Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE (https://www.trojaner-board.de/129104-trj-ransom-ab-c-users-videoload-downloadmanager_2-0-2200-exe.html)

horstmeier 06.01.2013 14:39
Trj/Ransom.AB in C:\Users\***\VIDEOLOAD\DOWNLOADMANAGER_2.0.2200.EXE
 
Liebe Forenmitglieder! :taenzer:


Folgendes Problem auf meinem Samsung Aura R510 Notebook mit Windows Vista:

Meine Antiviren-Software Panda GP 2012 findet in letzter Zeit in immer kürzer werdenden Abständen den oben genannten Virus im oben genannten Verzeichnis mit dem Ergebnis, dass dieser geblockt wäre. In letzter Zeit geschieht dies immer häufiger, zeitweise im 5-Minuten-Takt, immer genau die gleiche Fehlermeldung.
Dazu hängt der Computer sich immer häufiger auf oder er fährt in etwa 2 Sekunden einfach eigenmächtig runter. Außerdem sind zeitweise INternetseiten extrem langsam oder Verzeichnisse im Datei-Manager lassen sich nur extrem langsam öffnen und stürzen dann ab.
Alles wie gesagt mit in letzter Zeit stark zunehmender Frequenz.


Was ist zu tun? Vielen Dank schon im Vorraus für eure Mühe! Ich hoffe ich habe bei der Erstellung der Logfiles alles richtig gemacht.

Viele Grüße! :crazy:

HM

ryder 06.01.2013 14:54
:hallo:

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Bitte Lesen:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
  • Nur Scanns durchführen zu denen Du aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.


Gelesen und verstanden?


Schritt 1:
Laufwerksemulationen abschalten mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully ... Continue?" bestätige dies mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Poste bitte die defogger_disable.txt von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 2:
Scan mit aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Schritt 3:
Scan mit dem TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke auf Change parameters, setze einen Haken bei Detect TDLFS file system und bestätige mit OK.
  • Drücke Start Scan
  • Warnung:
    Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread (bitte dringend in CODE-Tags mit dem #-Symbol im Editor).

Schritt 4:
Scan mit DDS+ (mit attach)
Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Stelle folgendes ein:

    [X] dds.txt
    [X] attach.txt
    [ ] options for dds.txt

  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags.

horstmeier 06.01.2013 15:23
Vielen Dank für die schnelle Hilfe!

Alles gelesen und verstanden! noch eine frage vorab: muss ich die internetverbindung und meine antivirussoftware (panda) währenddessen ausmachen?

Gruß

ryder 06.01.2013 15:37
Kannst du machen, musst aber nur, wenn es in einer Anleitung auftaucht.

ryder 08.01.2013 14:13
Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

horstmeier 08.01.2013 21:56
bin beruflich eingespannt, sorry!

defogger:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:48 on 08/01/2013 (Björn)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

ryder 09.01.2013 16:19
Ja das glaube ich. Es ist jedoch wichtig, dass man da dran bleibt.

horstmeier 10.01.2013 00:10
ok, jetzt alles vollständig:

1.) defogger: siehe oben

2.) asw MBR:

Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-09 22:23:02
-----------------------------
22:23:02.147    OS Version: Windows 6.0.6002 Service Pack 2
22:23:02.147    Number of processors: 2 586 0xF0D
22:23:02.149    ComputerName: SAMSUNGR510  UserName: Björn
22:23:03.642    Initialize success
22:27:07.791    AVAST engine defs: 13010900
22:29:21.264    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:29:21.268    Disk 0 Vendor: FUJITSU_ 0000 Size: 305245MB BusType: 3
22:29:21.283    Disk 0 MBR read successfully
22:29:21.286    Disk 0 MBR scan
22:29:21.291    Disk 0 Windows VISTA default MBR code
22:29:21.308    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
22:29:21.336    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      295003 MB offset 20973568
22:29:21.351    Disk 0 scanning sectors +625139712
22:29:21.424    Disk 0 scanning C:\Windows\system32\drivers
22:29:45.122    Service scanning
22:30:15.477    Modules scanning
22:30:36.939    Disk 0 trace - called modules:
22:30:36.973    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:30:36.979    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e33ac8]
22:30:36.987    3 CLASSPNP.SYS[8aea78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84687028]
22:30:38.343    AVAST engine scan C:\Windows
22:30:43.033    AVAST engine scan C:\Windows\system32
22:36:38.354    AVAST engine scan C:\Windows\system32\drivers
22:36:56.150    AVAST engine scan C:\Users\Björn
23:19:50.298    AVAST engine scan C:\ProgramData
23:23:59.863    Scan finished successfully
23:48:44.118    Disk 0 MBR has been saved successfully to "C:\Users\Björn\Desktop\MBR.dat"
23:48:44.130    The log file has been saved successfully to "C:\Users\Björn\Desktop\aswMBR.txt"

3.) TDSS:

