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.05.01 07:12:21 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.05.01 07:12:21 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.05.01 07:12:21 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.05.01 07:12:21 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.05.01 07:12:21 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.05.01 07:12:21 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.05.01 07:12:21 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.05.01 07:12:21 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.05.01 07:12:21 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.05.01 07:12:20 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.05.01 07:12:20 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.25 23:41:51 | 000,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat [2013.04.25 14:19:04 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNETBOOK$.job ========== Files Created - No Company Name ========== [2013.05.20 11:50:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.20 11:50:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.20 11:50:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.20 11:50:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.20 11:50:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.17 21:44:32 | 000,000,000 | ---- | C] () -- C:\Users\Oliver\defogger_reenable [2013.05.01 07:12:21 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.04.24 23:03:26 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2013.03.10 20:09:34 | 000,120,695 | ---- | C] () -- C:\Users\Oliver\Saeco_Nova Sup Testmodus.pdf [2013.03.10 20:08:00 | 000,261,717 | ---- | C] () -- C:\Users\Oliver\Saeco_Nova Sup zerlegen.pdf [2013.02.26 19:57:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2013.02.26 19:57:11 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2013.02.23 12:46:17 | 000,000,614 | ---- | C] () -- C:\Windows\wiso.ini [2012.12.28 00:30:26 | 000,009,295 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Kommagetrennte Werte (DOS).EML [2012.12.19 00:46:01 | 000,076,339 | ---- | C] () -- C:\ProgramData\moshzrzqkbmkgjl [2012.12.14 18:30:20 | 000,000,158 | ---- | C] () -- C:\Windows\LilliP.ini [2012.09.16 21:00:46 | 000,022,528 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.08.28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.08.28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.08.28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.08.28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.08.10 20:53:33 | 000,000,011 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\urhtps.dat [2012.08.09 22:43:38 | 000,000,016 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\blckdom.res [2012.01.28 18:53:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.12.11 18:25:58 | 000,000,032 | ---- | C] () -- C:\Users\Oliver\.simfy [2011.10.01 14:35:05 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.09.30 22:28:13 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.09.30 15:16:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.09.30 15:16:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.09.15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.07.09 13:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll [2011.06.28 20:54:44 | 000,000,243 | ---- | C] () -- C:\ProgramData\MusicStation.xml [2011.06.28 19:50:01 | 000,000,058 | ---- | C] () -- C:\Users\Oliver\AppData\Local\mv_Photo.xml [2011.06.28 19:50:01 | 000,000,055 | ---- | C] () -- C:\Users\Oliver\AppData\Local\mv_music.xml [2011.06.24 13:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.06.24 13:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2011.06.24 13:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2011.06.24 13:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2011.06.24 13:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2011.06.24 13:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2011.06.24 13:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2011.06.24 13:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2011.06.24 13:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2011.06.24 13:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
Themen zu Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an |
anleitung, anmeldung, antivir, automatische, avira, avira antivir, betriebssystem, e-banking, fehlermeldung, forum, funktioniert, gen, google, karte, kreditkarte, log-file, online-banking, programm, scan, schnell, schutz, schädling, tans, tr/bublik.i.11, trojaner, updates, virenschutz, windows |