Code:
23:53:22.0236 4212  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:53:23.0656 4212  ============================================================
23:53:23.0656 4212  Current date / time: 2013/01/09 23:53:23.0656
23:53:23.0656 4212  SystemInfo:
23:53:23.0656 4212 
23:53:23.0656 4212  OS Version: 6.0.6002 ServicePack: 2.0
23:53:23.0656 4212  Product type: Workstation
23:53:23.0656 4212  ComputerName: SAMSUNGR510
23:53:23.0656 4212  UserName: Björn
23:53:23.0656 4212  Windows directory: C:\Windows
23:53:23.0656 4212  System windows directory: C:\Windows
23:53:23.0656 4212  Processor architecture: Intel x86
23:53:23.0656 4212  Number of processors: 2
23:53:23.0656 4212  Page size: 0x1000
23:53:23.0656 4212  Boot type: Normal boot
23:53:23.0656 4212  ============================================================
23:53:24.0867 4212  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:53:24.0884 4212  ============================================================
23:53:24.0884 4212  \Device\Harddisk0\DR0:
23:53:24.0907 4212  MBR partitions:
23:53:24.0907 4212  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x2402D800
23:53:24.0907 4212  ============================================================
23:53:25.0064 4212  C: <-> \Device\Harddisk0\DR0\Partition1
23:53:25.0064 4212  ============================================================
23:53:25.0064 4212  Initialize success
23:53:25.0064 4212  ============================================================
23:54:25.0960 3696  ============================================================
23:54:25.0960 3696  Scan started
23:54:25.0960 3696  Mode: Manual; TDLFS;
23:54:25.0960 3696  ============================================================
23:54:26.0236 3696  ================ Scan system memory ========================
23:54:26.0236 3696  System memory - ok
23:54:26.0239 3696  ================ Scan services =============================
23:54:26.0505 3696  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
23:54:26.0506 3696  AAV UpdateService - ok
23:54:26.0928 3696  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:54:26.0937 3696  ACPI - ok
23:54:27.0065 3696  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:54:27.0073 3696  AdobeARMservice - ok
23:54:27.0170 3696  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:54:27.0172 3696  AdobeFlashPlayerUpdateSvc - ok
23:54:27.0234 3696  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
23:54:27.0239 3696  adp94xx - ok
23:54:27.0273 3696  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
23:54:27.0276 3696  adpahci - ok
23:54:27.0298 3696  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:54:27.0299 3696  adpu160m - ok
23:54:27.0406 3696  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
23:54:27.0408 3696  adpu320 - ok
23:54:27.0486 3696  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:54:27.0495 3696  AeLookupSvc - ok
23:54:27.0541 3696  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
23:54:27.0548 3696  AFD - ok
23:54:27.0596 3696  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:54:27.0597 3696  agp440 - ok
23:54:27.0634 3696  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
23:54:27.0634 3696  aic78xx - ok
23:54:27.0683 3696  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
23:54:27.0694 3696  ALG - ok
23:54:27.0732 3696  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:54:27.0732 3696  aliide - ok
23:54:27.0764 3696  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:54:27.0765 3696  amdagp - ok
23:54:27.0796 3696  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:54:27.0796 3696  amdide - ok
23:54:27.0847 3696  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
23:54:27.0847 3696  AmdK7 - ok
23:54:27.0865 3696  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
23:54:27.0866 3696  AmdK8 - ok
23:54:27.0901 3696  [ 36B58A8BAFE100DE90C87A3C0E56A3F2 ] AmFSM          C:\Windows\system32\DRIVERS\amm8660.sys
23:54:27.0908 3696  AmFSM - ok
23:54:27.0981 3696  [ 6B467E791EC470D010BD50E5E98BF467 ] APPFLT          C:\Windows\system32\Drivers\APPFLT.SYS
23:54:27.0986 3696  APPFLT - ok
23:54:28.0039 3696  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
23:54:28.0054 3696  Appinfo - ok
23:54:28.0172 3696  [ 536FCD2CEC5161BFCC91CC21726B9DB2 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23:54:28.0186 3696  Apple Mobile Device - ok
23:54:28.0249 3696  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
23:54:28.0253 3696  arc - ok
23:54:28.0323 3696  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:54:28.0327 3696  arcsas - ok
23:54:28.0364 3696  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:54:28.0365 3696  AsyncMac - ok
23:54:28.0424 3696  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
23:54:28.0427 3696  atapi - ok
23:54:28.0631 3696  [ F32FEE7CB2EE32C1F808409BC8019701 ] athr            C:\Windows\system32\DRIVERS\athr.sys
23:54:28.0673 3696  athr - ok
23:54:28.0723 3696  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:54:28.0735 3696  AudioEndpointBuilder - ok
23:54:28.0824 3696  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:54:28.0827 3696  Audiosrv - ok
23:54:28.0875 3696  AvFlt - ok
23:54:28.0941 3696  [ 5C9D3986BFD7CE9FE1F63596DE76EF63 ] BandLuxe_Service C:\Program Files\o2 Verbindungsmanager\BRService.exe
23:54:28.0967 3696  BandLuxe_Service - ok
23:54:29.0036 3696  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:54:29.0036 3696  Beep - ok
23:54:29.0096 3696  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
23:54:29.0099 3696  BFE - ok
23:54:29.0165 3696  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
23:54:29.0172 3696  BITS - ok
23:54:29.0228 3696  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:54:29.0261 3696  blbdrive - ok
23:54:29.0305 3696  [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:54:29.0653 3696  Bonjour Service - ok
23:54:29.0719 3696  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:54:29.0750 3696  bowser - ok
23:54:29.0825 3696  [ BAEAE0AB3F321DC72F1A84A66149783C ] br3gmdm        C:\Windows\system32\DRIVERS\br3gmdm.sys
23:54:29.0827 3696  br3gmdm - ok
23:54:29.0884 3696  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:54:29.0887 3696  BrFiltLo - ok
23:54:29.0935 3696  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:54:29.0936 3696  BrFiltUp - ok
23:54:30.0006 3696  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
23:54:30.0019 3696  Browser - ok
23:54:30.0119 3696  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
23:54:30.0120 3696  Brserid - ok
23:54:30.0180 3696  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:54:30.0185 3696  BrSerWdm - ok
23:54:30.0224 3696  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:54:30.0225 3696  BrUsbMdm - ok
23:54:30.0264 3696  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:54:30.0264 3696  BrUsbSer - ok
23:54:30.0314 3696  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:54:30.0315 3696  BTHMODEM - ok
23:54:30.0342 3696  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:54:30.0371 3696  cdfs - ok
23:54:30.0412 3696  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
23:54:30.0416 3696  cdrom - ok
23:54:30.0459 3696  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
23:54:30.0615 3696  CertPropSvc - ok
23:54:30.0654 3696  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
23:54:30.0654 3696  circlass - ok
23:54:30.0710 3696  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
23:54:30.0742 3696  CLFS - ok
23:54:30.0823 3696  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:54:30.0824 3696  clr_optimization_v2.0.50727_32 - ok
23:54:30.0959 3696  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:54:32.0260 3696  clr_optimization_v4.0.30319_32 - ok
23:54:32.0335 3696  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:54:32.0339 3696  CmBatt - ok
23:54:32.0370 3696  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:54:32.0371 3696  cmdide - ok
23:54:32.0413 3696  [ D9C33E68F61F27D8206F65B0190DC5CF ] ComFiltr        C:\Windows\system32\DRIVERS\COMFiltr.sys
23:54:32.0422 3696  ComFiltr - ok
23:54:32.0436 3696  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:54:32.0440 3696  Compbatt - ok
23:54:32.0451 3696  COMSysApp - ok
23:54:32.0457 3696  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
23:54:32.0463 3696  crcdisk - ok
23:54:32.0485 3696  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:54:32.0485 3696  Crusoe - ok
23:54:32.0546 3696  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:54:32.0562 3696  CryptSvc - ok
23:54:32.0607 3696  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:54:32.0614 3696  DcomLaunch - ok
23:54:32.0666 3696  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:54:32.0671 3696  DfsC - ok
23:54:32.0788 3696  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
23:54:32.0803 3696  DFSR - ok
23:54:32.0857 3696  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:54:32.0859 3696  Dhcp - ok
23:54:32.0899 3696  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
23:54:32.0900 3696  disk - ok
23:54:32.0934 3696  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:54:32.0943 3696  Dnscache - ok
23:54:32.0968 3696  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
23:54:32.0981 3696  dot3svc - ok
23:54:33.0023 3696  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
23:54:33.0024 3696  Dot4 - ok
23:54:33.0045 3696  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print      C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:54:33.0049 3696  Dot4Print - ok
23:54:33.0059 3696  [ C55004CA6B419B6695970DFE849B122F ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
23:54:33.0060 3696  dot4usb - ok
23:54:33.0093 3696  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
23:54:33.0108 3696  DPS - ok
23:54:33.0146 3696  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:54:33.0147 3696  drmkaud - ok
23:54:33.0180 3696  [ 5BB0F91FFD84057D094D106D9FF53298 ] DSAFLT          C:\Windows\system32\Drivers\DSAFLT.SYS
23:54:33.0189 3696  DSAFLT - ok
23:54:33.0224 3696  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:54:33.0245 3696  DXGKrnl - ok
23:54:33.0279 3696  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
23:54:33.0281 3696  E1G60 - ok
23:54:33.0312 3696  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
23:54:33.0326 3696  EapHost - ok
23:54:33.0365 3696  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:54:33.0377 3696  Ecache - ok
23:54:33.0422 3696  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:54:33.0438 3696  ehRecvr - ok
23:54:33.0457 3696  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
23:54:33.0470 3696  ehSched - ok
23:54:33.0480 3696  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
23:54:33.0489 3696  ehstart - ok
23:54:33.0517 3696  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
23:54:33.0519 3696  elxstor - ok
23:54:33.0567 3696  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
23:54:33.0598 3696  EMDMgmt - ok
23:54:33.0644 3696  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:54:33.0645 3696  ErrDev - ok
23:54:33.0673 3696  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
23:54:33.0684 3696  EventSystem - ok
23:54:33.0716 3696  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
23:54:33.0718 3696  exfat - ok
23:54:33.0738 3696  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:54:33.0743 3696  fastfat - ok
23:54:33.0758 3696  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
23:54:33.0758 3696  fdc - ok
23:54:33.0785 3696  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
23:54:33.0798 3696  fdPHost - ok
23:54:33.0807 3696  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:54:33.0822 3696  FDResPub - ok
23:54:33.0839 3696  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:54:33.0844 3696  FileInfo - ok
23:54:33.0871 3696  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:54:33.0872 3696  Filetrace - ok
23:54:33.0899 3696  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:54:33.0900 3696  flpydisk - ok
23:54:33.0924 3696  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:54:33.0931 3696  FltMgr - ok
23:54:33.0966 3696  [ A38B9BA7A4C17F7DCE9EC4E8F7870026 ] FNETMON        C:\Windows\system32\Drivers\fnetmon.SYS
23:54:33.0976 3696  FNETMON - ok
23:54:34.0035 3696  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
23:54:34.0061 3696  FontCache - ok
23:54:34.0110 3696  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:54:34.0112 3696  FontCache3.0.0.0 - ok
23:54:34.0139 3696  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:54:34.0139 3696  Fs_Rec - ok
23:54:34.0164 3696  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:54:34.0167 3696  gagp30kx - ok
23:54:34.0200 3696  [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:54:34.0205 3696  GEARAspiWDM - ok
23:54:34.0250 3696  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
23:54:34.0270 3696  gpsvc - ok
23:54:34.0308 3696  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:54:34.0311 3696  HdAudAddService - ok
23:54:34.0340 3696  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:54:34.0369 3696  HDAudBus - ok
23:54:34.0388 3696  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:54:34.0397 3696  HidBth - ok
23:54:34.0420 3696  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
23:54:34.0421 3696  HidIr - ok
23:54:34.0463 3696  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
23:54:34.0473 3696  hidserv - ok
23:54:34.0502 3696  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:54:34.0502 3696  HidUsb - ok
23:54:34.0536 3696  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:54:34.0547 3696  hkmsvc - ok
23:54:34.0585 3696  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
23:54:34.0586 3696  HpCISSs - ok
23:54:34.0677 3696  [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:54:34.0681 3696  hpqcxs08 - ok
23:54:34.0714 3696  [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:54:34.0730 3696  hpqddsvc - ok
23:54:34.0799 3696  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:54:35.0198 3696  HTTP - ok
23:54:35.0218 3696  [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:54:35.0219 3696  hwdatacard - ok
23:54:35.0257 3696  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
23:54:35.0265 3696  i2omp - ok
23:54:35.0304 3696  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:54:35.0308 3696  i8042prt - ok
23:54:35.0335 3696  [ F263A9036F8897FFA2AE54685E03AD60 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:54:35.0338 3696  iaStor - ok
23:54:35.0359 3696  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
23:54:35.0363 3696  iaStorV - ok
23:54:35.0426 3696  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:54:35.0427 3696  IDriverT - ok
23:54:35.0456 3696  [ C4E887CF7BA2D3624233231AECD34C9D ] IDSFLT          C:\Windows\system32\Drivers\IDSFLT.SYS
23:54:35.0470 3696  IDSFLT - ok
23:54:35.0540 3696  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:54:35.0557 3696  idsvc - ok
23:54:35.0575 3696  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
23:54:35.0576 3696  iirsp - ok
23:54:35.0607 3696  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:54:35.0637 3696  IKEEXT - ok
23:54:35.0727 3696  [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:54:35.0809 3696  IntcAzAudAddService - ok
23:54:35.0841 3696  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:54:35.0841 3696  intelide - ok
23:54:35.0869 3696  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:54:35.0870 3696  intelppm - ok
23:54:35.0897 3696  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:54:35.0898 3696  IPBusEnum - ok
23:54:35.0913 3696  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:54:35.0919 3696  IpFilterDriver - ok
23:54:35.0957 3696  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:54:35.0959 3696  iphlpsvc - ok
23:54:35.0964 3696  IpInIp - ok
23:54:35.0985 3696  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
23:54:35.0989 3696  IPMIDRV - ok
23:54:36.0011 3696  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
23:54:36.0013 3696  IPNAT - ok
23:54:36.0060 3696  [ 05CF6A56FBF436C347BB87FD1957ADC1 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:54:36.0064 3696  iPod Service - ok
23:54:36.0088 3696  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:54:36.0091 3696  IRENUM - ok
23:54:36.0112 3696  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:54:36.0112 3696  isapnp - ok
23:54:36.0158 3696  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:54:36.0161 3696  iScsiPrt - ok
23:54:36.0184 3696  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:54:36.0185 3696  iteatapi - ok
23:54:36.0199 3696  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
23:54:36.0200 3696  iteraid - ok
23:54:36.0217 3696  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:54:36.0222 3696  kbdclass - ok
23:54:36.0250 3696  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:54:36.0251 3696  kbdhid - ok
23:54:36.0265 3696  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
23:54:36.0273 3696  KeyIso - ok
23:54:36.0301 3696  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO      C:\Windows\system32\DRIVERS\kmdfmemio.sys
23:54:36.0305 3696  KMDFMEMIO - ok
23:54:36.0335 3696  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:54:36.0356 3696  KSecDD - ok
23:54:36.0406 3696  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:54:36.0425 3696  KtmRm - ok
23:54:36.0481 3696  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:54:36.0498 3696  LanmanServer - ok
23:54:36.0547 3696  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:54:36.0563 3696  LanmanWorkstation - ok
23:54:36.0614 3696  [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:54:36.0623 3696  LightScribeService - ok
23:54:36.0650 3696  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:54:36.0657 3696  lltdio - ok
23:54:36.0719 3696  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:54:36.0746 3696  lltdsvc - ok
23:54:36.0770 3696  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:54:36.0795 3696  lmhosts - ok
23:54:36.0829 3696  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:54:36.0836 3696  LSI_FC - ok
23:54:36.0867 3696  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
23:54:36.0869 3696  LSI_SAS - ok
23:54:36.0917 3696  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:54:36.0919 3696  LSI_SCSI - ok
23:54:36.0945 3696  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
23:54:36.0952 3696  luafv - ok
23:54:37.0012 3696  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
23:54:37.0050 3696  McComponentHostService - ok
23:54:37.0103 3696  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:54:37.0121 3696  Mcx2Svc - ok
23:54:37.0178 3696  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
23:54:37.0186 3696  megasas - ok
23:54:37.0230 3696  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
23:54:37.0234 3696  MegaSR - ok
23:54:37.0305 3696  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:54:37.0306 3696  Microsoft Office Groove Audit Service - ok
23:54:37.0331 3696  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
23:54:37.0333 3696  MMCSS - ok
23:54:37.0340 3696  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
23:54:37.0344 3696  Modem - ok
23:54:37.0354 3696  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
23:54:37.0360 3696  monitor - ok
23:54:37.0382 3696  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:54:37.0386 3696  mouclass - ok
23:54:37.0400 3696  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:54:37.0405 3696  mouhid - ok
23:54:37.0426 3696  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:54:37.0431 3696  MountMgr - ok
23:54:37.0491 3696  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:54:38.0584 3696  MozillaMaintenance - ok
23:54:38.0649 3696  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:54:38.0651 3696  mpio - ok
23:54:38.0668 3696  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:54:38.0672 3696  mpsdrv - ok
23:54:38.0699 3696  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:54:38.0714 3696  MpsSvc - ok
23:54:38.0746 3696  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:54:38.0747 3696  Mraid35x - ok
23:54:38.0783 3696  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:54:38.0788 3696  MRxDAV - ok
23:54:38.0813 3696  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:54:38.0819 3696  mrxsmb - ok
23:54:38.0844 3696  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:54:38.0846 3696  mrxsmb10 - ok
23:54:38.0857 3696  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:54:38.0863 3696  mrxsmb20 - ok
23:54:38.0882 3696  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
23:54:38.0892 3696  msahci - ok
23:54:38.0913 3696  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
23:54:38.0915 3696  msdsm - ok
23:54:38.0941 3696  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
23:54:38.0944 3696  MSDTC - ok
23:54:38.0975 3696  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:54:38.0979 3696  Msfs - ok
23:54:39.0014 3696  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:54:39.0018 3696  msisadrv - ok
23:54:39.0053 3696  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:54:39.0068 3696  MSiSCSI - ok
23:54:39.0077 3696  msiserver - ok
23:54:39.0120 3696  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:54:39.0121 3696  MSKSSRV - ok
23:54:39.0141 3696  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:54:39.0142 3696  MSPCLOCK - ok
23:54:39.0155 3696  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:54:39.0156 3696  MSPQM - ok
23:54:39.0179 3696  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:54:39.0181 3696  MsRPC - ok
23:54:39.0193 3696  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:54:39.0197 3696  mssmbios - ok
23:54:39.0227 3696  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:54:39.0228 3696  MSTEE - ok
23:54:39.0251 3696  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
23:54:39.0255 3696  Mup - ok
23:54:39.0286 3696  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
23:54:39.0290 3696  napagent - ok
23:54:39.0326 3696  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:54:39.0332 3696  NativeWifiP - ok
23:54:39.0377 3696  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:54:39.0686 3696  NDIS - ok
23:54:39.0713 3696  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:54:39.0721 3696  NdisTapi - ok
23:54:39.0737 3696  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:54:39.0740 3696  Ndisuio - ok
23:54:39.0762 3696  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:54:39.0767 3696  NdisWan - ok
23:54:39.0784 3696  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:54:39.0788 3696  NDProxy - ok
23:54:39.0827 3696  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:54:39.0834 3696  Net Driver HPZ12 - ok
23:54:39.0875 3696  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:54:39.0876 3696  NetBIOS - ok
23:54:39.0905 3696  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
23:54:39.0912 3696  netbt - ok
23:54:39.0949 3696  [ D8F44FC13DB193C9379297973EE42272 ] NETFLTDI        C:\Windows\system32\Drivers\NETFLTDI.SYS
23:54:39.0958 3696  NETFLTDI - ok
23:54:39.0984 3696  [ 9DEE136C4863D5065437D07262BB5C40 ] NETIMFLT01060044 C:\Windows\system32\DRIVERS\neti1644.sys
23:54:39.0987 3696  NETIMFLT01060044 - ok
23:54:39.0998 3696  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
23:54:40.0000 3696  Netlogon - ok
23:54:40.0023 3696  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
23:54:40.0040 3696  Netman - ok
23:54:40.0061 3696  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
23:54:40.0065 3696  netprofm - ok
23:54:40.0085 3696  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:54:40.0091 3696  NetTcpPortSharing - ok
23:54:40.0126 3696  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
23:54:40.0133 3696  nfrd960 - ok
23:54:40.0155 3696  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:54:40.0158 3696  NlaSvc - ok
23:54:40.0188 3696  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:54:40.0189 3696  Npfs - ok
23:54:40.0207 3696  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
23:54:40.0218 3696  nsi - ok
23:54:40.0230 3696  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:54:40.0234 3696  nsiproxy - ok
23:54:40.0280 3696  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:54:40.0668 3696  Ntfs - ok
23:54:40.0680 3696  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
23:54:40.0681 3696  ntrigdigi - ok
23:54:40.0692 3696  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
23:54:40.0693 3696  Null - ok
23:54:40.0900 3696  [ C526B4A24EF951EF219C3BFA1534B152 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:54:41.0170 3696  nvlddmkm - ok
23:54:41.0232 3696  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:54:41.0233 3696  nvraid - ok
23:54:41.0254 3696  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:54:41.0254 3696  nvstor - ok
23:54:41.0274 3696  [ DF6315CE4FF30F706ABF3802D7749E70 ] nvsvc          C:\Windows\system32\nvvsvc.exe
23:54:41.0286 3696  nvsvc - ok
23:54:41.0319 3696  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:54:41.0320 3696  nv_agp - ok
23:54:41.0326 3696  NwlnkFlt - ok
23:54:41.0335 3696  NwlnkFwd - ok
23:54:41.0426 3696  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:54:41.0487 3696  odserv - ok
23:54:41.0519 3696  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:54:41.0523 3696  ohci1394 - ok
23:54:41.0565 3696  OpenVPNService - ok
23:54:41.0609 3696  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:54:41.0620 3696  ose - ok
23:54:41.0666 3696  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:54:41.0672 3696  p2pimsvc - ok
23:54:41.0733 3696  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:54:41.0741 3696  p2psvc - ok
23:54:41.0789 3696  [ 78B7642B0C51F24F0835C0226540D58B ] Panda Software Controller C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrls.exe
23:54:41.0790 3696  Panda Software Controller - ok
23:54:41.0873 3696  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
23:54:41.0877 3696  Parport - ok
23:54:41.0932 3696  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:54:41.0933 3696  partmgr - ok
23:54:41.0985 3696  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:54:41.0986 3696  Parvdm - ok
23:54:42.0059 3696  [ 55D654258A9C509B671310C314BD30B4 ] pavboot        C:\Windows\system32\Drivers\pavboot.sys
23:54:42.0084 3696  pavboot - ok
23:54:42.0202 3696  [ 3BB71BD8B4873C5FECA890EFC6BF9257 ] PAVFNSVR        C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe
23:54:42.0212 3696  PAVFNSVR - ok
23:54:42.0294 3696  [ A110035FDC4B8F8F0CD5E71D031274E1 ] PavProc        C:\Windows\system32\DRIVERS\PavProc.sys
23:54:42.0311 3696  PavProc - ok
23:54:42.0327 3696  [ 2AE3F6B23448443BBEF5DE207159213B ] PavPrSrv        C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
23:54:42.0335 3696  PavPrSrv - ok
23:54:42.0342 3696  PavSRK.sys - ok
23:54:42.0385 3696  [ 97005413310966001FB6F4A5C503149C ] PAVSRV          C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe
23:54:42.0707 3696  PAVSRV - ok
23:54:42.0712 3696  PavTPK.sys - ok
23:54:42.0762 3696  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:54:42.0779 3696  PcaSvc - ok
23:54:42.0807 3696  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
23:54:42.0810 3696  pci - ok
23:54:42.0847 3696  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
23:54:42.0848 3696  pciide - ok
23:54:42.0871 3696  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:54:42.0873 3696  pcmcia - ok
23:54:42.0879 3696  PDNMp50 - ok
23:54:42.0885 3696  PDNSp50 - ok
23:54:42.0939 3696  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:54:42.0983 3696  PEAUTH - ok
23:54:43.0047 3696  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
23:54:43.0091 3696  pla - ok
23:54:43.0124 3696  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:54:43.0142 3696  PlugPlay - ok
23:54:43.0199 3696  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:54:43.0206 3696  Pml Driver HPZ12 - ok
23:54:43.0244 3696  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
23:54:43.0251 3696  PNRPAutoReg - ok
23:54:43.0288 3696  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
23:54:43.0295 3696  PNRPsvc - ok
23:54:43.0326 3696  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:54:43.0330 3696  PolicyAgent - ok
23:54:43.0375 3696  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:54:43.0380 3696  PptpMiniport - ok
23:54:43.0421 3696  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
23:54:43.0421 3696  Processor - ok
23:54:43.0462 3696  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
23:54:43.0476 3696  ProfSvc - ok
23:54:43.0488 3696  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:54:43.0490 3696  ProtectedStorage - ok
23:54:43.0520 3696  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:54:43.0525 3696  PSched - ok
23:54:43.0589 3696  [ 532053E8E3BB8FA7166AB4E7685FDDCC ] PSHost          c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE
23:54:43.0602 3696  PSHost - ok
23:54:43.0639 3696  [ 196C450F2779D0B462C444DA4906EA7F ] PSIMSVC        C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe
23:54:43.0977 3696  PSIMSVC - ok
23:54:44.0005 3696  [ 341457B79B3FC31A80C346C767045879 ] PskSvcRetail    C:\Program Files\Panda Security\Panda Global Protection 2012\PskSvc.exe
23:54:44.0013 3696  PskSvcRetail - ok
23:54:44.0068 3696  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:54:44.0075 3696  ql2300 - ok
23:54:44.0120 3696  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:54:44.0122 3696  ql40xx - ok
23:54:44.0164 3696  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
23:54:44.0178 3696  QWAVE - ok
23:54:44.0208 3696  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:54:44.0216 3696  QWAVEdrv - ok
23:54:44.0237 3696  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:54:44.0238 3696  RasAcd - ok
23:54:44.0257 3696  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
23:54:44.0271 3696  RasAuto - ok
23:54:44.0306 3696  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:54:44.0308 3696  Rasl2tp - ok
23:54:44.0385 3696  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
23:54:44.0390 3696  RasMan - ok
23:54:44.0432 3696  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:54:44.0434 3696  RasPppoe - ok
23:54:44.0474 3696  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:54:44.0482 3696  RasSstp - ok
23:54:44.0523 3696  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:54:44.0530 3696  rdbss - ok
23:54:44.0561 3696  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:54:44.0562 3696  RDPCDD - ok
23:54:44.0609 3696  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
23:54:44.0612 3696  rdpdr - ok
23:54:44.0624 3696  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:54:44.0625 3696  RDPENCDD - ok
23:54:44.0722 3696  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:54:44.0725 3696  RDPWD - ok
23:54:44.0813 3696  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:54:44.0829 3696  RemoteAccess - ok
23:54:44.0862 3696  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:54:44.0872 3696  RemoteRegistry - ok
23:54:44.0924 3696  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:54:44.0938 3696  RichVideo - ok
23:54:44.0972 3696  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM      C:\Windows\system32\Drivers\RootMdm.sys
23:54:44.0973 3696  ROOTMODEM - ok
23:54:44.0999 3696  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
23:54:45.0008 3696  RpcLocator - ok
23:54:45.0053 3696  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
23:54:45.0059 3696  RpcSs - ok
23:54:45.0078 3696  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:54:45.0082 3696  rspndr - ok
23:54:45.0090 3696  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
23:54:45.0092 3696  SamSs - ok
23:54:45.0130 3696  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:54:45.0131 3696  sbp2port - ok
23:54:45.0191 3696  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:54:45.0204 3696  SCardSvr - ok
23:54:45.0252 3696  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
23:54:45.0262 3696  Schedule - ok
23:54:45.0284 3696  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:54:45.0285 3696  SCPolicySvc - ok
23:54:45.0318 3696  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:54:45.0330 3696  SDRSVC - ok
23:54:45.0363 3696  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:54:45.0373 3696  secdrv - ok
23:54:45.0410 3696  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
23:54:45.0420 3696  seclogon - ok
23:54:45.0441 3696  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
23:54:45.0444 3696  SENS - ok
23:54:45.0466 3696  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
23:54:45.0468 3696  Serenum - ok
23:54:45.0500 3696  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
23:54:45.0501 3696  Serial - ok
23:54:45.0554 3696  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:54:45.0554 3696  sermouse - ok
23:54:45.0600 3696  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:54:45.0615 3696  SessionEnv - ok
23:54:45.0657 3696  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
23:54:45.0661 3696  sffdisk - ok
23:54:45.0687 3696  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:54:45.0687 3696  sffp_mmc - ok
23:54:45.0720 3696  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
23:54:45.0721 3696  sffp_sd - ok
23:54:45.0765 3696  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
23:54:45.0774 3696  sfloppy - ok
23:54:45.0811 3696  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:54:45.0847 3696  SharedAccess - ok
23:54:45.0886 3696  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:54:45.0901 3696  ShellHWDetection - ok
23:54:45.0939 3696  [ 32D6F7632234F0354C79E915CA4613D4 ] ShldDrv        C:\Windows\system32\DRIVERS\ShlDrv51.sys
23:54:45.0951 3696  ShldDrv - ok
23:54:46.0041 3696  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:54:46.0042 3696  sisagp - ok
23:54:46.0075 3696  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:54:46.0076 3696  SiSRaid2 - ok
23:54:46.0131 3696  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:54:46.0131 3696  SiSRaid4 - ok
23:54:46.0194 3696  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
23:54:51.0642 3696  SkypeUpdate - ok
23:54:51.0749 3696  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
23:54:51.0842 3696  slsvc - ok
23:54:51.0900 3696  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:54:51.0914 3696  SLUINotify - ok
23:54:51.0985 3696  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:54:51.0989 3696  Smb - ok
23:54:52.0034 3696  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:54:52.0045 3696  SNMPTRAP - ok
23:54:52.0079 3696  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
23:54:52.0087 3696  spldr - ok
23:54:52.0122 3696  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
23:54:52.0136 3696  Spooler - ok
23:54:52.0179 3696  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:54:52.0184 3696  srv - ok
23:54:52.0222 3696  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:54:52.0229 3696  srv2 - ok
23:54:52.0284 3696  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:54:52.0289 3696  srvnet - ok
23:54:52.0314 3696  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:54:52.0324 3696  SSDPSRV - ok
23:54:52.0360 3696  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:54:52.0373 3696  SstpSvc - ok
23:54:52.0418 3696  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
23:54:52.0438 3696  stisvc - ok
23:54:52.0473 3696  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:54:52.0476 3696  swenum - ok
23:54:52.0517 3696  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
23:54:52.0533 3696  swprv - ok
23:54:52.0568 3696  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
23:54:52.0569 3696  Symc8xx - ok
23:54:52.0609 3696  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:54:52.0619 3696  Sym_hi - ok
23:54:52.0740 3696  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:54:52.0742 3696  Sym_u3 - ok
23:54:52.0798 3696  [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
23:54:52.0804 3696  SynTP - ok
23:54:52.0859 3696  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
23:54:52.0877 3696  SysMain - ok
23:54:52.0935 3696  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:54:52.0946 3696  TabletInputService - ok
23:54:52.0997 3696  [ 0C82061920A2DE35D33C2C2BB83B1E98 ] tap0801        C:\Windows\system32\DRIVERS\tap0801.sys
23:54:53.0001 3696  tap0801 - ok
23:54:53.0065 3696  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:54:53.0080 3696  TapiSrv - ok
23:54:53.0096 3696  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
23:54:53.0113 3696  TBS - ok
23:54:53.0164 3696  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:54:53.0540 3696  Tcpip - ok
23:54:53.0575 3696  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:54:53.0581 3696  Tcpip6 - ok
23:54:53.0610 3696  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:54:53.0612 3696  tcpipreg - ok
23:54:53.0641 3696  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:54:53.0642 3696  TDPIPE - ok
23:54:53.0669 3696  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:54:53.0670 3696  TDTCP - ok
23:54:53.0713 3696  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:54:53.0717 3696  tdx - ok
23:54:53.0739 3696  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:54:53.0745 3696  TermDD - ok
23:54:53.0770 3696  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
23:54:53.0790 3696  TermService - ok
23:54:53.0810 3696  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
23:54:53.0814 3696  Themes - ok
23:54:53.0834 3696  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
23:54:53.0836 3696  THREADORDER - ok
23:54:53.0887 3696  [ 76148C3159718B701252F87B067904A6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
23:54:53.0923 3696  TOSHIBA Bluetooth Service - ok
23:54:53.0956 3696  [ 8D624D3BD1F2D78BD1C01A2D4E954B4E ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
23:54:53.0956 3696  tosporte - ok
23:54:53.0983 3696  [ A594DBD80CA5426E2E558BF79195A110 ] tosrfbd        C:\Windows\system32\DRIVERS\tosrfbd.sys
23:54:53.0987 3696  tosrfbd - ok
23:54:54.0013 3696  [ 90C8525BC578AAFFE87C2D0ED4379E9E ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
23:54:54.0015 3696  tosrfbnp - ok
23:54:54.0040 3696  [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
23:54:54.0048 3696  Tosrfcom - ok
23:54:54.0085 3696  [ 28099A4E52148319AFA685D93A2244D0 ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
23:54:54.0086 3696  Tosrfhid - ok
23:54:54.0113 3696  [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
23:54:54.0114 3696  tosrfnds - ok
23:54:54.0147 3696  [ 7C0999169EF696F10761BF8275027330 ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
23:54:54.0148 3696  TosRfSnd - ok
23:54:54.0174 3696  [ 20CC46C5D3326122E1A0A8C9DAD00E0D ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
23:54:54.0175 3696  Tosrfusb - ok
23:54:54.0219 3696  [ F7F79FCB3331BC2DB57572E33A5A969D ] TPSrv          C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe
23:54:54.0220 3696  TPSrv - ok
23:54:54.0261 3696  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
23:54:54.0275 3696  TrkWks - ok
23:54:54.0323 3696  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:54:54.0333 3696  TrustedInstaller - ok
23:54:54.0375 3696  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:54:54.0376 3696  tssecsrv - ok
23:54:54.0419 3696  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
23:54:54.0422 3696  tunmp - ok
23:54:54.0449 3696  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:54:54.0450 3696  tunnel - ok
23:54:54.0479 3696  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:54:54.0480 3696  uagp35 - ok
23:54:54.0544 3696  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:54:54.0550 3696  udfs - ok
23:54:54.0584 3696  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:54:54.0597 3696  UI0Detect - ok
23:54:54.0617 3696  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:54:54.0618 3696  uliagpkx - ok
23:54:54.0656 3696  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
23:54:54.0658 3696  uliahci - ok
23:54:54.0687 3696  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:54:54.0688 3696  UlSata - ok
23:54:54.0740 3696  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
23:54:54.0742 3696  ulsata2 - ok
23:54:54.0772 3696  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
23:54:54.0773 3696  umbus - ok
23:54:54.0802 3696  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
23:54:54.0814 3696  upnphost - ok
23:54:54.0862 3696  [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
23:54:54.0863 3696  USBAAPL - ok
23:54:54.0916 3696  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:54:54.0917 3696  usbaudio - ok
23:54:54.0969 3696  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
23:54:54.0970 3696  usbccgp - ok
23:54:55.0017 3696  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:54:55.0018 3696  usbcir - ok
23:54:55.0071 3696  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
23:54:55.0071 3696  usbehci - ok
23:54:55.0096 3696  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:54:55.0102 3696  usbhub - ok
23:54:55.0121 3696  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
23:54:55.0122 3696  usbohci - ok
23:54:55.0152 3696  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:54:55.0152 3696  usbprint - ok
23:54:55.0175 3696  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
23:54:55.0176 3696  usbscan - ok
23:54:55.0197 3696  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:54:55.0201 3696  USBSTOR - ok
23:54:55.0225 3696  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
23:54:55.0228 3696  usbuhci - ok
23:54:55.0272 3696  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:54:55.0274 3696  usbvideo - ok
23:54:55.0317 3696  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
23:54:55.0329 3696  UxSms - ok
23:54:55.0362 3696  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
23:54:55.0381 3696  vds - ok
23:54:55.0418 3696  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:54:55.0418 3696  vga - ok
23:54:55.0443 3696  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:54:55.0450 3696  VgaSave - ok
23:54:55.0480 3696  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:54:55.0481 3696  viaagp - ok
23:54:55.0513 3696  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
23:54:55.0514 3696  ViaC7 - ok
23:54:55.0544 3696  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
23:54:55.0544 3696  viaide - ok
23:54:55.0593 3696  [ 86721C65A2010A9E34E3DC59DA0183CF ] VMC302          C:\Windows\system32\Drivers\VMC302.sys
23:54:55.0602 3696  VMC302 - ok
23:54:55.0628 3696  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:54:55.0632 3696  volmgr - ok
23:54:55.0703 3696  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:54:55.0710 3696  volmgrx - ok
23:54:55.0746 3696  [ 786DB5771F05EF300390399F626BF30A ] volsnap        C:\Windows\system32\drivers\volsnap.sys
23:54:55.0753 3696  volsnap - ok
23:54:55.0797 3696  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
23:54:55.0801 3696  vsmraid - ok
23:54:55.0860 3696  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
23:54:55.0896 3696  VSS - ok
23:54:55.0937 3696  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
23:54:55.0951 3696  W32Time - ok
23:54:55.0982 3696  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:54:55.0982 3696  WacomPen - ok
23:54:56.0013 3696  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:54:56.0018 3696  Wanarp - ok
23:54:56.0025 3696  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:54:56.0027 3696  Wanarpv6 - ok
23:54:56.0055 3696  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:54:56.0070 3696  wcncsvc - ok
23:54:56.0106 3696  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:54:56.0121 3696  WcsPlugInService - ok
23:54:56.0215 3696  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
23:54:56.0216 3696  Wd - ok
23:54:56.0270 3696  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:54:56.0291 3696  Wdf01000 - ok
23:54:56.0312 3696  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:54:56.0315 3696  WdiServiceHost - ok
23:54:56.0327 3696  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:54:56.0331 3696  WdiSystemHost - ok
23:54:56.0374 3696  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
23:54:56.0390 3696  WebClient - ok
23:54:56.0430 3696  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:54:56.0434 3696  Wecsvc - ok
23:54:56.0457 3696  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:54:56.0466 3696  wercplsupport - ok
23:54:56.0504 3696  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:54:56.0526 3696  WerSvc - ok
23:54:56.0576 3696  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
23:54:56.0589 3696  WinDefend - ok
23:54:56.0606 3696  WinHttpAutoProxySvc - ok
23:54:56.0656 3696  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:54:56.0671 3696  Winmgmt - ok
23:54:56.0742 3696  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
23:54:56.0825 3696  WinRM - ok
23:54:56.0884 3696  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:54:56.0891 3696  Wlansvc - ok
23:54:56.0928 3696  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
23:54:56.0929 3696  WmiAcpi - ok
23:54:56.0981 3696  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:54:56.0995 3696  wmiApSrv - ok
23:54:57.0066 3696  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
23:54:57.0091 3696  WMPNetworkSvc - ok
23:54:57.0141 3696  [ 0411D0433E8C48AD24B2EF32D7C97AE0 ] WNMFLT          C:\Windows\system32\Drivers\WNMFLT.SYS
23:54:57.0146 3696  WNMFLT - ok
23:54:57.0177 3696  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:54:57.0181 3696  WPCSvc - ok
23:54:57.0225 3696  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:54:57.0243 3696  WPDBusEnum - ok
23:54:57.0280 3696  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:54:57.0281 3696  WpdUsb - ok
23:54:57.0377 3696  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:55:01.0045 3696  WPFFontCache_v0400 - ok
23:55:01.0097 3696  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:55:01.0098 3696  ws2ifsl - ok
23:55:01.0136 3696  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
23:55:01.0140 3696  wscsvc - ok
23:55:01.0151 3696  WSearch - ok
23:55:01.0224 3696  [ A583F4BF607EBC5709578433207A76A8 ] WTGService      C:\Program Files\Verbindungsassistent\wtgservice.exe
23:55:01.0528 3696  WTGService - ok
23:55:01.0627 3696  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:55:01.0642 3696  wuauserv - ok
23:55:01.0670 3696  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:55:01.0674 3696  WudfPf - ok
23:55:01.0732 3696  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:55:01.0734 3696  WUDFRd - ok
23:55:01.0778 3696  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:55:01.0792 3696  wudfsvc - ok
23:55:01.0850 3696  [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
23:55:01.0857 3696  yukonwlh - ok
23:55:01.0900 3696  ================ Scan global ===============================
23:55:01.0929 3696  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:55:01.0977 3696  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:55:02.0011 3696  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:55:02.0057 3696  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:55:02.0061 3696  [Global] - ok
23:55:02.0064 3696  ================ Scan MBR ==================================
23:55:02.0085 3696  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:55:02.0472 3696  \Device\Harddisk0\DR0 - ok
23:55:02.0475 3696  ================ Scan VBR ==================================
23:55:02.0478 3696  [ 1BBB7B6706D1441B7B54AA0CC68F832E ] \Device\Harddisk0\DR0\Partition1
23:55:02.0480 3696  \Device\Harddisk0\DR0\Partition1 - ok
23:55:02.0483 3696  ============================================================
23:55:02.0483 3696  Scan finished
23:55:02.0483 3696  ============================================================
23:55:02.0496 1388  Detected object count: 0
23:55:02.0496 1388  Actual detected object count: 0

4.) DDS:

dds.txt:

DDS Logfile:
Code:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.9.2
Run by Björn at 0:00:03 on 2013-01-10
#Option MBR scan  is disabled.
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.2011 [GMT 1:00]
.
AV: Panda Global Protection 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Global Protection 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2012 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PskSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2012\WebProxy.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\o2 Verbindungsmanager\BRService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\AVENGINE.EXE
c:\program files\panda security\panda global protection 2012\firewall\PSHOST.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PsImSvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Verbindungsassistent\wtgservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2012\apvxdwin.exe
C:\Program Files\Panda Security\Panda Global Protection 2012\PavBckPT.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.arcor.de/
mStart Page = hxxp://alice.aol.de
mDefault_Page_URL = hxxp://alice.aol.de
uProxyServer = proxy.charite.de:80
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2012\Inicio.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] <no file>
StartupFolder: c:\users\bjrn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Alles mit BitComet herunterladen - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Alle &Filme mit BitComet herunterladen - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: Free YouTube to MP3 Converter - c:\users\björn\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Mit BitComet herunter&laden - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5} : NameServer = 213.191.92.87,192.168.1.1
TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5} : DHCPNameServer = 192.168.1.1
Handler: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - c:\program files\common files\fluxdvd\lib\xeb\xebnavigation.ax
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: avldr - avldr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\björn\appdata\roaming\mozilla\firefox\profiles\0x9ws559.default\
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2012-2-14 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2012-2-14 83528]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2012-2-14 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2012-2-14 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2012-2-14 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2012-2-14 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2012-2-14 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2012-2-14 46856]
R2 AAV UpdateService;AAV UpdateService;c:\program files\akademische arbeitsgemeinschaft\aavupdatemanager\aavus.exe [2008-10-24 128296]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2012-2-14 54344]
R2 BandLuxe_Service;BandLuxe Service;c:\program files\o2 verbindungsmanager\BRService.exe [2009-6-14 87264]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2012-2-14 13880]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2008-12-19 13312]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2012\PsCtrlS.exe [2012-2-14 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2012\PavFnSvr.exe [2012-2-14 202016]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2012-2-14 163848]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2012-2-14 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2012\pavsrvx86.exe [2012-2-14 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2012\psksvc.exe [2012-2-14 28992]
R2 WTGService;WTGService;c:\program files\verbindungsassistent\WTGService.exe [2010-6-2 330696]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [2012-2-14 201032]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-4-23 243840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\drivers\br3gmdm.sys [2008-12-23 104448]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE  "%1" %*
FileExt: .vbs: VBSFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE  "%1" %*
FileExt: .js: JSFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
FileExt: .jse: JSEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
FileExt: .wsf: WSFFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE  "%1" %*
.
=============== Created Last 30 ================
.
2013-01-08 21:03:55        6812136        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{3d392570-70a8-444b-afb2-227951344b96}\mpengine.dll
2013-01-05 14:54:28        --------        d-----w-        c:\users\björn\appdata\roaming\HpUpdate
2013-01-05 14:54:19        --------        d-----w-        c:\windows\Hewlett-Packard
2012-12-21 15:20:19        293376        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-21 15:20:18        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-15 14:47:59        916960        ----a-w-        c:\program files\mozilla firefox\firefox.exe
2012-12-15 14:47:59        2106216        ----a-w-        c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-12-15 14:47:59        1998168        ----a-w-        c:\program files\mozilla firefox\d3dx9_43.dll
2012-12-15 14:47:58        116192        ----a-w-        c:\program files\mozilla firefox\crashreporter.exe
2012-12-15 14:47:56        73696        ----a-w-        c:\program files\mozilla firefox\breakpadinjector.dll
2012-12-15 14:47:56        262112        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2012-12-15 14:47:56        18912        ----a-w-        c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-12-13 21:13:41        9728        ----a-w-        c:\windows\system32\Wdfres.dll
2012-12-13 21:13:32        73216        ----a-w-        c:\windows\system32\WUDFSvc.dll
2012-12-13 21:13:32        66560        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 21:13:32        16896        ----a-w-        c:\windows\system32\winusb.dll
2012-12-13 21:13:32        155136        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 21:13:31        172032        ----a-w-        c:\windows\system32\WUDFPlatform.dll
2012-12-13 21:13:30        526952        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 21:13:30        47720        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 21:13:28        613888        ----a-w-        c:\windows\system32\WUDFx.dll
2012-12-13 21:13:28        38912        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 21:13:28        196608        ----a-w-        c:\windows\system32\WUDFHost.exe
2012-12-13 20:53:50        2048000        ----a-w-        c:\windows\system32\win32k.sys
2012-12-13 20:53:49        376320        ----a-w-        c:\windows\system32\dpnet.dll
2012-12-13 20:53:49        23040        ----a-w-        c:\windows\system32\dpnsvr.exe
2012-12-13 20:53:48        224640        ----a-w-        c:\windows\system32\drivers\volsnap.sys
2012-12-13 20:53:25        2048        ----a-w-        c:\windows\system32\tzres.dll
.
==================== Find3M  ====================
.
2013-01-08 20:54:52        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:54:52        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-11-16 10:08:26        518432        ----a-w-        c:\windows\system32\PavSHook.dll
2012-11-14 02:09:22        1800704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 01:58:15        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 01:49:25        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 01:44:42        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
.
============= FINISH:  0:01:14,75 ===============
--- --- ---



attach.txt:

Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 17.12.2008 11:14:40
System Uptime: 09.01.2013 22:19:15 (2 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | R510/P510                 
Processor: Intel(R) Core(TM)2 Duo CPU    T5800  @ 2.00GHz | U2E1 | 2000/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 48,886 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-6zu4-Adapter
Device ID: ROOT\*6TO4MP\0030
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0030
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft-ISATAP-Adapter
Device ID: ROOT\*ISATAP\0023
Manufacturer: Microsoft
Name: Microsoft-ISATAP-Adapter #15
PNP Device ID: ROOT\*ISATAP\0023
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 4.62
AAVUpdateManager
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
Amazon MP3-Downloader 1.0.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
BitComet 1.15
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
C4400
C4420_Help
Cards_Calendar_OrderGift_DoMorePlugout
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink Power2Go
DC Software
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dropbox
Easy Battery Manager
Easy Display Manager
Easy Network Manager 3.0
Easy SpeedUp Manager
EndNote
eSupportQFolder
GPBaseService
Haufe iDesk-Browser
Haufe iDesk-Service
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
imagine digital freedom - Samsung
Intel® Matrix Storage Manager
Irodio Photo & Video Studio
ISI ResearchSoft - Export Helper
iTunes
IZArc 4.1.2
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.0
LabelPrint
Lager
LightScribe System Software  1.12.37.1
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SOAP Toolkit 2.0 SP2
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Networks Media Player for Internet Explorer
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
o2 Verbindungsmanager
OCR Software by I.R.I.S. 11.0
OpenVPN 2.0.9-gui-1.0.3
Panda Global Protection 2012
Panda Secure Vault 5
PanoStandAlone
Play AVStation
PlayCamera
PowerDirector
PowerDVD
PowerProducer
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PS_AIO_03_C4420_ProductContext
PSSWCORE
QuickSteuer 2009
QuickTime
Realtek High Definition Audio Driver
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shop for HP Supplies
Skype Toolbars
Skype™ 6.0
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Status
Steuer-Spar-Erklärung 2009
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
User Guide
Veetle TV 0.9.18
Verbindungsassistent
VideoToolkit01
Vimicro UVC Camera
VLC media player 1.1.6
WebReg
Windows Media Player Firefox Plugin
yEd Graph Editor
yEd Graph Editor 3.6.1.1
.
==== End Of File ===========================

ryder 10.01.2013 10:52
Dann weiter:


Schritt 1:
Windows-Defender abschalten

Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
  • Gehe in die Systemsteuerung und klicke auf Windows Defender.
  • Klicke Extras > Optionen.
  • Administratoroptionen > Haken entfernen bei Windows Defender verwenden.
  • Bestätige und schliesse alle offenen Fenster.


Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
Schritt 3:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.
Schritt 4:
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ryder 11.01.2013 15:42
Keine Hilfe per privater Nachricht.

Alle Fragen die du hast klären wir hier. Bitte die Logfiles hier posten :)

horstmeier 11.01.2013 16:15
ok. also:

1. soll ich vorher noch daten sichern oder nicht?
2. aus reinem interesse etwas zu lernen: hat die bisherige analyse schon etwas aufschluss gebracht und was haben wir gemacht bzw. haben wir noch vor und wie schätzt du die sachen ein?
3. was kann bei combo-fix schiefgehen?

schritte 1 bis 3 sind erledigt, combo-fix folgt heute oder morgen. als der tfc-cleaner lief bekam ich eine fehlermeldung panda permanent protection würde nicht mehr funktionieren. nach neustart jedoch keine probleme.

bis bald!

ryder 11.01.2013 16:28
1. Normalerweise ist es nicht nötig etwas zu sicher. An Daten sollte nichts verloren gehen.
2. Wir haben ein paar Vortests gemacht und jetzt gehts zum Bereinigen.
3. Normalerweise geht da nichts schief.

Du musst bitte verstehen, dass wir hier bei der kostenlosen Hilfe keine individuelle Analyse liefern. Wenn du mehr über Malware lernen willst, dann könntest du dich beispielsweise bei unserer Akademie anmelden.

horstmeier 11.01.2013 17:39
kurze frage noch vor combofix: panda meldet momentan ungefähr alle 3 min. dass der besagte trojaner gefunden worden sei und blockiert worden sei. habe nur bedenken was passiert wenn ich jetz panda ausmachen, wie ja für den combofix-scan verlangt...

ryder 11.01.2013 17:46
Dein Panda hat dich auch nicht vor der Infektion bewahrt oder?

Wir fertigen hier 500 Leute im Monat ab. Wir wissen, was wir machen ...

horstmeier 12.01.2013 09:59
1. defender ist abgeschaltet.

2. adw-cleaner:

Code:
# AdwCleaner v2.105 - Datei am 10/01/2013 um 20:18:05 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Björn - SAMSUNGR510
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Björn\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\prefs.js

C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\Nadja\AppData\Roaming\Mozilla\Firefox\Profiles\8wec85he.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\167bwns0.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1081 octets] - [10/01/2013 20:18:05]

########## EOF - C:\AdwCleaner[S1].txt - [1141 octets] ##########

3. TFC: erledigt. wie gesagt währenddessen fehlermeldung panda permanent protection würde nicht mehr funktionieren.


4. combofix:

Code:
ComboFix 13-01-11.01 - Björn 11.01.2013  20:22:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1788 [GMT 1:00]
ausgeführt von:: c:\users\Bj÷rn\Desktop\ComboFix.exe
AV: Panda Global Protection 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2012 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Global Protection 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\NVIDIA
c:\programdata\NVIDIA\NvApps.xml
c:\programdata\NVIDIA\NvStarted
c:\users\Nadja\AppData\Roaming\Skype
c:\users\Nadja\AppData\Roaming\Skype\shared.lck
c:\users\Nadja\AppData\Roaming\Skype\shared.xml
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-11 bis 2013-01-11  ))))))))))))))))))))))))))))))
.
.
2013-01-11 19:31 . 2013-01-11 19:31        --------        d-----w-        c:\users\Björn\AppData\Local\temp
2013-01-10 19:37 . 2012-11-23 01:35        2048000        ----a-w-        c:\windows\system32\win32k.sys
2013-01-10 19:23 . 2012-11-20 04:22        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-10 19:23 . 2012-11-02 10:19        1400832        ----a-w-        c:\windows\system32\msxml6.dll
2013-01-08 21:03 . 2012-11-08 18:00        6812136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D392570-70A8-444B-AFB2-227951344B96}\mpengine.dll
2013-01-05 18:36 . 2013-01-05 18:37        --------        d-----w-        c:\users\Björn\AppData\Local\Unity
2013-01-05 14:54 . 2013-01-05 14:56        --------        d-----w-        c:\users\Björn\AppData\Roaming\HpUpdate
2013-01-05 14:54 . 2013-01-05 14:54        --------        d-----w-        c:\windows\Hewlett-Packard
2013-01-05 14:06 . 2013-01-05 14:06        --------        d-----w-        c:\programdata\HP Product Assistant
2013-01-02 21:56 . 2013-01-02 21:56        --------        d-----w-        c:\program files\Common Files\Adobe
2012-12-21 15:20 . 2012-12-16 10:50        293376        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-21 15:20 . 2012-12-16 13:12        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-13 21:13 . 2012-07-26 02:46        9728        ----a-w-        c:\windows\system32\Wdfres.dll
2012-12-13 21:13 . 2012-07-26 03:20        73216        ----a-w-        c:\windows\system32\WUDFSvc.dll
2012-12-13 21:13 . 2012-07-26 02:33        66560        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 21:13 . 2012-07-26 02:32        155136        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 21:13 . 2009-07-14 12:12        16896        ----a-w-        c:\windows\system32\winusb.dll
2012-12-13 21:13 . 2012-07-26 03:20        172032        ----a-w-        c:\windows\system32\WUDFPlatform.dll
2012-12-13 21:13 . 2012-07-26 03:39        526952        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 21:13 . 2012-07-26 03:39        47720        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 21:13 . 2012-07-26 03:21        196608        ----a-w-        c:\windows\system32\WUDFHost.exe
2012-12-13 21:13 . 2012-07-26 03:20        613888        ----a-w-        c:\windows\system32\WUDFx.dll
2012-12-13 21:13 . 2012-07-26 03:20        38912        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 20:53 . 2012-11-02 10:18        376320        ----a-w-        c:\windows\system32\dpnet.dll
2012-12-13 20:53 . 2012-11-02 08:26        23040        ----a-w-        c:\windows\system32\dpnsvr.exe
2012-12-13 20:53 . 2012-08-21 11:47        224640        ----a-w-        c:\windows\system32\drivers\volsnap.sys
2012-12-13 20:53 . 2012-11-13 01:29        2048        ----a-w-        c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 20:54 . 2012-10-31 14:20        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:54 . 2012-10-31 14:20        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-11-16 10:08 . 2012-02-14 15:02        518432        ----a-w-        c:\windows\system32\PavSHook.dll
2012-12-15 14:48 . 2012-12-15 14:47        262112        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 92704]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
.
c:\users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55        55552        ----a-w-        c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51        919008        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04        252848        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 20:54]
.
2012-10-10 c:\windows\Tasks\Grundlegende Bereinigung.job
- c:\program files\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2012-02-14 13:23]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{B7E574B8-7AB8-4FA1-B167-0DBC4E19BAD3}.job
- c:\windows\system32\msfeedssync.exe [2011-05-20 08:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.arcor.de/
mStart Page = hxxp://alice.aol.de
uInternet Settings,ProxyServer = proxy.charite.de:80
uInternet Settings,ProxyOverride = *.local
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Alle &Filme mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Free YouTube to MP3 Converter - c:\users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: NameServer = 213.191.92.87,192.168.1.1
FF - ProfilePath - c:\users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-02-19 18:40; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - ExtSQL: !HIDDEN! 2009-09-02 18:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-hpqSRMon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-yEd Graph Editor - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-11 20:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2636)
c:\program files\Panda Security\Panda Global Protection 2012\pavoepl.dll
c:\windows\system32\ieframe.dll
.
Zeit der Fertigstellung: 2013-01-11  20:33:59
ComboFix-quarantined-files.txt  2013-01-11 19:33
.
Vor Suchlauf: 14 Verzeichnis(se), 56.415.666.176 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 56.294.129.664 Bytes frei
.
- - End Of File - - 64E17658F952548FBB1F6D88B60DA1F6

gruß

ryder 12.01.2013 10:10
Ja die Dinger meckern manchmal, wenn man nicht so tut wie sie gerne wollen :)

Deinstalliere noch McAfee Security Scan.

Gut! :daumenhoc

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.

Schritt 1:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
Schritt 2:
ESET Online Scanner


Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

  • Bitte hier klicken ---> http://larusso.trojaner-board.de/Images/eset.jpg
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange (einige Stunden) dauern! :kaffee:
Wenn der Scan beendet wurdeBitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.

Schritt 3:
Scan mit SecurityCheck
Downloade Dir bitte SecurityCheck: LINK1 LINK2
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

horstmeier 12.01.2013 10:32
ok mach ich!

letzte frage (KEINE kritik, sonder nur die möglicherweise naive frage eines laien!): dass panda (richtig, es hat mich nicht vor der infektion bewahrt) jetzt immer noch alle 5 Minuten den fund des trojaners meldet ist normal?

beste grüße

ryder 12.01.2013 10:33
Da ich nicht genau weiß, was es dir sagt ist das schwer zu sagen. Kann gut sein, dass es ständig unsere Quarantäne findet. Lass dich von so einem seelenlosen Scanknecht nicht verwirren.

horstmeier 12.01.2013 10:41
ok. verstanden!

allerletzte frage :) :

zwischenzeitlich haben sich einige windows-updates installiert ohne dass ich da etwas dagegen hätte machen können. problem?

bis bald

ryder 12.01.2013 11:14
Mach bitte einfach weiter.

horstmeier 12.01.2013 19:19
ok, sensei. entschuldige bitte.

moinsen!

mcaffee ist deinstalliert.

1.) malwarebytes:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.12.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Björn :: SAMSUNGR510 [Administrator]

12.01.2013 19:25:18
mbam-log-2013-01-12 (19-25-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 258293
Laufzeit: 10 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Björn\Downloads\setup(2).exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Björn\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

2.) eset hat nix gefunden.


3.) securitiy check:

Code:
Results of screen317's Security Check version 0.99.56 
 Windows Vista Service Pack 2 x86 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Panda Global Protection 2012 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.70.0.1100 
 JavaFX 2.1.0   
 Java 7 Update 9 
 Adobe Flash Player        11.5.502.146 
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 panda security panda global protection 2012 firewall PSHOST.EXE
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

der seelenlose scanknecht meldet immer noch dauernd: "virus neutralisiert! ein virus wurde gefunden und der zugriff auf die infizierte datei verhindert." im bericht steht dann trj/ransom.AB etc. und als aktion "blockiert"...

ryder 13.01.2013 19:44
Dann bitte Adobe 8 löschen

Prima! :daumenhoc

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.

Schritt 1:
Tools deinstallieren

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
  2. Falls Combofix benutzt wurde: Benenne die Combofix.exe um in uninstall.exe und starte sie.
  3. Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 2:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"

Schritt 3:
Java Update (Windows XP, Vista, 7)
Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können. Wenn die Installation beendet wurde:
  • Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.
Nach dem Neustart:
  • Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen...
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.


Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen

Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.



Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:



Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor! :)



Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.



Damit wünsche ich dir noch viel Spaß beim Surfen im Internet :daumenhoc

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

ryder 13.01.2013 19:44
Dann bitte Adobe 8 löschen

Prima! :daumenhoc

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.

Schritt 1:
Tools deinstallieren

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
  2. Falls Combofix benutzt wurde: Benenne die Combofix.exe um in uninstall.exe und starte sie.
  3. Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 2:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"

Schritt 3:
Java Update (Windows XP, Vista, 7)
Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können. Wenn die Installation beendet wurde:
  • Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.
Nach dem Neustart:
  • Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen...
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.


Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen

Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.



Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:



Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor! :)



Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.



Damit wünsche ich dir noch viel Spaß beim Surfen im Internet :daumenhoc

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

ryder 15.01.2013 14:20
Schön, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/

horstmeier 28.01.2013 11:27
hallo ryder!

ich hatte dir eine nachricht geschickt. leider hat die ganze aktion nichts an den beschriebenen symptomen geändert. woran liegt das?

beste grüße

ryder 29.01.2013 15:12
Es geht darum, dass dein Virenscanner etwas findet?

horstmeier 29.01.2013 21:44
es geht darum, dass mein computer sich alle 5 min für 1 Minute aufhängt, gefolgt von der bekannten Virenscannermeldung. außerdem stürzt der flashplayer alle 5 minuten ab. der computer ist so fast nicht benutzbar. komischerweise hat sich auch noch mein hp solution center verabschiedet obwohl es immer einwandfrei lief und ich rein gar nichst geändert hab.
zudem hätte ich gedacht, dass man im rahmen der säuberung auch diese videoload-datei beseitigt oder ist die kein problem mehr? löschen ist nicht möglich, angeblich keine rechte, obwohl als administrator angemeldet.

ryder 29.01.2013 22:51
Diese Datei ist auch nicht bei ESET aufgetaucht, und ansonsten auch nicht.
Wir können aber mal die harte Variante durchführen und die Datei löschen und schauen was passiert.

Jetzt bitte auch keinen Pfad editieren.

Schritt 1:
Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *downloadmanager*
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Schritt 2:
Scan mit GMER
Bitte lade dir GMER herunter: (Dateiname zufällig)
  • Schliesse alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhälst du einen Bluescreen, dann entferne den Haken vor Devices.


Schritt 3:
Scan mit Farbar's Recovery Scan Tool

Downloade dir bitte die passende Version des Tools und speichere diese auf einen USB Stick:
Farbar Recovery Scan Tool 32-Bit-Version
Farbar Recovery Scan Tool 64-Bit-Version

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

ryder 31.01.2013 09:24
Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 48 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

horstmeier 31.01.2013 19:22
ja, bin bei schritt drei! ergebnis heute später oder morgen..

test

horstmeier 31.01.2013 22:36
ich habe beim verfassen den pfad und den dateinamen leider falsch eingegeben:


korrekt lautet er:

C:\USERS\***\DOWNLOADS\VIDEOLOAD_MANAGER_2.0.220.EXE[fluxDVDSetup.exe][2Ü Ç \CPUCheck.exe]


1.) systemlook:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:42 on 30/01/2013 by Björn
Administrator - Elevation successful

========== filefind ==========

Searching for "*videoload_manager*"
C:\Users\Björn\Downloads\Videoload_Manager_2.0.2200.exe        --a---- 13196416 bytes        [19:26 17/03/2012]        [19:27 17/03/2012] (Unable to calculate MD5)

-= EOF =-

2.) Gmer:

siehe anhang

3.) nach dem ich von cd in die repaturoptionen gestartet habe, kam die meldung: "Windows hat ein Probleme mit den Startoptionen des Computers festgestellt. Möchten Sie die Reparatur anwenden und den Computer neu starten?" man hat die option zwischen "nein" und "reparieren und neu starten".
wenn man auf details clickt kommt folgende meldung:

"folgende Startoption wird repariert:
ID: {9DEA862C4-5CDD4E70-ACC1-F32B344D4795}

Die folgenden Startoption werden hierzu verwendet (oder so)
Name Windows recovery environment
Pfad: Winre.wim
Windows Gerät Partition E:

Eine Kopie der aktuellen Startoption wird unter C:\Boot\BCD.Backup0001 gespeichert"


Daraufhin hab ich erstmal abgebrochen und ganz normal wieder gestartet..

gruß

horstmeier 31.01.2013 22:38
ich habe beim verfassen den pfad und den dateinamen leider falsch eingegeben:


korrekt lautet er:

C:\USERS\***\DOWNLOADS\VIDEOLOAD_MANAGER_2.0.220.EXE[fluxDVDSetup.exe][2Ü Ç \CPUCheck.exe]


1.) systemlook:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:42 on 30/01/2013 by Björn
Administrator - Elevation successful

========== filefind ==========

Searching for "*videoload_manager*"
C:\Users\Björn\Downloads\Videoload_Manager_2.0.2200.exe        --a---- 13196416 bytes        [19:26 17/03/2012]        [19:27 17/03/2012] (Unable to calculate MD5)

-= EOF =-

2.) Gmer:

siehe anhang

3.) nach dem ich von cd in die repaturoptionen gestartet habe, kam die meldung: "Windows hat ein Probleme mit den Startoptionen des Computers festgestellt. Möchten Sie die Reparatur anwenden und den Computer neu starten?" man hat die option zwischen "nein" und "reparieren und neu starten".
wenn man auf details clickt kommt folgende meldung:

"folgende Startoption wird repariert:
ID: {9DEA862C4-5CDD4E70-ACC1-F32B344D4795}

Die folgenden Startoption werden hierzu verwendet (oder so)
Name Windows recovery environment
Pfad: Winre.wim
Windows Gerät Partition E:

Eine Kopie der aktuellen Startoption wird unter C:\Boot\BCD.Backup0001 gespeichert"


Daraufhin hab ich erstmal abgebrochen und ganz normal wieder gestartet..

gruß

ryder 01.02.2013 15:31
Dann machen wir die eine Datei mal weg, ansonsten ist da nichts zu sehen.

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    File::
    C:\Users\Björn\Downloads\Videoload_Manager_2.0.2200.exe
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags) ein.

Zitat:
Hinweis:
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

horstmeier 01.02.2013 23:10
erledigt!

combofix:

Code:
ComboFix 13-02-01.04 - Björn 01.02.2013  22:36:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1914 [GMT 1:00]
ausgeführt von:: c:\users\Bj÷rn\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Bj÷rn\Desktop\CFScript.txt
AV: Panda Global Protection 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2012 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Global Protection 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-01 bis 2013-02-01  ))))))))))))))))))))))))))))))
.
.
2013-02-01 21:48 . 2013-02-01 21:48        --------        d-----w-        c:\users\Björn\AppData\Local\temp
2013-01-28 16:58 . 2013-01-28 16:58        --------        d-----w-        c:\users\Björn\AppData\Local\Samsung
2013-01-28 16:58 . 2013-01-28 16:58        --------        d-----w-        c:\users\Björn\AppData\Roaming\Samsung
2013-01-28 16:38 . 2012-09-20 04:35        181344        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2013-01-28 16:38 . 2012-09-20 04:35        83168        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2013-01-28 16:36 . 2013-01-28 16:36        --------        d-----w-        c:\program files\MyFree Codec
2013-01-28 16:33 . 2012-12-18 09:06        4659712        ----a-w-        c:\windows\system32\Redemption.dll
2013-01-28 16:31 . 2012-12-18 09:06        821824        ----a-w-        c:\windows\system32\dgderapi.dll
2013-01-28 16:31 . 2012-12-18 09:06        20032        ----a-w-        c:\windows\system32\drivers\dgderdrv.sys
2013-01-28 16:28 . 2013-01-28 16:37        --------        d-----w-        c:\programdata\Samsung
2013-01-28 16:20 . 2013-01-28 16:20        --------        d-----w-        c:\users\Björn\AppData\Local\Downloaded Installations
2013-01-26 13:58 . 2012-08-21 12:01        26840        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-26 13:57 . 2013-01-26 13:57        --------        d-----w-        c:\program files\iPod
2013-01-26 13:57 . 2013-01-26 13:58        --------        d-----w-        c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-26 13:57 . 2013-01-26 13:58        --------        d-----w-        c:\program files\iTunes
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-01-26 13:49 . 2013-01-26 13:49        --------        d-----w-        c:\program files\QuickTime
2013-01-26 00:21 . 2013-01-26 00:21        --------        d-----w-        C:\uninstall
2013-01-12 19:49 . 2013-01-12 19:49        --------        d-----w-        c:\program files\ESET
2013-01-12 18:24 . 2013-01-12 18:24        --------        d-----w-        c:\users\Björn\AppData\Roaming\Malwarebytes
2013-01-12 18:24 . 2013-01-12 18:24        --------        d-----w-        c:\programdata\Malwarebytes
2013-01-12 18:24 . 2013-01-12 18:24        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-01-12 18:24 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-11 20:01 . 2013-01-11 20:01        --------        d-----w-        c:\programdata\NVIDIA
2013-01-10 19:37 . 2012-11-23 01:35        2048000        ----a-w-        c:\windows\system32\win32k.sys
2013-01-10 19:23 . 2012-11-20 04:22        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-10 19:23 . 2012-11-02 10:19        1400832        ----a-w-        c:\windows\system32\msxml6.dll
2013-01-08 21:03 . 2012-11-08 18:00        6812136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D392570-70A8-444B-AFB2-227951344B96}\mpengine.dll
2013-01-05 18:36 . 2013-01-05 18:37        --------        d-----w-        c:\users\Björn\AppData\Local\Unity
2013-01-05 14:54 . 2013-01-12 18:14        --------        d-----w-        c:\users\Björn\AppData\Roaming\HpUpdate
2013-01-05 14:54 . 2013-01-12 19:19        --------        d-----w-        c:\windows\Hewlett-Packard
2013-01-05 14:06 . 2013-01-05 14:06        --------        d-----w-        c:\programdata\HP Product Assistant
2013-01-02 21:56 . 2013-01-02 21:56        --------        d-----w-        c:\program files\Common Files\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-26 00:46 . 2012-05-14 22:46        859552        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-01-26 00:46 . 2010-06-27 00:49        780192        ----a-w-        c:\windows\system32\deployJava1.dll
2013-01-08 20:54 . 2012-10-31 14:20        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:54 . 2012-10-31 14:20        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-12-18 09:06 . 2012-12-18 09:06        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2012-12-18 09:06 . 2012-12-18 09:06        330240        ----a-w-        c:\windows\MASetupCaller.dll
2012-12-18 09:06 . 2012-12-18 09:06        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2012-12-18 09:06 . 2012-12-18 09:06        974848        ----a-w-        c:\windows\system32\cis-2.4.dll
2012-12-18 09:06 . 2012-12-18 09:06        81920        ----a-w-        c:\windows\system32\issacapi_bs-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06        65536        ----a-w-        c:\windows\system32\issacapi_pe-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06        57344        ----a-w-        c:\windows\system32\MTXSYNCICON.dll
2012-12-18 09:06 . 2012-12-18 09:06        57344        ----a-w-        c:\windows\system32\MK_Lyric.dll
2012-12-18 09:06 . 2012-12-18 09:06        57344        ----a-w-        c:\windows\system32\issacapi_se-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06        569344        ----a-w-        c:\windows\system32\muzdecode.ax
2012-12-18 09:06 . 2012-12-18 09:06        491520        ----a-w-        c:\windows\system32\muzapp.dll
2012-12-18 09:06 . 2012-12-18 09:06        49152        ----a-w-        c:\windows\system32\MaJGUILib.dll
2012-12-18 09:06 . 2012-12-18 09:06        45320        ----a-w-        c:\windows\system32\MAMACExtract.dll
2012-12-18 09:06 . 2012-12-18 09:06        45056        ----a-w-        c:\windows\system32\MaXMLProto.dll
2012-12-18 09:06 . 2012-12-18 09:06        45056        ----a-w-        c:\windows\system32\MACXMLProto.dll
2012-12-18 09:06 . 2012-12-18 09:06        40960        ----a-w-        c:\windows\system32\MTTELECHIP.dll
2012-12-18 09:06 . 2012-12-18 09:06        352256        ----a-w-        c:\windows\system32\MSLUR71.dll
2012-12-18 09:06 . 2012-12-18 09:06        258048        ----a-w-        c:\windows\system32\muzoggsp.ax
2012-12-18 09:06 . 2012-12-18 09:06        245760        ----a-w-        c:\windows\system32\MSCLib.dll
2012-12-18 09:06 . 2012-12-18 09:06        24576        ----a-w-        c:\windows\system32\MASetupCleaner.exe
2012-12-18 09:06 . 2012-12-18 09:06        200704        ----a-w-        c:\windows\system32\muzwmts.dll
2012-12-18 09:06 . 2012-12-18 09:06        172032        ----a-w-        c:\windows\system32\muzapp.exe
2012-12-18 09:06 . 2012-12-18 09:06        155648        ----a-w-        c:\windows\system32\MSFLib.dll
2012-12-18 09:06 . 2012-12-18 09:06        143360        ----a-w-        c:\windows\system32\3DAudio.ax
2012-12-18 09:06 . 2012-12-18 09:06        135168        ----a-w-        c:\windows\system32\muzaf1.dll
2012-12-18 09:06 . 2012-12-18 09:06        131072        ----a-w-        c:\windows\system32\muzmpgsp.ax
2012-12-18 09:06 . 2012-12-18 09:06        122880        ----a-w-        c:\windows\system32\muzeffect.ax
2012-12-18 09:06 . 2012-12-18 09:06        118784        ----a-w-        c:\windows\system32\MaDRM.dll
2012-12-18 09:06 . 2012-12-18 09:06        110592        ----a-w-        c:\windows\system32\muzmp4sp.ax
2012-12-18 09:06 . 2008-12-19 10:38        319456        ----a-w-        c:\windows\system32\DIFxAPI.dll
2012-12-16 13:12 . 2012-12-21 15:20        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 15:20        293376        ----a-w-        c:\windows\system32\atmfd.dll
2012-11-16 10:08 . 2012-02-14 15:02        518432        ----a-w-        c:\windows\system32\PavSHook.dll
2012-11-14 02:09 . 2012-12-13 21:16        1800704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 21:16        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 21:16        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 21:16        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 21:16        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 21:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-13 20:53        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-01-25 22:53 . 2013-01-25 22:51        262552        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 92704]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
.
c:\users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55        55552        ----a-w-        c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35        946352        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27        49152        ----a-w-        c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 20:54]
.
2012-10-10 c:\windows\Tasks\Grundlegende Bereinigung.job
- c:\program files\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2012-02-14 13:23]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{B7E574B8-7AB8-4FA1-B167-0DBC4E19BAD3}.job
- c:\windows\system32\msfeedssync.exe [2011-05-20 08:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.arcor.de/
mStart Page = hxxp://alice.aol.de
uInternet Settings,ProxyServer = proxy.charite.de:80
IE: Free YouTube to MP3 Converter - c:\users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: NameServer = 213.191.92.87,192.168.1.1
FF - ProfilePath - c:\users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-02-19 18:40; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - ExtSQL: !HIDDEN! 2009-09-02 18:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-01 22:48
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(960)
c:\program files\Panda Security\Panda Global Protection 2012\pavoepl.dll
.
Zeit der Fertigstellung: 2013-02-01  22:51:10
ComboFix-quarantined-files.txt  2013-02-01 21:51
.
Vor Suchlauf: 24 Verzeichnis(se), 58.185.052.160 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 57.510.346.752 Bytes frei
.
- - End Of File - - D3BCE1811DBA88D1CB0881DAC663AB57

ryder 02.02.2013 10:03
Gut, es sieht aber nicht so aus, als ob die Datei gelöscht worden wäre :/

Siehst du sie noch?

Ausserdem: Bitte McAfee Security Scan deinstallieren.

horstmeier 02.02.2013 10:41
richtig, die datei ist noch da und alles beim alten...

aussderdem kann ich mcafee nicht finden, dachte ich hatte es schon deinstalliert?

ryder 02.02.2013 11:34
vermutlich kommt Combo nicht mit dem Umlaut zurecht :)

Wir probieren es nochmal anders:

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    File::
    %HOMEPATH%\Downloads\Videoload_Manager_2.0.2200.exe
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags) ein.

Zitat:
Hinweis:
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

horstmeier 02.02.2013 12:35
neuer versuch, datei is aber immer noch da...

Code:
ComboFix 13-02-01.04 - Björn 02.02.2013  11:51:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1986 [GMT 1:00]
ausgeführt von:: c:\users\Bj÷rn\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Bj÷rn\Desktop\CFScript.txt
AV: Panda Global Protection 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2012 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Global Protection 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-02 bis 2013-02-02  ))))))))))))))))))))))))))))))
.
.
2013-02-02 11:00 . 2013-02-02 11:01        --------        d-----w-        c:\users\Björn\AppData\Local\temp
2013-02-02 11:00 . 2013-02-02 11:00        --------        d-----w-        c:\users\Nadja\AppData\Local\temp
2013-02-02 11:00 . 2013-02-02 11:00        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2013-02-02 11:00 . 2013-02-02 11:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-28 16:58 . 2013-01-28 16:58        --------        d-----w-        c:\users\Björn\AppData\Local\Samsung
2013-01-28 16:58 . 2013-01-28 16:58        --------        d-----w-        c:\users\Björn\AppData\Roaming\Samsung
2013-01-28 16:38 . 2012-09-20 04:35        181344        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2013-01-28 16:38 . 2012-09-20 04:35        83168        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2013-01-28 16:36 . 2013-01-28 16:36        --------        d-----w-        c:\program files\MyFree Codec
2013-01-28 16:33 . 2012-12-18 09:06        4659712        ----a-w-        c:\windows\system32\Redemption.dll
2013-01-28 16:31 . 2012-12-18 09:06        821824        ----a-w-        c:\windows\system32\dgderapi.dll
2013-01-28 16:31 . 2012-12-18 09:06        20032        ----a-w-        c:\windows\system32\drivers\dgderdrv.sys
2013-01-28 16:28 . 2013-01-28 16:37        --------        d-----w-        c:\programdata\Samsung
2013-01-28 16:20 . 2013-01-28 16:20        --------        d-----w-        c:\users\Björn\AppData\Local\Downloaded Installations
2013-01-26 13:58 . 2012-08-21 12:01        26840        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-26 13:57 . 2013-01-26 13:57        --------        d-----w-        c:\program files\iPod
2013-01-26 13:57 . 2013-01-26 13:58        --------        d-----w-        c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-26 13:57 . 2013-01-26 13:58        --------        d-----w-        c:\program files\iTunes
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-26 13:49 . 2013-01-26 13:49        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-01-26 13:49 . 2013-01-26 13:49        --------        d-----w-        c:\program files\QuickTime
2013-01-26 00:21 . 2013-01-26 00:21        --------        d-----w-        C:\uninstall
2013-01-12 19:49 . 2013-01-12 19:49        --------        d-----w-        c:\program files\ESET
2013-01-12 18:24 . 2013-01-12 18:24        --------        d-----w-        c:\users\Björn\AppData\Roaming\Malwarebytes
2013-01-12 18:24 . 2013-01-12 18:24        --------        d-----w-        c:\programdata\Malwarebytes
2013-01-12 18:24 . 2013-01-12 18:24        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-01-12 18:24 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-11 20:01 . 2013-01-11 20:01        --------        d-----w-        c:\programdata\NVIDIA
2013-01-10 19:37 . 2012-11-23 01:35        2048000        ----a-w-        c:\windows\system32\win32k.sys
2013-01-10 19:23 . 2012-11-20 04:22        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-10 19:23 . 2012-11-02 10:19        1400832        ----a-w-        c:\windows\system32\msxml6.dll
2013-01-08 21:03 . 2012-11-08 18:00        6812136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D392570-70A8-444B-AFB2-227951344B96}\mpengine.dll
2013-01-05 18:36 . 2013-01-05 18:37        --------        d-----w-        c:\users\Björn\AppData\Local\Unity
2013-01-05 14:54 . 2013-01-12 18:14        --------        d-----w-        c:\users\Björn\AppData\Roaming\HpUpdate
2013-01-05 14:54 . 2013-01-12 19:19        --------        d-----w-        c:\windows\Hewlett-Packard
2013-01-05 14:06 . 2013-01-05 14:06        --------        d-----w-        c:\programdata\HP Product Assistant
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-26 00:46 . 2012-05-14 22:46        859552        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-01-26 00:46 . 2010-06-27 00:49        780192        ----a-w-        c:\windows\system32\deployJava1.dll
2013-01-08 20:54 . 2012-10-31 14:20        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:54 . 2012-10-31 14:20        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-12-18 09:06 . 2012-12-18 09:06        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2012-12-18 09:06 . 2012-12-18 09:06        330240        ----a-w-        c:\windows\MASetupCaller.dll
2012-12-18 09:06 . 2012-12-18 09:06        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2012-12-18 09:06 . 2012-12-18 09:06        974848        ----a-w-        c:\windows\system32\cis-2.4.dll
2012-12-18 09:06 . 2012-12-18 09:06        81920        ----a-w-        c:\windows\system32\issacapi_bs-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06        65536        ----a-w-        c:\windows\system32\issacapi_pe-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06        57344        ----a-w-        c:\windows\system32\MTXSYNCICON.dll
2012-12-18 09:06 . 2012-12-18 09:06        57344        ----a-w-        c:\windows\system32\MK_Lyric.dll
2012-12-18 09:06 . 2012-12-18 09:06        57344        ----a-w-        c:\windows\system32\issacapi_se-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06        569344        ----a-w-        c:\windows\system32\muzdecode.ax
2012-12-18 09:06 . 2012-12-18 09:06        491520        ----a-w-        c:\windows\system32\muzapp.dll
2012-12-18 09:06 . 2012-12-18 09:06        49152        ----a-w-        c:\windows\system32\MaJGUILib.dll
2012-12-18 09:06 . 2012-12-18 09:06        45320        ----a-w-        c:\windows\system32\MAMACExtract.dll
2012-12-18 09:06 . 2012-12-18 09:06        45056        ----a-w-        c:\windows\system32\MaXMLProto.dll
2012-12-18 09:06 . 2012-12-18 09:06        45056        ----a-w-        c:\windows\system32\MACXMLProto.dll
2012-12-18 09:06 . 2012-12-18 09:06        40960        ----a-w-        c:\windows\system32\MTTELECHIP.dll
2012-12-18 09:06 . 2012-12-18 09:06        352256        ----a-w-        c:\windows\system32\MSLUR71.dll
2012-12-18 09:06 . 2012-12-18 09:06        258048        ----a-w-        c:\windows\system32\muzoggsp.ax
2012-12-18 09:06 . 2012-12-18 09:06        245760        ----a-w-        c:\windows\system32\MSCLib.dll
2012-12-18 09:06 . 2012-12-18 09:06        24576        ----a-w-        c:\windows\system32\MASetupCleaner.exe
2012-12-18 09:06 . 2012-12-18 09:06        200704        ----a-w-        c:\windows\system32\muzwmts.dll
2012-12-18 09:06 . 2012-12-18 09:06        172032        ----a-w-        c:\windows\system32\muzapp.exe
2012-12-18 09:06 . 2012-12-18 09:06        155648        ----a-w-        c:\windows\system32\MSFLib.dll
2012-12-18 09:06 . 2012-12-18 09:06        143360        ----a-w-        c:\windows\system32\3DAudio.ax
2012-12-18 09:06 . 2012-12-18 09:06        135168        ----a-w-        c:\windows\system32\muzaf1.dll
2012-12-18 09:06 . 2012-12-18 09:06        131072        ----a-w-        c:\windows\system32\muzmpgsp.ax
2012-12-18 09:06 . 2012-12-18 09:06        122880        ----a-w-        c:\windows\system32\muzeffect.ax
2012-12-18 09:06 . 2012-12-18 09:06        118784        ----a-w-        c:\windows\system32\MaDRM.dll
2012-12-18 09:06 . 2012-12-18 09:06        110592        ----a-w-        c:\windows\system32\muzmp4sp.ax
2012-12-18 09:06 . 2008-12-19 10:38        319456        ----a-w-        c:\windows\system32\DIFxAPI.dll
2012-12-16 13:12 . 2012-12-21 15:20        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 15:20        293376        ----a-w-        c:\windows\system32\atmfd.dll
2012-11-16 10:08 . 2012-02-14 15:02        518432        ----a-w-        c:\windows\system32\PavSHook.dll
2012-11-14 02:09 . 2012-12-13 21:16        1800704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 21:16        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 21:16        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 21:16        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 21:16        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 21:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-13 20:53        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-01-25 22:53 . 2013-01-25 22:51        262552        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 92704]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
.
c:\users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55        55552        ----a-w-        c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35        946352        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27        49152        ----a-w-        c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 20:54]
.
2012-10-10 c:\windows\Tasks\Grundlegende Bereinigung.job
- c:\program files\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2012-02-14 13:23]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{B7E574B8-7AB8-4FA1-B167-0DBC4E19BAD3}.job
- c:\windows\system32\msfeedssync.exe [2011-05-20 08:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.arcor.de/
mStart Page = hxxp://alice.aol.de
uInternet Settings,ProxyServer = proxy.charite.de:80
IE: Free YouTube to MP3 Converter - c:\users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: NameServer = 213.191.92.87,192.168.1.1
FF - ProfilePath - c:\users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\0x9ws559.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-02-19 18:40; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - ExtSQL: !HIDDEN! 2009-09-02 18:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-02 12:01
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4532)
c:\program files\Panda Security\Panda Global Protection 2012\pavoepl.dll
.
Zeit der Fertigstellung: 2013-02-02  12:03:32
ComboFix-quarantined-files.txt  2013-02-02 11:03
ComboFix2.txt  2013-02-01 21:51
.
Vor Suchlauf: 25 Verzeichnis(se), 56.844.374.016 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 56.828.121.088 Bytes frei
.
- - End Of File - - 4FFBE175FFB9FC57240B3449071D36BD

ryder 02.02.2013 20:01
Also das verstehe ich beim besten Willen nicht.

Next one:

Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Stelle folgendes ein:
    • Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"
    • Ausgabe: Minimal
    • Benutze SafeList in jedem Feld.
    • Haken bei "Benutze Hersteller-Whitelist"
    • Dateien erstellt und verändert innerhalb Datei-Alter
    • Haken bei LOP Prüfung und Purity Prüfung
  • Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Code:
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.*
%PROGRAMFILES(X86)%\*.*
%appdata%\*.
%appdata%\*.*
%localappdata%\*.
%localappdata%\*.*
%allusersprofile%\*.
%allusersprofile%\*.*
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

horstmeier 03.02.2013 12:00
bei datei-alter 30 tage und den haken bei use-no-company-name Whitelist weg?

virenscanner an oder aus?

ryder 03.02.2013 12:33
Lass die anderen Einstellungen einfach so wie sie sind.

horstmeier 03.02.2013 13:38
musste mehrmals scannen, zwischenzeitlich hat sich der computer mehrmals einfach in drei sek nach unten gefahren, zweimal während eines scans, kann nicht genau sagen wann..

beim letzten mal hats aber geklappt:

otl.txt:

Code:
OTL logfile created on: 03.02.2013 13:12:49 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Björn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,40% Memory free
6,18 Gb Paging File | 5,07 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 55,63 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNGR510 | User Name: Björn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Björn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SamSung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\SamSung\Kies\Kies.exe (Samsung)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\TPSrv.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PavFnSvr.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\ApVxdWin.exe (Panda Security, S.L.)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\psksvc.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\pavsrvx86.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\AVENGINE.EXE (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\WebProxy.exe (Panda Security, S.L.)
PRC - C:\Programme\SamSung\Samsung Update Plus\SUPBackGround.exe ()
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PavBckPT.exe (Panda Security, S.L.)
PRC - c:\Programme\Panda Security\Panda Global Protection 2012\FIREWALL\PSHost.exe (Panda Security International)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PsCtrlS.exe (Panda Security, S.L.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\SrvLoad.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PsImSvc.exe (Panda Security S.L.)
PRC - C:\Programme\SamSung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\SamSung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b086aa6691c54b382c9dff23d19879cd\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\d532b3a8c28f7131b6c1d7eb62a9a421\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\5c80e523a29d6577d167f5550f882dc0\Kies.Plugin.ContentsManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\c332273df479d78fd386207bd8aeee42\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c869231737a2b3d15915dcd3cf44b935\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a65c0b3dd11b28cee0f0af1185b12d\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\7134f52b3f25107e9868d664eed50a2f\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8e2b0a9c69e1065931751dcb16bd5fac\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7c3107cb236a66aa4602f12d23611c55\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f619ad24547bdefcd7ae3b6afdf99a67\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\IZArc\IZArcCM.dll ()
MOD - C:\Programme\SamSung\Samsung Update Plus\SUPBackGround.exe ()
MOD - C:\Programme\SamSung\Samsung Update Plus\HMXML.dll ()
MOD - C:\Programme\Panda Security\Panda Global Protection 2012\MiniCrypto.dll ()
MOD - C:\Programme\SamSung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\SamSung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\SamSung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Programme\Panda Security\Panda Global Protection 2012\LIBXML2.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TPSrv) -- C:\Programme\Panda Security\Panda Global Protection 2012\TPSrv.exe (Panda Security, S.L.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PAVFNSVR) -- C:\Programme\Panda Security\Panda Global Protection 2012\PavFnSvr.exe (Panda Security, S.L.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (PskSvcRetail) -- C:\Programme\Panda Security\Panda Global Protection 2012\psksvc.exe (Panda Security, S.L.)
SRV - (PAVSRV) -- C:\Programme\Panda Security\Panda Global Protection 2012\pavsrvx86.exe (Panda Security, S.L.)
SRV - (PSHost) -- c:\Programme\Panda Security\Panda Global Protection 2012\FIREWALL\PSHost.exe (Panda Security International)
SRV - (Panda Software Controller) -- C:\Programme\Panda Security\Panda Global Protection 2012\PsCtrlS.exe (Panda Security, S.L.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (PSIMSVC) -- C:\Programme\Panda Security\Panda Global Protection 2012\PsImSvc.exe (Panda Security S.L.)
SRV - (PavPrSrv) -- C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PDNSp50) -- C:\Windows\system32\drivers\PDNSp50.sys File not found
DRV - (PDNMp50) -- C:\Windows\system32\drivers\PDNMp50.sys File not found
DRV - (PavTPK.sys) -- C:\Windows\system32\PavTPK.sys File not found
DRV - (PavSRK.sys) -- C:\Windows\system32\PavSRK.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\BJRN~1\AppData\Local\Temp\catchme.sys File not found
DRV - (br3gmdm) -- system32\DRIVERS\br3gmdm.sys File not found
DRV - (AvFlt) -- C:\Windows\system32\drivers\av5flt.sys File not found
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ComFiltr) -- C:\Windows\System32\drivers\COMFiltr.sys ()
DRV - (ShldDrv) -- C:\Windows\System32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (APPFLT) -- C:\Windows\System32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (IDSFLT) -- C:\Windows\System32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (NETIMFLT01060044) -- C:\Windows\System32\drivers\neti1644.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (AmFSM) -- C:\Windows\System32\drivers\amm8660.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\Windows\System32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WNMFLT) -- C:\Windows\System32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\Windows\System32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (FNETMON) -- C:\Windows\System32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\Windows\System32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.charite.de:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bd5ea4520-61a1-11da-8cd6-0800200c9a66%7D:2009.07.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/"
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.02.19 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.02.19 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
 
[2008.12.19 22:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Extensions
[2013.01.28 16:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions
[2010.07.01 20:56:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.30 21:35:38 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2009.04.25 08:54:23 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions\moveplayer@movenetworks.com
[2011.11.02 22:42:32 | 000,007,901 | ---- | M] () (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2012.12.13 22:31:32 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.28 16:55:04 | 000,000,853 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\11-suche.xml
[2013.01.28 16:55:04 | 000,002,209 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\englische-ergebnisse.xml
[2013.01.28 16:55:04 | 000,010,506 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\gmx-suche.xml
[2013.01.28 16:55:04 | 000,002,368 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\lastminute.xml
[2013.01.28 16:55:04 | 000,005,489 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\webde-suche.xml
[2013.01.25 23:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0X9WS559.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0X9WS559.DEFAULT\EXTENSIONS\{D5EA4520-61A1-11DA-8CD6-0800200C9A66}
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0X9WS559.DEFAULT\EXTENSIONS\MOVEPLAYER@MOVENETWORKS.COM
[2013.01.25 23:53:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.07.17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2013.01.13 03:49:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.13 03:49:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.13 03:49:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.13 03:49:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.13 03:49:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.13 03:49:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.11 20:31:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\SamSung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Global Protection 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: NameServer = 213.191.92.87,192.168.1.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled -
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: Power2GoExpress - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
 
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: PskSvcRetail - C:\Programme\Panda Security\Panda Global Protection 2012\psksvc.exe (Panda Security, S.L.)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.03 11:41:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe
[2013.02.02 12:03:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.02 12:03:34 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\temp
[2013.02.02 12:02:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.02 11:47:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.01 22:30:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.01 22:30:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.01 22:30:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.01 22:30:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.01 22:24:28 | 005,030,042 | R--- | C] (Swearware) -- C:\Users\Björn\Desktop\ComboFix.exe
[2013.01.28 18:32:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.01.28 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.01.28 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Samsung
[2013.01.28 17:58:17 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Samsung
[2013.01.28 17:58:11 | 000,000,000 | ---D | C] -- C:\Users\Björn\Documents\samsung
[2013.01.28 17:38:35 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013.01.28 17:38:34 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013.01.28 17:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013.01.28 17:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2013.01.28 17:33:57 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013.01.28 17:31:28 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013.01.28 17:31:28 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2013.01.28 17:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.01.28 17:20:02 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Downloaded Installations
[2013.01.28 16:54:31 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Odin3-v1.85
[2013.01.26 14:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.26 14:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.26 14:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.26 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.26 14:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.26 14:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.01.26 01:21:30 | 000,000,000 | ---D | C] -- C:\uninstall
[2013.01.25 23:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.12 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.12 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Malwarebytes
[2013.01.12 19:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.12 19:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.12 19:24:02 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.12 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.11 21:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.01.11 20:14:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.10 20:37:06 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.10 20:23:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.06 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Desktop
[2013.01.05 19:36:09 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Unity
[2013.01.05 15:54:28 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\HpUpdate
[2013.01.05 15:54:19 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013.01.05 15:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.03 13:16:01 | 014,330,126 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.03 13:16:01 | 004,928,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.03 13:16:01 | 004,266,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.03 13:16:00 | 004,683,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.03 13:12:37 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2013.02.03 13:12:37 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2013.02.03 13:12:37 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2013.02.03 13:12:37 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2013.02.03 13:12:37 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2013.02.03 13:12:37 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2013.02.03 13:12:37 | 000,000,176 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2013.02.03 13:12:37 | 000,000,176 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2013.02.03 13:12:37 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2013.02.03 13:12:37 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2013.02.03 13:12:37 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2013.02.03 13:12:37 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2013.02.03 13:12:37 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2013.02.03 13:12:37 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2013.02.03 13:11:42 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.02.03 13:11:29 | 000,000,168 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2013.02.03 13:11:29 | 000,000,168 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2013.02.03 13:11:28 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2013.02.03 13:11:28 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2013.02.03 13:09:30 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.02.03 13:09:00 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.02.03 13:08:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 13:08:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 13:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.03 13:08:39 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.03 12:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 11:41:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe
[2013.02.02 11:27:57 | 000,076,800 | ---- | M] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.02 11:23:09 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2013.02.02 10:52:54 | 000,257,412 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2013.02.02 10:52:54 | 000,257,412 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2013.02.01 22:25:14 | 005,030,042 | R--- | M] (Swearware) -- C:\Users\Björn\Desktop\ComboFix.exe
[2013.01.30 20:59:16 | 000,365,568 | ---- | M] () -- C:\Users\Björn\Desktop\gmer_2.0.18454.exe
[2013.01.29 21:59:45 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmth.wlt.bck
[2013.01.29 21:59:45 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmth.wlt
[2013.01.28 17:57:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.01.28 17:57:59 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.26 14:59:00 | 000,001,560 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.26 14:49:48 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.01.13 21:27:05 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.01.12 19:24:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.11 20:31:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.11 18:02:26 | 000,373,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.06 14:38:38 | 000,015,158 | ---- | M] () -- C:\Users\Björn\Desktop\gmer.zip
[2013.01.05 19:33:30 | 000,357,376 | ---- | M] () -- C:\Users\Björn\Desktop\wub6k1fk.exe
[2013.01.05 15:10:48 | 000,187,483 | ---- | M] () -- C:\Windows\hpoins29.dat
[2013.01.05 15:08:05 | 000,186,662 | ---- | M] () -- C:\Windows\hpoins29.dat.temp
[2013.01.05 15:07:44 | 000,095,005 | ---- | M] () -- C:\Windows\hpqins05.dat
[2013.01.05 15:06:46 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.01.05 14:55:15 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.01 22:30:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.01 22:30:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.01 22:30:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.01 22:30:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.01 22:30:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.30 21:13:30 | 000,365,568 | ---- | C] () -- C:\Users\Björn\Desktop\gmer_2.0.18454.exe
[2013.01.28 17:57:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.01.28 17:57:59 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.26 14:59:00 | 000,001,560 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.26 14:49:48 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.01.12 19:24:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.06 14:38:38 | 000,015,158 | ---- | C] () -- C:\Users\Björn\Desktop\gmer.zip
[2013.01.05 19:33:28 | 000,357,376 | ---- | C] () -- C:\Users\Björn\Desktop\wub6k1fk.exe
[2013.01.05 15:08:03 | 000,186,662 | ---- | C] () -- C:\Windows\hpoins29.dat.temp
[2013.01.05 15:08:03 | 000,000,755 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp
[2013.01.05 15:06:46 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.01.05 15:05:06 | 000,095,005 | ---- | C] () -- C:\Windows\hpqins05.dat
[2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.02.14 16:05:39 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys
[2012.02.14 16:05:23 | 000,000,262 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2012.02.14 16:05:09 | 000,257,412 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2012.02.14 16:05:09 | 000,257,412 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011.03.02 13:32:46 | 000,000,218 | ---- | C] () -- C:\Users\Björn\.recently-used.xbel
[2010.03.31 16:36:24 | 000,116,193 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.03.31 08:01:37 | 000,116,193 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.23 21:16:10 | 000,076,800 | ---- | C] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.19 13:24:07 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.17 11:23:08 | 000,001,356 | ---- | C] () -- C:\Users\Björn\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.05.26 18:09:00 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\AdvancedTiffEditor
[2009.11.20 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Amazon
[2012.11.24 12:46:54 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Dropbox
[2012.10.24 09:01:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoft
[2011.02.22 00:42:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\EndNote
[2011.03.02 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\gtk-2.0
[2010.02.28 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Imagic403NMB
[2012.02.14 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Panda Security
[2013.01.28 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Samsung
[2012.10.30 13:14:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Verbindungsassistent
[2011.03.20 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\yWorks
[2010.09.30 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Nadja\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.02.02 12:02:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.11.17 20:05:53 | 000,000,000 | ---D | M] -- C:\b01381000f5dd9c0bb
[2009.09.04 14:36:05 | 000,000,000 | ---D | M] -- C:\Boot
[2013.02.02 12:03:35 | 000,000,000 | ---D | M] -- C:\ComboFix
[2013.01.28 17:31:22 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2012.02.16 00:58:06 | 000,000,000 | ---D | M] -- C:\d941140b699793ead8e8
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.27 22:58:41 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.10.26 22:36:43 | 000,000,000 | ---D | M] -- C:\found.000
[2009.11.05 11:53:50 | 000,000,000 | ---D | M] -- C:\found.001
[2010.01.07 08:57:04 | 000,000,000 | ---D | M] -- C:\found.002
[2010.02.16 10:26:04 | 000,000,000 | ---D | M] -- C:\found.003
[2010.05.28 16:21:13 | 000,000,000 | ---D | M] -- C:\found.004
[2010.07.12 18:43:46 | 000,000,000 | ---D | M] -- C:\found.005
[2008.12.19 11:35:52 | 000,000,000 | ---D | M] -- C:\Intel
[2011.01.28 13:23:20 | 000,000,000 | ---D | M] -- C:\Microgaming
[2008.12.23 20:53:54 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.12.19 11:45:48 | 000,000,000 | ---D | M] -- C:\MyWorks
[2011.03.23 23:25:25 | 000,000,000 | ---D | M] -- C:\Output Files
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.28 17:36:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.28 17:28:58 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.02.02 12:03:35 | 000,000,000 | ---D | M] -- C:\Qoobox
[2008.12.19 11:58:26 | 000,000,000 | ---D | M] -- C:\Samsung
[2013.02.03 13:17:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.26 01:21:33 | 000,000,000 | ---D | M] -- C:\uninstall
[2009.01.04 14:42:36 | 000,000,000 | R--D | M] -- C:\Users
[2010.08.25 10:16:13 | 000,000,000 | ---D | M] -- C:\windiag
[2013.02.02 12:03:34 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.12.17 11:09:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2013.02.02 12:03:32 | 000,017,460 | ---- | M] () -- C:\ComboFix.txt
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013.02.03 13:08:39 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.03 13:08:38 | 3529,375,744 | -HS- | M] () -- C:\pagefile.sys
[2008.12.19 11:40:22 | 000,000,366 | ---- | M] () -- C:\RHDSetup.log
[2008.12.19 12:01:02 | 000,000,173 | ---- | M] () -- C:\setup.log
[2013.01.05 15:54:33 | 000,000,734 | ---- | M] () -- C:\updatedatfix.log
 
< %PROGRAMFILES%\*.* >
[2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
Invalid Environment Variable: PROGRAMFILES(X86)
 
< %appdata%\*.  >
[2013.01.02 22:59:05 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Adobe
[2011.05.26 18:09:00 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\AdvancedTiffEditor
[2009.11.20 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Amazon
[2012.10.10 22:13:55 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Apple Computer
[2010.05.11 20:13:11 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\CyberLink
[2012.11.24 12:46:54 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Dropbox
[2010.11.29 17:32:59 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\dvdcss
[2012.10.24 09:01:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoft
[2011.02.22 00:42:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\EndNote
[2011.03.02 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\gtk-2.0
[2009.02.19 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\HP
[2013.01.12 19:14:39 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\HpUpdate
[2008.12.17 11:23:12 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Identities
[2010.02.28 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Imagic403NMB
[2008.12.19 11:37:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\InstallShield
[2008.12.19 12:27:01 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Macromedia
[2013.01.12 19:24:32 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Media Center Programs
[2012.06.23 18:02:27 | 000,000,000 | --SD | M] -- C:\Users\Björn\AppData\Roaming\Microsoft
[2009.04.25 09:01:04 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Move Networks
[2008.12.19 22:42:01 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Mozilla
[2012.02.14 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Panda Security
[2013.01.28 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Samsung
[2012.11.24 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Skype
[2012.08.01 18:07:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\skypePM
[2010.11.30 06:59:36 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\U3
[2012.10.30 13:14:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Verbindungsassistent
[2011.07.06 13:08:42 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\vlc
[2011.03.20 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\yWorks
 
< %appdata%\*.*  >
 
< %localappdata%\*.  >
[2012.08.21 12:20:14 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\AAV
[2013.01.02 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Adobe
[2008.12.17 11:23:07 | 000,000,000 | -HSD | M] -- C:\Users\Björn\AppData\Local\Anwendungsdaten
[2009.06.05 01:22:22 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Apple
[2010.04.03 08:55:47 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Apple Computer
[2013.01.28 17:20:02 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Downloaded Installations
[2009.02.19 18:48:08 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\HP
[2009.10.14 10:07:52 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Lexware
[2012.06.23 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Macromedia
[2012.06.23 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Microsoft
[2011.08.30 15:11:28 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Microsoft Games
[2012.10.03 13:17:58 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Microsoft Help
[2008.12.19 22:41:48 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Mozilla
[2012.02.14 16:15:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Panda Security
[2013.01.28 17:58:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Samsung
[2013.02.03 13:12:39 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\temp
[2008.12.17 11:23:07 | 000,000,000 | -HSD | M] -- C:\Users\Björn\AppData\Local\Temporary Internet Files
[2009.01.26 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Toshiba
[2013.01.05 19:37:44 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Unity
[2008.12.17 11:23:07 | 000,000,000 | -HSD | M] -- C:\Users\Björn\AppData\Local\Verlauf
[2009.01.26 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\VirtualStore
 
< %localappdata%\*.* >
[2012.12.21 01:39:28 | 000,001,356 | ---- | M] () -- C:\Users\Björn\AppData\Local\d3d9caps.dat
[2013.02.02 11:27:57 | 000,076,800 | ---- | M] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.03 20:14:31 | 000,101,608 | ---- | M] () -- C:\Users\Björn\AppData\Local\GDIPFONTCACHEV1.DAT
[2013.02.02 19:55:42 | 004,223,405 | -H-- | M] () -- C:\Users\Björn\AppData\Local\IconCache.db
 
< %allusersprofile%\*.  >
[2013.01.26 14:58:51 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.08.21 12:18:52 | 000,000,000 | ---D | M] -- C:\ProgramData\AAV
[2013.01.05 15:17:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2010.06.12 12:56:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2009.06.05 01:23:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.02.14 16:03:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Backup
[2010.05.11 22:05:29 | 000,000,000 | ---D | M] -- C:\ProgramData\BTrieve
[2009.11.22 13:38:19 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.03.17 20:48:14 | 000,000,000 | ---D | M] -- C:\ProgramData\fluxDVD
[2009.10.14 09:38:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Haufe
[2009.02.19 18:45:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
[2013.01.05 15:06:55 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2013.01.05 15:06:28 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Product Assistant
[2009.10.14 09:40:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2008.12.27 15:03:49 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2013.01.12 19:24:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2010.06.26 22:09:49 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2010.10.07 15:23:54 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2013.01.11 17:52:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.05.07 23:13:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2012.03.17 20:34:07 | 000,000,000 | ---D | M] -- C:\ProgramData\mpDRM
[2013.01.11 21:01:55 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2012.02.14 16:05:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Panda Security
[2013.01.28 17:37:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2012.11.24 17:51:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.06.27 01:49:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009.02.19 18:47:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WEBREG
[2010.03.20 15:40:09 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009.06.05 01:23:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
< %allusersprofile%\*.* >
[2008.12.19 13:24:07 | 000,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2013.01.05 15:10:59 | 000,002,890 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2013.02.03 13:09:30 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.01.13 21:27:05 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.dat

< End of report >

extra.txt:

Code:
OTL Extras logfile created on: 03.02.2013 13:12:49 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Björn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,40% Memory free
6,18 Gb Paging File | 5,07 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 55,63 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNGR510 | User Name: Björn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
 
[HKEY_USERS\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B32417B-6476-4FBD-8376-9F843B5ED432}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1692DA3F-201D-4011-8B7D-CBFC21300681}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16F10802-9F6A-4CB8-8CB0-3372D47058B5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{18C6E9FB-DAE0-4599-B05B-0A128F932F60}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1CE97591-61DC-4255-B222-E07E5F61F642}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2AE8C0CD-B949-4BAC-96B0-21EEEB60B588}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32F014B7-2098-4AFD-AE52-CE3D68A3EBD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59B1D2E6-10A6-45CE-BB92-C28DA7C52902}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA2DC1B-407D-4BC9-AD91-05D5991D402A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{609E1AE5-3333-4A81-A6DF-EBFCA1E733E2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{728D5005-54BC-41FB-AE35-485854F24EFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A924FE1-1463-451B-9638-86E7974D3B27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC63A9-D33F-40E1-ADED-1B6CE60962AC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8777E854-A4CB-4C08-9FCE-A6905AF91202}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{88A31D96-DA73-42AF-9585-616EE8360DBA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C6B2919-4D05-48B3-A62D-D10FAB79C250}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{90E4CA23-F58B-40B3-9846-85EC201CB099}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{93D33914-275E-4230-AC60-A2ABA2C04DFC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AFD25B0A-5CE6-47DF-B631-F1930EBF879C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C766C68E-ADCB-4F25-B071-DC3D485C7FCF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C89DA965-6D55-48AB-BFDF-FC7BB60A9ED6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C92D85EF-BDE7-47EF-AD73-6B2E0A1CE2E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBB3FDB9-8346-49E7-A9D0-05D98F2625CE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E9E061C6-4B53-4A34-8494-86B191CF714B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF91A3F3-497A-48D8-8DEC-925474A5FE61}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F48112DA-A266-4C29-A70C-6183BAF2AB73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A27A3D-55EA-4C79-BBE2-ABD0E4176305}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11FDBE36-475C-4202-B0C8-ABE82174B467}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{13ADF7A5-5791-41ED-B204-98B50675094B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14B8E201-A8AD-48A5-8D44-E399442275F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16C027F9-3BA3-4949-8882-A4CF3B13469C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1A9FBD75-548B-4518-9E75-14CEA60F76AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{222EBEAF-FB43-4EA7-ACBE-E9870C13F0CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{224A3DFB-62DA-4F3C-BFAD-FA3E659D457B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2737E1A7-A299-4E36-8FB4-594B85C5E516}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2C89F5C7-76F1-414E-8E37-DB5E22A4A4AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DE44BA6-EEC5-4547-B2BF-E5E8F762A38E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{3C0C7760-42AB-4A9B-BCE1-DAD78A40B733}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3EFA92CD-6960-48D2-B415-F80E0DB93ED8}" = protocol=6 | dir=out | app=system |
"{46BB9324-38D5-4CE6-B99C-65DF51122EE6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F5944DD-19E9-4AB8-A432-087E4FB36020}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{553BBEC7-26C4-4051-8738-C40177EA7E7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70CDFFF5-7493-4653-A979-9AB3E3F1007A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72A8F458-DA59-4AF5-B0AB-EDBD3C0DE366}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7517DBEA-C109-47DC-B098-5501BEA615B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{771113EE-6B85-4755-8F25-7422253BD047}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{7AC34624-D97A-49C2-B9A6-5E37B51550C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7C10C9B6-052B-4BCA-B94E-E34F80386DBA}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{865B65F7-D91B-46F2-9570-F89C87CD29C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{89AEBB59-2214-428F-8F36-B956D7D6039E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{95F0A131-C82F-400C-B558-7A18359EF83E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A08E95FA-C06D-480F-A9FA-1A2002F8BF2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{B1938E19-3A99-4910-8920-7A1F645E4B63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4A42D13-F28B-43F5-B197-EEF5BCB6E9BD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BAB2F8CE-F7CD-4DCA-8E20-31E4E3F46097}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDE0867C-806C-4225-8C41-ACF9F016E434}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{C359F744-B754-459E-9924-516CF9D9AD3A}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{DC53ACF0-E2C9-447E-9589-E63912A24300}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E0BEADCE-6927-4475-B574-571E55CBEBCC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E1802200-48DF-479B-959B-4463C409AEFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5FFAFD8-103F-495E-9C44-28EC1D3E2148}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E6155D66-2376-45CC-9EDF-F8F981C93709}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E9A9753B-67BC-43DA-B1BB-A179327643C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEAA318E-FDE8-4B8D-897E-6EA46C038521}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F28D5DA2-5127-4A4D-8DB4-91956827EAE1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F3062242-8FC2-42CF-BC2B-ABE42383E424}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBF2ECF6-7286-4581-8D33-74413660F08E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1B6A4687-1E89-47EC-866F-038F189E148E}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |
"TCP Query User{6827B0FA-74F5-401D-822B-56C5FE31F71F}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{834B66A1-AFF4-4E33-9A3D-098FD6D6EB47}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{86943559-0E5B-4562-90DD-4080E97D6FED}C:\program files\dc software\dl10xp.exe" = protocol=6 | dir=in | app=c:\program files\dc software\dl10xp.exe |
"TCP Query User{8EC5C83C-AE53-4515-9CA4-D2ACDE6F7F28}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{93B2C2F2-F181-4AF3-8C39-A6260882B5EE}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{B7173293-60CF-4439-B256-3C2DC7D70D36}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E8FAAA9C-98E9-4B18-BF2D-8AC8E3AC21BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0A3048C4-F179-42C5-A4FA-B6270BEFE13F}C:\program files\dc software\dl10xp.exe" = protocol=17 | dir=in | app=c:\program files\dc software\dl10xp.exe |
"UDP Query User{116C6CB0-BB7E-4179-A4FE-2CC9272B36E3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4A0CFD38-886D-4C20-91C0-E3EFF32D5096}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7CD40BE5-5720-4800-A5FC-CC527DD1876F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8B7FCA69-5768-4C5A-9292-B2109E95CA32}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{8EEE5F62-7A55-4D54-8AE8-9D28EA89A991}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{9355E78B-CB55-4A76-9443-74BAE058983F}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{FBE05C59-A463-4106-834B-F54CE1F21FB6}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}" = AAVUpdateManager
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{2A708B4E-B226-4EBB-AA55-639C17E7939E}" = DC Software
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4420_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A05A6CC-EA05-420E-8F6E-8ADF414BEDB3}" = Panda Global Protection 2012
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4420_Help
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76F79738-4234-45E8-80AA-F56F8FCD4FBE}" = QuickSteuer 2009
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{81A25967-DB85-4B48-A8A7-D25AC191DEE4}" = Panda Global Protection 2012
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E8F5F4AB-512F-44EB-9018-3C527AF6A717}" = Irodio Photo & Video Studio
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE5BCA77-F9B8-4896-BB04-6CBE587BC8CE}" = QuickSteuer 2009
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.62
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"EndNote" = EndNote
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.6
"yEd Graph Editor 3.6.1.1" = yEd Graph Editor 3.6.1.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2011 16:08:49 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:12:22 | Computer Name = SamsungR510 | Source = LoadPerf | ID = 3012
Description =
 
Error - 14.11.2011 16:12:22 | Computer Name = SamsungR510 | Source = LoadPerf | ID = 3012
Description =
 
Error - 14.11.2011 16:12:22 | Computer Name = SamsungR510 | Source = LoadPerf | ID = 3011
Description =
 
[ OSession Events ]
Error - 03.06.2010 12:30:58 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:31:37 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:31:53 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:32:10 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:36:11 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:36:35 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:41:39 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:41:53 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 14:44:37 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 15:02:01 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.02.2013 05:55:28 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7022
Description =
 
Error - 03.02.2013 07:56:33 | Computer Name = SamsungR510 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2013 um 12:54:38 unerwartet heruntergefahren.
 
Error - 03.02.2013 07:57:18 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.02.2013 07:58:40 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7022
Description =
 
Error - 03.02.2013 08:04:49 | Computer Name = SamsungR510 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2013 um 13:01:31 unerwartet heruntergefahren.
 
Error - 03.02.2013 08:06:29 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.02.2013 08:06:55 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7022
Description =
 
Error - 03.02.2013 08:08:46 | Computer Name = SamsungR510 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2013 um 13:07:40 unerwartet heruntergefahren.
 
Error - 03.02.2013 08:10:26 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.02.2013 08:11:27 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >

horstmeier 03.02.2013 13:39
musste mehrmals scannen, zwischenzeitlich hat sich der computer mehrmals einfach in drei sek nach unten gefahren, zweimal während eines scans, kann nicht genau sagen wann..

beim letzten mal hats aber geklappt:

otl.txt:

Code:
OTL logfile created on: 03.02.2013 13:12:49 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Björn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,40% Memory free
6,18 Gb Paging File | 5,07 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 55,63 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNGR510 | User Name: Björn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Björn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SamSung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\SamSung\Kies\Kies.exe (Samsung)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\TPSrv.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PavFnSvr.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\ApVxdWin.exe (Panda Security, S.L.)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\psksvc.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\pavsrvx86.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\AVENGINE.EXE (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\WebProxy.exe (Panda Security, S.L.)
PRC - C:\Programme\SamSung\Samsung Update Plus\SUPBackGround.exe ()
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PavBckPT.exe (Panda Security, S.L.)
PRC - c:\Programme\Panda Security\Panda Global Protection 2012\FIREWALL\PSHost.exe (Panda Security International)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PsCtrlS.exe (Panda Security, S.L.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\SrvLoad.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PsImSvc.exe (Panda Security S.L.)
PRC - C:\Programme\SamSung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\SamSung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b086aa6691c54b382c9dff23d19879cd\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\d532b3a8c28f7131b6c1d7eb62a9a421\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\5c80e523a29d6577d167f5550f882dc0\Kies.Plugin.ContentsManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\c332273df479d78fd386207bd8aeee42\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c869231737a2b3d15915dcd3cf44b935\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a65c0b3dd11b28cee0f0af1185b12d\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\7134f52b3f25107e9868d664eed50a2f\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8e2b0a9c69e1065931751dcb16bd5fac\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7c3107cb236a66aa4602f12d23611c55\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f619ad24547bdefcd7ae3b6afdf99a67\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\IZArc\IZArcCM.dll ()
MOD - C:\Programme\SamSung\Samsung Update Plus\SUPBackGround.exe ()
MOD - C:\Programme\SamSung\Samsung Update Plus\HMXML.dll ()
MOD - C:\Programme\Panda Security\Panda Global Protection 2012\MiniCrypto.dll ()
MOD - C:\Programme\SamSung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\SamSung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\SamSung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Programme\Panda Security\Panda Global Protection 2012\LIBXML2.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TPSrv) -- C:\Programme\Panda Security\Panda Global Protection 2012\TPSrv.exe (Panda Security, S.L.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PAVFNSVR) -- C:\Programme\Panda Security\Panda Global Protection 2012\PavFnSvr.exe (Panda Security, S.L.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (PskSvcRetail) -- C:\Programme\Panda Security\Panda Global Protection 2012\psksvc.exe (Panda Security, S.L.)
SRV - (PAVSRV) -- C:\Programme\Panda Security\Panda Global Protection 2012\pavsrvx86.exe (Panda Security, S.L.)
SRV - (PSHost) -- c:\Programme\Panda Security\Panda Global Protection 2012\FIREWALL\PSHost.exe (Panda Security International)
SRV - (Panda Software Controller) -- C:\Programme\Panda Security\Panda Global Protection 2012\PsCtrlS.exe (Panda Security, S.L.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (PSIMSVC) -- C:\Programme\Panda Security\Panda Global Protection 2012\PsImSvc.exe (Panda Security S.L.)
SRV - (PavPrSrv) -- C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PDNSp50) -- C:\Windows\system32\drivers\PDNSp50.sys File not found
DRV - (PDNMp50) -- C:\Windows\system32\drivers\PDNMp50.sys File not found
DRV - (PavTPK.sys) -- C:\Windows\system32\PavTPK.sys File not found
DRV - (PavSRK.sys) -- C:\Windows\system32\PavSRK.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\BJRN~1\AppData\Local\Temp\catchme.sys File not found
DRV - (br3gmdm) -- system32\DRIVERS\br3gmdm.sys File not found
DRV - (AvFlt) -- C:\Windows\system32\drivers\av5flt.sys File not found
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ComFiltr) -- C:\Windows\System32\drivers\COMFiltr.sys ()
DRV - (ShldDrv) -- C:\Windows\System32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (APPFLT) -- C:\Windows\System32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (IDSFLT) -- C:\Windows\System32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (NETIMFLT01060044) -- C:\Windows\System32\drivers\neti1644.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (AmFSM) -- C:\Windows\System32\drivers\amm8660.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\Windows\System32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WNMFLT) -- C:\Windows\System32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\Windows\System32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (FNETMON) -- C:\Windows\System32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\Windows\System32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.charite.de:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bd5ea4520-61a1-11da-8cd6-0800200c9a66%7D:2009.07.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/"
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.02.19 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.02.19 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
 
[2008.12.19 22:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Extensions
[2013.01.28 16:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions
[2010.07.01 20:56:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.30 21:35:38 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2009.04.25 08:54:23 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions\moveplayer@movenetworks.com
[2011.11.02 22:42:32 | 000,007,901 | ---- | M] () (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2012.12.13 22:31:32 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.28 16:55:04 | 000,000,853 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\11-suche.xml
[2013.01.28 16:55:04 | 000,002,209 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\englische-ergebnisse.xml
[2013.01.28 16:55:04 | 000,010,506 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\gmx-suche.xml
[2013.01.28 16:55:04 | 000,002,368 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\lastminute.xml
[2013.01.28 16:55:04 | 000,005,489 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\webde-suche.xml
[2013.01.25 23:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0X9WS559.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0X9WS559.DEFAULT\EXTENSIONS\{D5EA4520-61A1-11DA-8CD6-0800200C9A66}
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0X9WS559.DEFAULT\EXTENSIONS\MOVEPLAYER@MOVENETWORKS.COM
[2013.01.25 23:53:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.07.17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2013.01.13 03:49:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.13 03:49:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.13 03:49:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.13 03:49:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.13 03:49:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.13 03:49:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.11 20:31:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\SamSung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Global Protection 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: NameServer = 213.191.92.87,192.168.1.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled -
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: Power2GoExpress - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
 
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: PskSvcRetail - C:\Programme\Panda Security\Panda Global Protection 2012\psksvc.exe (Panda Security, S.L.)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.03 11:41:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe
[2013.02.02 12:03:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.02 12:03:34 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\temp
[2013.02.02 12:02:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.02 11:47:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.01 22:30:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.01 22:30:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.01 22:30:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.01 22:30:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.01 22:24:28 | 005,030,042 | R--- | C] (Swearware) -- C:\Users\Björn\Desktop\ComboFix.exe
[2013.01.28 18:32:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.01.28 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.01.28 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Samsung
[2013.01.28 17:58:17 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Samsung
[2013.01.28 17:58:11 | 000,000,000 | ---D | C] -- C:\Users\Björn\Documents\samsung
[2013.01.28 17:38:35 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013.01.28 17:38:34 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013.01.28 17:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013.01.28 17:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2013.01.28 17:33:57 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013.01.28 17:31:28 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013.01.28 17:31:28 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2013.01.28 17:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.01.28 17:20:02 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Downloaded Installations
[2013.01.28 16:54:31 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Odin3-v1.85
[2013.01.26 14:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.26 14:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.26 14:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.26 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.26 14:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.26 14:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.01.26 01:21:30 | 000,000,000 | ---D | C] -- C:\uninstall
[2013.01.25 23:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.12 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.12 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Malwarebytes
[2013.01.12 19:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.12 19:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.12 19:24:02 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.12 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.11 21:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.01.11 20:14:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.10 20:37:06 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.10 20:23:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.06 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Desktop
[2013.01.05 19:36:09 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Unity
[2013.01.05 15:54:28 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\HpUpdate
[2013.01.05 15:54:19 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013.01.05 15:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.03 13:16:01 | 014,330,126 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.03 13:16:01 | 004,928,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.03 13:16:01 | 004,266,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.03 13:16:00 | 004,683,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.03 13:12:37 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2013.02.03 13:12:37 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2013.02.03 13:12:37 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2013.02.03 13:12:37 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2013.02.03 13:12:37 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2013.02.03 13:12:37 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2013.02.03 13:12:37 | 000,000,176 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2013.02.03 13:12:37 | 000,000,176 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2013.02.03 13:12:37 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2013.02.03 13:12:37 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2013.02.03 13:12:37 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2013.02.03 13:12:37 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2013.02.03 13:12:37 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2013.02.03 13:12:37 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2013.02.03 13:11:42 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.02.03 13:11:29 | 000,000,168 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2013.02.03 13:11:29 | 000,000,168 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2013.02.03 13:11:28 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2013.02.03 13:11:28 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2013.02.03 13:09:30 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.02.03 13:09:00 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.02.03 13:08:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 13:08:53 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 13:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.03 13:08:39 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.03 12:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 11:41:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe
[2013.02.02 11:27:57 | 000,076,800 | ---- | M] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.02 11:23:09 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2013.02.02 10:52:54 | 000,257,412 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2013.02.02 10:52:54 | 000,257,412 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2013.02.01 22:25:14 | 005,030,042 | R--- | M] (Swearware) -- C:\Users\Björn\Desktop\ComboFix.exe
[2013.01.30 20:59:16 | 000,365,568 | ---- | M] () -- C:\Users\Björn\Desktop\gmer_2.0.18454.exe
[2013.01.29 21:59:45 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmth.wlt.bck
[2013.01.29 21:59:45 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmth.wlt
[2013.01.28 17:57:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.01.28 17:57:59 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.26 14:59:00 | 000,001,560 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.26 14:49:48 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.01.13 21:27:05 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.01.12 19:24:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.11 20:31:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.11 18:02:26 | 000,373,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.06 14:38:38 | 000,015,158 | ---- | M] () -- C:\Users\Björn\Desktop\gmer.zip
[2013.01.05 19:33:30 | 000,357,376 | ---- | M] () -- C:\Users\Björn\Desktop\wub6k1fk.exe
[2013.01.05 15:10:48 | 000,187,483 | ---- | M] () -- C:\Windows\hpoins29.dat
[2013.01.05 15:08:05 | 000,186,662 | ---- | M] () -- C:\Windows\hpoins29.dat.temp
[2013.01.05 15:07:44 | 000,095,005 | ---- | M] () -- C:\Windows\hpqins05.dat
[2013.01.05 15:06:46 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.01.05 14:55:15 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.01 22:30:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.01 22:30:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.01 22:30:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.01 22:30:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.01 22:30:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.30 21:13:30 | 000,365,568 | ---- | C] () -- C:\Users\Björn\Desktop\gmer_2.0.18454.exe
[2013.01.28 17:57:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.01.28 17:57:59 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.26 14:59:00 | 000,001,560 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.26 14:49:48 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.01.12 19:24:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.06 14:38:38 | 000,015,158 | ---- | C] () -- C:\Users\Björn\Desktop\gmer.zip
[2013.01.05 19:33:28 | 000,357,376 | ---- | C] () -- C:\Users\Björn\Desktop\wub6k1fk.exe
[2013.01.05 15:08:03 | 000,186,662 | ---- | C] () -- C:\Windows\hpoins29.dat.temp
[2013.01.05 15:08:03 | 000,000,755 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp
[2013.01.05 15:06:46 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.01.05 15:05:06 | 000,095,005 | ---- | C] () -- C:\Windows\hpqins05.dat
[2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.02.14 16:05:39 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys
[2012.02.14 16:05:23 | 000,000,262 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2012.02.14 16:05:09 | 000,257,412 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2012.02.14 16:05:09 | 000,257,412 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011.03.02 13:32:46 | 000,000,218 | ---- | C] () -- C:\Users\Björn\.recently-used.xbel
[2010.03.31 16:36:24 | 000,116,193 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.03.31 08:01:37 | 000,116,193 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.23 21:16:10 | 000,076,800 | ---- | C] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.19 13:24:07 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.17 11:23:08 | 000,001,356 | ---- | C] () -- C:\Users\Björn\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.05.26 18:09:00 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\AdvancedTiffEditor
[2009.11.20 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Amazon
[2012.11.24 12:46:54 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Dropbox
[2012.10.24 09:01:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoft
[2011.02.22 00:42:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\EndNote
[2011.03.02 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\gtk-2.0
[2010.02.28 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Imagic403NMB
[2012.02.14 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Panda Security
[2013.01.28 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Samsung
[2012.10.30 13:14:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Verbindungsassistent
[2011.03.20 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\yWorks
[2010.09.30 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Nadja\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.02.02 12:02:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.11.17 20:05:53 | 000,000,000 | ---D | M] -- C:\b01381000f5dd9c0bb
[2009.09.04 14:36:05 | 000,000,000 | ---D | M] -- C:\Boot
[2013.02.02 12:03:35 | 000,000,000 | ---D | M] -- C:\ComboFix
[2013.01.28 17:31:22 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2012.02.16 00:58:06 | 000,000,000 | ---D | M] -- C:\d941140b699793ead8e8
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.27 22:58:41 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.10.26 22:36:43 | 000,000,000 | ---D | M] -- C:\found.000
[2009.11.05 11:53:50 | 000,000,000 | ---D | M] -- C:\found.001
[2010.01.07 08:57:04 | 000,000,000 | ---D | M] -- C:\found.002
[2010.02.16 10:26:04 | 000,000,000 | ---D | M] -- C:\found.003
[2010.05.28 16:21:13 | 000,000,000 | ---D | M] -- C:\found.004
[2010.07.12 18:43:46 | 000,000,000 | ---D | M] -- C:\found.005
[2008.12.19 11:35:52 | 000,000,000 | ---D | M] -- C:\Intel
[2011.01.28 13:23:20 | 000,000,000 | ---D | M] -- C:\Microgaming
[2008.12.23 20:53:54 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.12.19 11:45:48 | 000,000,000 | ---D | M] -- C:\MyWorks
[2011.03.23 23:25:25 | 000,000,000 | ---D | M] -- C:\Output Files
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.28 17:36:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.28 17:28:58 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.02.02 12:03:35 | 000,000,000 | ---D | M] -- C:\Qoobox
[2008.12.19 11:58:26 | 000,000,000 | ---D | M] -- C:\Samsung
[2013.02.03 13:17:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.26 01:21:33 | 000,000,000 | ---D | M] -- C:\uninstall
[2009.01.04 14:42:36 | 000,000,000 | R--D | M] -- C:\Users
[2010.08.25 10:16:13 | 000,000,000 | ---D | M] -- C:\windiag
[2013.02.02 12:03:34 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.12.17 11:09:05 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2013.02.02 12:03:32 | 000,017,460 | ---- | M] () -- C:\ComboFix.txt
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013.02.03 13:08:39 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.03 13:08:38 | 3529,375,744 | -HS- | M] () -- C:\pagefile.sys
[2008.12.19 11:40:22 | 000,000,366 | ---- | M] () -- C:\RHDSetup.log
[2008.12.19 12:01:02 | 000,000,173 | ---- | M] () -- C:\setup.log
[2013.01.05 15:54:33 | 000,000,734 | ---- | M] () -- C:\updatedatfix.log
 
< %PROGRAMFILES%\*.* >
[2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
Invalid Environment Variable: PROGRAMFILES(X86)
 
< %appdata%\*.  >
[2013.01.02 22:59:05 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Adobe
[2011.05.26 18:09:00 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\AdvancedTiffEditor
[2009.11.20 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Amazon
[2012.10.10 22:13:55 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Apple Computer
[2010.05.11 20:13:11 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\CyberLink
[2012.11.24 12:46:54 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Dropbox
[2010.11.29 17:32:59 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\dvdcss
[2012.10.24 09:01:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoft
[2011.02.22 00:42:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\EndNote
[2011.03.02 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\gtk-2.0
[2009.02.19 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\HP
[2013.01.12 19:14:39 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\HpUpdate
[2008.12.17 11:23:12 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Identities
[2010.02.28 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Imagic403NMB
[2008.12.19 11:37:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\InstallShield
[2008.12.19 12:27:01 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Macromedia
[2013.01.12 19:24:32 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Media Center Programs
[2012.06.23 18:02:27 | 000,000,000 | --SD | M] -- C:\Users\Björn\AppData\Roaming\Microsoft
[2009.04.25 09:01:04 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Move Networks
[2008.12.19 22:42:01 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Mozilla
[2012.02.14 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Panda Security
[2013.01.28 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Samsung
[2012.11.24 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Skype
[2012.08.01 18:07:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\skypePM
[2010.11.30 06:59:36 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\U3
[2012.10.30 13:14:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Verbindungsassistent
[2011.07.06 13:08:42 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\vlc
[2011.03.20 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\yWorks
 
< %appdata%\*.*  >
 
< %localappdata%\*.  >
[2012.08.21 12:20:14 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\AAV
[2013.01.02 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Adobe
[2008.12.17 11:23:07 | 000,000,000 | -HSD | M] -- C:\Users\Björn\AppData\Local\Anwendungsdaten
[2009.06.05 01:22:22 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Apple
[2010.04.03 08:55:47 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Apple Computer
[2013.01.28 17:20:02 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Downloaded Installations
[2009.02.19 18:48:08 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\HP
[2009.10.14 10:07:52 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Lexware
[2012.06.23 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Macromedia
[2012.06.23 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Microsoft
[2011.08.30 15:11:28 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Microsoft Games
[2012.10.03 13:17:58 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Microsoft Help
[2008.12.19 22:41:48 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Mozilla
[2012.02.14 16:15:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Panda Security
[2013.01.28 17:58:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Samsung
[2013.02.03 13:12:39 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\temp
[2008.12.17 11:23:07 | 000,000,000 | -HSD | M] -- C:\Users\Björn\AppData\Local\Temporary Internet Files
[2009.01.26 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Toshiba
[2013.01.05 19:37:44 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\Unity
[2008.12.17 11:23:07 | 000,000,000 | -HSD | M] -- C:\Users\Björn\AppData\Local\Verlauf
[2009.01.26 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Local\VirtualStore
 
< %localappdata%\*.* >
[2012.12.21 01:39:28 | 000,001,356 | ---- | M] () -- C:\Users\Björn\AppData\Local\d3d9caps.dat
[2013.02.02 11:27:57 | 000,076,800 | ---- | M] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.03 20:14:31 | 000,101,608 | ---- | M] () -- C:\Users\Björn\AppData\Local\GDIPFONTCACHEV1.DAT
[2013.02.02 19:55:42 | 004,223,405 | -H-- | M] () -- C:\Users\Björn\AppData\Local\IconCache.db
 
< %allusersprofile%\*.  >
[2013.01.26 14:58:51 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.08.21 12:18:52 | 000,000,000 | ---D | M] -- C:\ProgramData\AAV
[2013.01.05 15:17:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2010.06.12 12:56:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2009.06.05 01:23:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.02.14 16:03:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Backup
[2010.05.11 22:05:29 | 000,000,000 | ---D | M] -- C:\ProgramData\BTrieve
[2009.11.22 13:38:19 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.03.17 20:48:14 | 000,000,000 | ---D | M] -- C:\ProgramData\fluxDVD
[2009.10.14 09:38:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Haufe
[2009.02.19 18:45:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
[2013.01.05 15:06:55 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2013.01.05 15:06:28 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Product Assistant
[2009.10.14 09:40:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2008.12.27 15:03:49 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2013.01.12 19:24:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2010.06.26 22:09:49 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2010.10.07 15:23:54 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2013.01.11 17:52:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012.05.07 23:13:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2012.03.17 20:34:07 | 000,000,000 | ---D | M] -- C:\ProgramData\mpDRM
[2013.01.11 21:01:55 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2012.02.14 16:05:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Panda Security
[2013.01.28 17:37:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2012.11.24 17:51:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.06.27 01:49:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2006.11.02 14:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008.12.17 11:19:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009.02.19 18:47:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WEBREG
[2010.03.20 15:40:09 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009.06.05 01:23:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
 
< %allusersprofile%\*.* >
[2008.12.19 13:24:07 | 000,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2013.01.05 15:10:59 | 000,002,890 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2013.02.03 13:09:30 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.01.13 21:27:05 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.dat

< End of report >

extra.txt:

Code:
OTL Extras logfile created on: 03.02.2013 13:12:49 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Björn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,40% Memory free
6,18 Gb Paging File | 5,07 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 55,63 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNGR510 | User Name: Björn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
 
[HKEY_USERS\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B32417B-6476-4FBD-8376-9F843B5ED432}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1692DA3F-201D-4011-8B7D-CBFC21300681}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16F10802-9F6A-4CB8-8CB0-3372D47058B5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{18C6E9FB-DAE0-4599-B05B-0A128F932F60}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1CE97591-61DC-4255-B222-E07E5F61F642}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2AE8C0CD-B949-4BAC-96B0-21EEEB60B588}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32F014B7-2098-4AFD-AE52-CE3D68A3EBD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59B1D2E6-10A6-45CE-BB92-C28DA7C52902}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA2DC1B-407D-4BC9-AD91-05D5991D402A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{609E1AE5-3333-4A81-A6DF-EBFCA1E733E2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{728D5005-54BC-41FB-AE35-485854F24EFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A924FE1-1463-451B-9638-86E7974D3B27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC63A9-D33F-40E1-ADED-1B6CE60962AC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8777E854-A4CB-4C08-9FCE-A6905AF91202}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{88A31D96-DA73-42AF-9585-616EE8360DBA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C6B2919-4D05-48B3-A62D-D10FAB79C250}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{90E4CA23-F58B-40B3-9846-85EC201CB099}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{93D33914-275E-4230-AC60-A2ABA2C04DFC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AFD25B0A-5CE6-47DF-B631-F1930EBF879C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C766C68E-ADCB-4F25-B071-DC3D485C7FCF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C89DA965-6D55-48AB-BFDF-FC7BB60A9ED6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C92D85EF-BDE7-47EF-AD73-6B2E0A1CE2E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBB3FDB9-8346-49E7-A9D0-05D98F2625CE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E9E061C6-4B53-4A34-8494-86B191CF714B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF91A3F3-497A-48D8-8DEC-925474A5FE61}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F48112DA-A266-4C29-A70C-6183BAF2AB73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A27A3D-55EA-4C79-BBE2-ABD0E4176305}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11FDBE36-475C-4202-B0C8-ABE82174B467}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{13ADF7A5-5791-41ED-B204-98B50675094B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14B8E201-A8AD-48A5-8D44-E399442275F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16C027F9-3BA3-4949-8882-A4CF3B13469C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1A9FBD75-548B-4518-9E75-14CEA60F76AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{222EBEAF-FB43-4EA7-ACBE-E9870C13F0CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{224A3DFB-62DA-4F3C-BFAD-FA3E659D457B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2737E1A7-A299-4E36-8FB4-594B85C5E516}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2C89F5C7-76F1-414E-8E37-DB5E22A4A4AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DE44BA6-EEC5-4547-B2BF-E5E8F762A38E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{3C0C7760-42AB-4A9B-BCE1-DAD78A40B733}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3EFA92CD-6960-48D2-B415-F80E0DB93ED8}" = protocol=6 | dir=out | app=system |
"{46BB9324-38D5-4CE6-B99C-65DF51122EE6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F5944DD-19E9-4AB8-A432-087E4FB36020}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{553BBEC7-26C4-4051-8738-C40177EA7E7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70CDFFF5-7493-4653-A979-9AB3E3F1007A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72A8F458-DA59-4AF5-B0AB-EDBD3C0DE366}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7517DBEA-C109-47DC-B098-5501BEA615B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{771113EE-6B85-4755-8F25-7422253BD047}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{7AC34624-D97A-49C2-B9A6-5E37B51550C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7C10C9B6-052B-4BCA-B94E-E34F80386DBA}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{865B65F7-D91B-46F2-9570-F89C87CD29C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{89AEBB59-2214-428F-8F36-B956D7D6039E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{95F0A131-C82F-400C-B558-7A18359EF83E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A08E95FA-C06D-480F-A9FA-1A2002F8BF2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{B1938E19-3A99-4910-8920-7A1F645E4B63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4A42D13-F28B-43F5-B197-EEF5BCB6E9BD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BAB2F8CE-F7CD-4DCA-8E20-31E4E3F46097}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDE0867C-806C-4225-8C41-ACF9F016E434}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{C359F744-B754-459E-9924-516CF9D9AD3A}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{DC53ACF0-E2C9-447E-9589-E63912A24300}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E0BEADCE-6927-4475-B574-571E55CBEBCC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E1802200-48DF-479B-959B-4463C409AEFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5FFAFD8-103F-495E-9C44-28EC1D3E2148}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E6155D66-2376-45CC-9EDF-F8F981C93709}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E9A9753B-67BC-43DA-B1BB-A179327643C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEAA318E-FDE8-4B8D-897E-6EA46C038521}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F28D5DA2-5127-4A4D-8DB4-91956827EAE1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F3062242-8FC2-42CF-BC2B-ABE42383E424}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBF2ECF6-7286-4581-8D33-74413660F08E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1B6A4687-1E89-47EC-866F-038F189E148E}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |
"TCP Query User{6827B0FA-74F5-401D-822B-56C5FE31F71F}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{834B66A1-AFF4-4E33-9A3D-098FD6D6EB47}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{86943559-0E5B-4562-90DD-4080E97D6FED}C:\program files\dc software\dl10xp.exe" = protocol=6 | dir=in | app=c:\program files\dc software\dl10xp.exe |
"TCP Query User{8EC5C83C-AE53-4515-9CA4-D2ACDE6F7F28}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{93B2C2F2-F181-4AF3-8C39-A6260882B5EE}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{B7173293-60CF-4439-B256-3C2DC7D70D36}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E8FAAA9C-98E9-4B18-BF2D-8AC8E3AC21BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0A3048C4-F179-42C5-A4FA-B6270BEFE13F}C:\program files\dc software\dl10xp.exe" = protocol=17 | dir=in | app=c:\program files\dc software\dl10xp.exe |
"UDP Query User{116C6CB0-BB7E-4179-A4FE-2CC9272B36E3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4A0CFD38-886D-4C20-91C0-E3EFF32D5096}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7CD40BE5-5720-4800-A5FC-CC527DD1876F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8B7FCA69-5768-4C5A-9292-B2109E95CA32}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{8EEE5F62-7A55-4D54-8AE8-9D28EA89A991}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{9355E78B-CB55-4A76-9443-74BAE058983F}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{FBE05C59-A463-4106-834B-F54CE1F21FB6}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}" = AAVUpdateManager
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{2A708B4E-B226-4EBB-AA55-639C17E7939E}" = DC Software
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4420_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A05A6CC-EA05-420E-8F6E-8ADF414BEDB3}" = Panda Global Protection 2012
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4420_Help
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76F79738-4234-45E8-80AA-F56F8FCD4FBE}" = QuickSteuer 2009
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{81A25967-DB85-4B48-A8A7-D25AC191DEE4}" = Panda Global Protection 2012
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E8F5F4AB-512F-44EB-9018-3C527AF6A717}" = Irodio Photo & Video Studio
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE5BCA77-F9B8-4896-BB04-6CBE587BC8CE}" = QuickSteuer 2009
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.62
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"EndNote" = EndNote
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.6
"yEd Graph Editor 3.6.1.1" = yEd Graph Editor 3.6.1.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2011 16:08:49 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:12:22 | Computer Name = SamsungR510 | Source = LoadPerf | ID = 3012
Description =
 
Error - 14.11.2011 16:12:22 | Computer Name = SamsungR510 | Source = LoadPerf | ID = 3012
Description =
 
Error - 14.11.2011 16:12:22 | Computer Name = SamsungR510 | Source = LoadPerf | ID = 3011
Description =
 
[ OSession Events ]
Error - 03.06.2010 12:30:58 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:31:37 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:31:53 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:32:10 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:36:11 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:36:35 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:41:39 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:41:53 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 14:44:37 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 15:02:01 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.02.2013 05:55:28 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7022
Description =
 
Error - 03.02.2013 07:56:33 | Computer Name = SamsungR510 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2013 um 12:54:38 unerwartet heruntergefahren.
 
Error - 03.02.2013 07:57:18 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.02.2013 07:58:40 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7022
Description =
 
Error - 03.02.2013 08:04:49 | Computer Name = SamsungR510 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2013 um 13:01:31 unerwartet heruntergefahren.
 
Error - 03.02.2013 08:06:29 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.02.2013 08:06:55 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7022
Description =
 
Error - 03.02.2013 08:08:46 | Computer Name = SamsungR510 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.02.2013 um 13:07:40 unerwartet heruntergefahren.
 
Error - 03.02.2013 08:10:26 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.02.2013 08:11:27 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >

ryder 03.02.2013 13:59
Also das ist gar nichts weiter und bis auf die Tatsache, dass Panda für meinen Geschmack ein paar Treiber zu viel installiert sollte alles okay sein.

Wir versuchen jetzt die Datei zu entfernen.


Schritt 1:
Fix mit OTL
Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.
Code:
:files
C:\Users\Björn\Downloads\Videoload_Manager_2.0.2200.exe
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein! :kaffee:

Schritt 2:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Stelle folgendes ein:
    • Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"
    • Ausgabe: Minimal
    • Benutze SafeList in jedem Feld.
    • Haken bei "Benutze Hersteller-Whitelist"
    • Dateien erstellt und verändert innerhalb Datei-Alter
    • Haken bei LOP Prüfung und Purity Prüfung
  • Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Code:
C:\Users\Björn\Downloads\*.* /s
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

horstmeier 03.02.2013 21:02
Code:
========== FILES ==========
C:\Users\Björn\Downloads\Videoload_Manager_2.0.2200.exe moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 02032013_200520

Code:
OTL logfile created on: 03.02.2013 20:12:02 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Björn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,84% Memory free
6,20 Gb Paging File | 5,06 Gb Available in Paging File | 81,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 54,93 Gb Free Space | 19,07% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNGR510 | User Name: Björn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Björn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SamSung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\SamSung\Kies\Kies.exe (Samsung)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\TPSrv.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PavFnSvr.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\ApVxdWin.exe (Panda Security, S.L.)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\psksvc.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\pavsrvx86.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\AVENGINE.EXE (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\WebProxy.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PavBckPT.exe (Panda Security, S.L.)
PRC - c:\Programme\Panda Security\Panda Global Protection 2012\FIREWALL\PSHost.exe (Panda Security International)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PsCtrlS.exe (Panda Security, S.L.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\SrvLoad.exe (Panda Security, S.L.)
PRC - C:\Programme\Panda Security\Panda Global Protection 2012\PsImSvc.exe (Panda Security S.L.)
PRC - C:\Programme\SamSung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\SamSung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b086aa6691c54b382c9dff23d19879cd\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\d532b3a8c28f7131b6c1d7eb62a9a421\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\5c80e523a29d6577d167f5550f882dc0\Kies.Plugin.ContentsManagerLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\c332273df479d78fd386207bd8aeee42\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c869231737a2b3d15915dcd3cf44b935\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a65c0b3dd11b28cee0f0af1185b12d\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\7134f52b3f25107e9868d664eed50a2f\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8e2b0a9c69e1065931751dcb16bd5fac\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7c3107cb236a66aa4602f12d23611c55\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f619ad24547bdefcd7ae3b6afdf99a67\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Panda Security\Panda Global Protection 2012\MiniCrypto.dll ()
MOD - C:\Programme\SamSung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\SamSung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\SamSung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Programme\Panda Security\Panda Global Protection 2012\LIBXML2.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TPSrv) -- C:\Programme\Panda Security\Panda Global Protection 2012\TPSrv.exe (Panda Security, S.L.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PAVFNSVR) -- C:\Programme\Panda Security\Panda Global Protection 2012\PavFnSvr.exe (Panda Security, S.L.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (PskSvcRetail) -- C:\Programme\Panda Security\Panda Global Protection 2012\psksvc.exe (Panda Security, S.L.)
SRV - (PAVSRV) -- C:\Programme\Panda Security\Panda Global Protection 2012\pavsrvx86.exe (Panda Security, S.L.)
SRV - (PSHost) -- c:\Programme\Panda Security\Panda Global Protection 2012\FIREWALL\PSHost.exe (Panda Security International)
SRV - (Panda Software Controller) -- C:\Programme\Panda Security\Panda Global Protection 2012\PsCtrlS.exe (Panda Security, S.L.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (PSIMSVC) -- C:\Programme\Panda Security\Panda Global Protection 2012\PsImSvc.exe (Panda Security S.L.)
SRV - (PavPrSrv) -- C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PDNSp50) -- C:\Windows\system32\drivers\PDNSp50.sys File not found
DRV - (PDNMp50) -- C:\Windows\system32\drivers\PDNMp50.sys File not found
DRV - (PavTPK.sys) -- C:\Windows\system32\PavTPK.sys File not found
DRV - (PavSRK.sys) -- C:\Windows\system32\PavSRK.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\BJRN~1\AppData\Local\Temp\catchme.sys File not found
DRV - (br3gmdm) -- system32\DRIVERS\br3gmdm.sys File not found
DRV - (AvFlt) -- C:\Windows\system32\drivers\av5flt.sys File not found
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ComFiltr) -- C:\Windows\System32\drivers\COMFiltr.sys ()
DRV - (ShldDrv) -- C:\Windows\System32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (APPFLT) -- C:\Windows\System32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (IDSFLT) -- C:\Windows\System32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (NETIMFLT01060044) -- C:\Windows\System32\drivers\neti1644.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (AmFSM) -- C:\Windows\System32\drivers\amm8660.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\Windows\System32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WNMFLT) -- C:\Windows\System32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\Windows\System32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (FNETMON) -- C:\Windows\System32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\Windows\System32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.charite.de:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7Bd5ea4520-61a1-11da-8cd6-0800200c9a66%7D:2009.07.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/"
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.02.19 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.02.19 18:40:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.26 14:49:56 | 000,000,000 | ---D | M]
 
[2008.12.19 22:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Extensions
[2013.01.28 16:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions
[2010.07.01 20:56:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.30 21:35:38 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2009.04.25 08:54:23 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\0x9ws559.default\extensions\moveplayer@movenetworks.com
[2011.11.02 22:42:32 | 000,007,901 | ---- | M] () (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2012.12.13 22:31:32 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.28 16:55:04 | 000,000,853 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\11-suche.xml
[2013.01.28 16:55:04 | 000,002,209 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\englische-ergebnisse.xml
[2013.01.28 16:55:04 | 000,010,506 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\gmx-suche.xml
[2013.01.28 16:55:04 | 000,002,368 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\lastminute.xml
[2013.01.28 16:55:04 | 000,005,489 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\0x9ws559.default\searchplugins\webde-suche.xml
[2013.01.25 23:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0X9WS559.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0X9WS559.DEFAULT\EXTENSIONS\{D5EA4520-61A1-11DA-8CD6-0800200C9A66}
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0X9WS559.DEFAULT\EXTENSIONS\MOVEPLAYER@MOVENETWORKS.COM
[2013.01.25 23:53:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.07.17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2013.01.13 03:49:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.13 03:49:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.13 03:49:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.13 03:49:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.13 03:49:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.13 03:49:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.11 20:31:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\SamSung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Global Protection 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB4D14C0-1A22-4E0D-B0DB-E07F8D5C49A5}: NameServer = 213.191.92.87,192.168.1.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.03 20:05:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.03 11:41:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe
[2013.02.02 12:03:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.02 12:03:34 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\temp
[2013.02.02 12:02:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.02 11:47:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.01 22:30:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.01 22:30:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.01 22:30:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.01 22:30:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.01 22:24:28 | 005,030,042 | R--- | C] (Swearware) -- C:\Users\Björn\Desktop\ComboFix.exe
[2013.01.28 18:32:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.01.28 17:58:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.01.28 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Samsung
[2013.01.28 17:58:17 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Samsung
[2013.01.28 17:58:11 | 000,000,000 | ---D | C] -- C:\Users\Björn\Documents\samsung
[2013.01.28 17:38:35 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013.01.28 17:38:34 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013.01.28 17:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013.01.28 17:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2013.01.28 17:33:57 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013.01.28 17:31:28 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013.01.28 17:31:28 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2013.01.28 17:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.01.28 17:20:02 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Downloaded Installations
[2013.01.28 16:54:31 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Odin3-v1.85
[2013.01.26 14:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.26 14:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.26 14:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.26 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.26 14:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.26 14:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.01.26 01:21:30 | 000,000,000 | ---D | C] -- C:\uninstall
[2013.01.25 23:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.12 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.12 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Malwarebytes
[2013.01.12 19:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.12 19:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.12 19:24:02 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.12 19:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.11 21:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.01.11 20:14:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.10 20:37:06 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.10 20:23:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.06 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Desktop
[2013.01.05 19:36:09 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Unity
[2013.01.05 15:54:28 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\HpUpdate
[2013.01.05 15:54:19 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013.01.05 15:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.03 19:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 19:35:59 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 19:35:59 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 19:03:25 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.02.03 19:03:21 | 000,000,168 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2013.02.03 19:03:21 | 000,000,168 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2013.02.03 19:03:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.03 17:43:14 | 004,933,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.03 17:43:12 | 014,345,912 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.03 17:43:12 | 004,271,666 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.03 17:43:10 | 004,688,994 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.03 17:38:50 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2013.02.03 17:38:50 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2013.02.03 17:38:50 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2013.02.03 17:38:50 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2013.02.03 17:38:50 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2013.02.03 17:38:50 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2013.02.03 17:38:50 | 000,000,176 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2013.02.03 17:38:50 | 000,000,176 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2013.02.03 17:38:50 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2013.02.03 17:38:50 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2013.02.03 17:38:50 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2013.02.03 17:38:50 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2013.02.03 17:38:50 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2013.02.03 17:38:50 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2013.02.03 17:38:14 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.02.03 17:37:58 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2013.02.03 17:37:58 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2013.02.03 17:36:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.02.03 17:35:08 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.03 11:41:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe
[2013.02.02 11:27:57 | 000,076,800 | ---- | M] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.02 11:23:09 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2013.02.02 10:52:54 | 000,257,412 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2013.02.02 10:52:54 | 000,257,412 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2013.02.01 22:25:14 | 005,030,042 | R--- | M] (Swearware) -- C:\Users\Björn\Desktop\ComboFix.exe
[2013.01.30 20:59:16 | 000,365,568 | ---- | M] () -- C:\Users\Björn\Desktop\gmer_2.0.18454.exe
[2013.01.29 21:59:45 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmth.wlt.bck
[2013.01.29 21:59:45 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmth.wlt
[2013.01.28 17:57:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.01.28 17:57:59 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.26 14:59:00 | 000,001,560 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.26 14:49:48 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.01.13 21:27:05 | 000,116,193 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.01.12 19:24:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.11 20:31:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.11 18:02:26 | 000,373,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.06 14:38:38 | 000,015,158 | ---- | M] () -- C:\Users\Björn\Desktop\gmer.zip
[2013.01.05 19:33:30 | 000,357,376 | ---- | M] () -- C:\Users\Björn\Desktop\wub6k1fk.exe
[2013.01.05 15:10:48 | 000,187,483 | ---- | M] () -- C:\Windows\hpoins29.dat
[2013.01.05 15:08:05 | 000,186,662 | ---- | M] () -- C:\Windows\hpoins29.dat.temp
[2013.01.05 15:07:44 | 000,095,005 | ---- | M] () -- C:\Windows\hpqins05.dat
[2013.01.05 15:06:46 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.01.05 14:55:15 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.01 22:30:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.01 22:30:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.01 22:30:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.01 22:30:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.01 22:30:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.30 21:13:30 | 000,365,568 | ---- | C] () -- C:\Users\Björn\Desktop\gmer_2.0.18454.exe
[2013.01.28 17:57:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.01.28 17:57:59 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.26 14:59:00 | 000,001,560 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.26 14:49:48 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.01.12 19:24:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.06 14:38:38 | 000,015,158 | ---- | C] () -- C:\Users\Björn\Desktop\gmer.zip
[2013.01.05 19:33:28 | 000,357,376 | ---- | C] () -- C:\Users\Björn\Desktop\wub6k1fk.exe
[2013.01.05 15:08:03 | 000,186,662 | ---- | C] () -- C:\Windows\hpoins29.dat.temp
[2013.01.05 15:08:03 | 000,000,755 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp
[2013.01.05 15:06:46 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.01.05 15:05:06 | 000,095,005 | ---- | C] () -- C:\Windows\hpqins05.dat
[2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.02.14 16:05:39 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys
[2012.02.14 16:05:23 | 000,000,262 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2012.02.14 16:05:09 | 000,257,412 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2012.02.14 16:05:09 | 000,257,412 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011.03.02 13:32:46 | 000,000,218 | ---- | C] () -- C:\Users\Björn\.recently-used.xbel
[2010.03.31 16:36:24 | 000,116,193 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.03.31 08:01:37 | 000,116,193 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.23 21:16:10 | 000,076,800 | ---- | C] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.19 13:24:07 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.17 11:23:08 | 000,001,356 | ---- | C] () -- C:\Users\Björn\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.05.26 18:09:00 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\AdvancedTiffEditor
[2009.11.20 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Amazon
[2012.11.24 12:46:54 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Dropbox
[2012.10.24 09:01:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoft
[2011.02.22 00:42:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\EndNote
[2011.03.02 13:04:33 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\gtk-2.0
[2010.02.28 15:35:35 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Imagic403NMB
[2012.02.14 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Panda Security
[2013.01.28 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Samsung
[2012.10.30 13:14:15 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Verbindungsassistent
[2011.03.20 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\yWorks
[2010.09.30 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Nadja\AppData\Roaming\Verbindungsassistent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< C:\Users\Björn\Downloads\*.* /s >
[2012.08.13 17:53:40 | 009,261,188 | ---- | M] () -- C:\Users\Björn\Downloads\01 - Aint Nobody (Album Version).mp3
[2011.11.07 20:59:09 | 008,369,329 | ---- | M] () -- C:\Users\Björn\Downloads\14 - Freezeynius Institut.mp3
[2008.12.19 13:20:48 | 000,933,967 | ---- | M] () -- C:\Users\Björn\Downloads\7z462.exe
[2011.03.23 22:40:49 | 006,254,357 | ---- | M] (Graphic-Region Development                                  ) -- C:\Users\Björn\Downloads\AdvTIFFeditor_3.0_en.exe
[2011.11.07 20:54:21 | 000,002,460 | -HS- | M] () -- C:\Users\Björn\Downloads\AlbumArtSmall.jpg
[2011.11.07 20:54:21 | 000,009,571 | -HS- | M] () -- C:\Users\Björn\Downloads\AlbumArt_{F4FE43D2-A78C-416E-96B5-4E08DBF549C7}_Large.jpg
[2011.11.07 20:54:21 | 000,002,460 | -HS- | M] () -- C:\Users\Björn\Downloads\AlbumArt_{F4FE43D2-A78C-416E-96B5-4E08DBF549C7}_Small.jpg
[2011.07.03 12:40:42 | 000,048,858 | ---- | M] () -- C:\Users\Björn\Downloads\AmazonMP3-1309693239.amz
[2012.08.13 18:16:37 | 002,364,816 | ---- | M] () -- C:\Users\Björn\Downloads\AmazonMP3DownloaderInstall.exe
[2009.11.20 12:27:46 | 000,684,672 | ---- | M] () -- C:\Users\Björn\Downloads\AmazonMP3Installer-de_DE.exe
[2009.10.26 22:06:15 | 006,067,224 | ---- | M] () -- C:\Users\Björn\Downloads\bitcomet115_setup.exe
[2013.01.05 11:50:20 | 001,607,208 | ---- | M] () -- C:\Users\Björn\Downloads\ConvergedIO_HPCOM_V3.exe
[2008.12.17 11:23:19 | 000,000,282 | -HS- | M] () -- C:\Users\Björn\Downloads\desktop.ini
[2011.02.26 19:04:13 | 018,503,888 | ---- | M] (The Dia Developers) -- C:\Users\Björn\Downloads\dia-setup-0.97.1-2.exe
[2012.08.18 12:53:19 | 017,798,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Björn\Downloads\Dropbox_1.4.12.exe
[2009.11.05 14:31:36 | 002,538,952 | ---- | M] () -- C:\Users\Björn\Downloads\DSC00044.JPG
[2009.04.18 12:08:49 | 000,089,631 | ---- | M] () -- C:\Users\Björn\Downloads\DSC00934 klein.JPG
[2009.10.21 15:55:36 | 000,116,224 | ---- | M] () -- C:\Users\Björn\Downloads\Ende2009.xls
[2008.12.19 22:41:11 | 007,353,592 | ---- | M] (Mozilla) -- C:\Users\Björn\Downloads\Firefox_Setup_3.0.5.exe
[2011.11.07 20:54:21 | 000,009,571 | -HS- | M] () -- C:\Users\Björn\Downloads\Folder.jpg
[2010.11.29 17:27:50 | 079,924,115 | ---- | M] () -- C:\Users\Björn\Downloads\HNO-Magdeburg-VE-Material.zip
[2013.01.26 01:35:09 | 000,853,658 | ---- | M] () -- C:\Users\Björn\Downloads\IMG_3700.JPG
[2011.01.13 11:48:24 | 000,815,079 | ---- | M] () -- C:\Users\Björn\Downloads\IMG_3712.JPG
[2012.10.31 15:04:01 | 001,000,888 | ---- | M] (Solid State Networks) -- C:\Users\Björn\Downloads\install_flashplayer11x32_mssd_aih.exe
[2012.10.09 21:15:53 | 001,001,288 | ---- | M] (Solid State Networks) -- C:\Users\Björn\Downloads\install_reader10_de_mssd_aih.exe
[2009.06.05 01:20:05 | 077,690,152 | ---- | M] (Apple Inc.) -- C:\Users\Björn\Downloads\iTunesSetup.exe
[2011.02.21 17:53:57 | 004,673,720 | ---- | M] (                                                            ) -- C:\Users\Björn\Downloads\IZArc4.1.2.exe
[2010.01.10 14:52:39 | 000,033,180 | ---- | M] () -- C:\Users\Björn\Downloads\januar.pdf
[2012.08.20 13:28:53 | 002,396,760 | ---- | M] () -- C:\Users\Björn\Downloads\JörnBerlin.MOV
[2012.10.30 09:48:20 | 000,063,880 | ---- | M] () -- C:\Users\Björn\Downloads\KnieLinks.zip
[2011.06.19 21:08:40 | 027,662,135 | ---- | M] () -- C:\Users\Björn\Downloads\Kool Savas Der beste Tag meines Lebens (Official HQ Video) 2002.mp4
[2009.04.25 09:01:04 | 001,048,200 | ---- | M] () -- C:\Users\Björn\Downloads\MoveMediaPlayer_071303000004.exe
[2011.08.29 15:51:59 | 012,186,500 | ---- | M] () -- C:\Users\Björn\Downloads\msd_-mac-mp550-15_5_2-ea8_2.dmg
[2012.02.14 15:40:07 | 077,957,744 | ---- | M] () -- C:\Users\Björn\Downloads\PANDAGP12.exe
[2012.08.20 13:44:53 | 002,742,320 | ---- | M] () -- C:\Users\Björn\Downloads\Papa_Noel_2011.mp3
[2013.01.05 12:27:39 | 161,637,240 | ---- | M] () -- C:\Users\Björn\Downloads\PS_AIO_03_C4420_NonNet_Full_Win_WW_110_206.exe
[2012.10.09 21:10:49 | 039,483,256 | ---- | M] (Apple Inc.) -- C:\Users\Björn\Downloads\QuickTimeInstaller.exe
[2012.02.08 23:47:35 | 002,715,136 | ---- | M] () -- C:\Users\Björn\Downloads\RECIST_1-1_20111209.ppt
[2010.12.11 18:51:06 | 081,428,480 | ---- | M] () -- C:\Users\Björn\Downloads\rescue_system-common-en12.iso
[2008.12.19 12:40:55 | 022,285,608 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Björn\Downloads\SkypeSetup88.exe
[2011.02.21 17:53:26 | 733,913,088 | ---- | M] () -- C:\Users\Björn\Downloads\Soul.Kitchen.German.PROPER.DVDRip.XviD-LOGiCAL.avi
[2010.03.26 17:22:33 | 005,732,176 | ---- | M] (Samsung Electronics Co., Ltd.                              ) -- C:\Users\Björn\Downloads\SUP20_2.0.0.20.exe
[2009.01.16 19:43:05 | 016,320,472 | ---- | M] () -- C:\Users\Björn\Downloads\vlc-0.9.8a-win32.exe
[2010.11.30 07:10:12 | 000,036,864 | ---- | M] () -- C:\Users\Björn\Downloads\vlc-1.1.5-win32.exe
[2010.11.29 17:39:51 | 011,233,280 | ---- | M] () -- C:\Users\Björn\Downloads\Vortrag2009.ppt
[2009.03.04 20:14:34 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Users\Björn\Downloads\wmpfirefoxplugin.exe
[2011.03.20 20:09:29 | 040,043,704 | ---- | M] (yWorks GmbH) -- C:\Users\Björn\Downloads\yEd-3.6.1.1_with_JRE_setup.exe
[2011.12.18 00:32:35 | 000,050,452 | ---- | M] () -- C:\Users\Björn\Downloads\ZETT_praenatal_0759_s.jpg
[2002.06.07 12:00:00 | 000,599,736 | ---- | M] (ISI ResearchSoft) -- C:\Users\Björn\Downloads\EN6Cwyw\EN6Cwyw.wll
[2010.11.29 17:42:26 | 026,109,383 | ---- | M] () -- C:\Users\Björn\Downloads\HNO-Magdeburg-VE-Material\colon.wmv
[2010.11.29 17:42:22 | 025,964,488 | ---- | M] () -- C:\Users\Björn\Downloads\HNO-Magdeburg-VE-Material\DemoVideo_vis-1088.avi
[2010.11.29 17:42:24 | 030,301,425 | ---- | M] () -- C:\Users\Björn\Downloads\HNO-Magdeburg-VE-Material\neck.wmv
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,562 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.12.20 03:13:26 | 000,000,418 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B7E574B8-7AB8-4FA1-B167-0DBC4E19BAD3}.job
[2012.02.14 16:03:56 | 000,000,494 | ---- | C] () -- C:\Windows\Tasks\Grundlegende Bereinigung.job
[2012.10.31 15:20:05 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Björn\Downloads\Soul.Kitchen.German.PROPER.DVDRip.XviD-LOGiCAL.avi:TOC.WMV

< End of report >

Code:
OTL Extras logfile created on: 03.02.2013 20:12:02 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Björn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,84% Memory free
6,20 Gb Paging File | 5,06 Gb Available in Paging File | 81,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,09 Gb Total Space | 54,93 Gb Free Space | 19,07% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNGR510 | User Name: Björn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Programme\Panda Security\Panda Global Protection 2012\PAVSCRIP.EXE (Panda Security, S.L.)
 
[HKEY_USERS\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B32417B-6476-4FBD-8376-9F843B5ED432}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1692DA3F-201D-4011-8B7D-CBFC21300681}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16F10802-9F6A-4CB8-8CB0-3372D47058B5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{18C6E9FB-DAE0-4599-B05B-0A128F932F60}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1CE97591-61DC-4255-B222-E07E5F61F642}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2AE8C0CD-B949-4BAC-96B0-21EEEB60B588}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32F014B7-2098-4AFD-AE52-CE3D68A3EBD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59B1D2E6-10A6-45CE-BB92-C28DA7C52902}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA2DC1B-407D-4BC9-AD91-05D5991D402A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{609E1AE5-3333-4A81-A6DF-EBFCA1E733E2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{728D5005-54BC-41FB-AE35-485854F24EFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A924FE1-1463-451B-9638-86E7974D3B27}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FC63A9-D33F-40E1-ADED-1B6CE60962AC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{8777E854-A4CB-4C08-9FCE-A6905AF91202}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{88A31D96-DA73-42AF-9585-616EE8360DBA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C6B2919-4D05-48B3-A62D-D10FAB79C250}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{90E4CA23-F58B-40B3-9846-85EC201CB099}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{93D33914-275E-4230-AC60-A2ABA2C04DFC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AFD25B0A-5CE6-47DF-B631-F1930EBF879C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C766C68E-ADCB-4F25-B071-DC3D485C7FCF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C89DA965-6D55-48AB-BFDF-FC7BB60A9ED6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C92D85EF-BDE7-47EF-AD73-6B2E0A1CE2E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBB3FDB9-8346-49E7-A9D0-05D98F2625CE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E9E061C6-4B53-4A34-8494-86B191CF714B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF91A3F3-497A-48D8-8DEC-925474A5FE61}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F48112DA-A266-4C29-A70C-6183BAF2AB73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A27A3D-55EA-4C79-BBE2-ABD0E4176305}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11FDBE36-475C-4202-B0C8-ABE82174B467}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{13ADF7A5-5791-41ED-B204-98B50675094B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14B8E201-A8AD-48A5-8D44-E399442275F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16C027F9-3BA3-4949-8882-A4CF3B13469C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1A9FBD75-548B-4518-9E75-14CEA60F76AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{222EBEAF-FB43-4EA7-ACBE-E9870C13F0CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{224A3DFB-62DA-4F3C-BFAD-FA3E659D457B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2737E1A7-A299-4E36-8FB4-594B85C5E516}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2C89F5C7-76F1-414E-8E37-DB5E22A4A4AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DE44BA6-EEC5-4547-B2BF-E5E8F762A38E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{3C0C7760-42AB-4A9B-BCE1-DAD78A40B733}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3EFA92CD-6960-48D2-B415-F80E0DB93ED8}" = protocol=6 | dir=out | app=system |
"{46BB9324-38D5-4CE6-B99C-65DF51122EE6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4F5944DD-19E9-4AB8-A432-087E4FB36020}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{553BBEC7-26C4-4051-8738-C40177EA7E7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70CDFFF5-7493-4653-A979-9AB3E3F1007A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72A8F458-DA59-4AF5-B0AB-EDBD3C0DE366}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7517DBEA-C109-47DC-B098-5501BEA615B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{771113EE-6B85-4755-8F25-7422253BD047}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{7AC34624-D97A-49C2-B9A6-5E37B51550C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7C10C9B6-052B-4BCA-B94E-E34F80386DBA}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{865B65F7-D91B-46F2-9570-F89C87CD29C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{89AEBB59-2214-428F-8F36-B956D7D6039E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{95F0A131-C82F-400C-B558-7A18359EF83E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A08E95FA-C06D-480F-A9FA-1A2002F8BF2C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{B1938E19-3A99-4910-8920-7A1F645E4B63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4A42D13-F28B-43F5-B197-EEF5BCB6E9BD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BAB2F8CE-F7CD-4DCA-8E20-31E4E3F46097}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDE0867C-806C-4225-8C41-ACF9F016E434}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{C359F744-B754-459E-9924-516CF9D9AD3A}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{DC53ACF0-E2C9-447E-9589-E63912A24300}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E0BEADCE-6927-4475-B574-571E55CBEBCC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E1802200-48DF-479B-959B-4463C409AEFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5FFAFD8-103F-495E-9C44-28EC1D3E2148}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E6155D66-2376-45CC-9EDF-F8F981C93709}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E9A9753B-67BC-43DA-B1BB-A179327643C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEAA318E-FDE8-4B8D-897E-6EA46C038521}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F28D5DA2-5127-4A4D-8DB4-91956827EAE1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F3062242-8FC2-42CF-BC2B-ABE42383E424}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBF2ECF6-7286-4581-8D33-74413660F08E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1B6A4687-1E89-47EC-866F-038F189E148E}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |
"TCP Query User{6827B0FA-74F5-401D-822B-56C5FE31F71F}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{834B66A1-AFF4-4E33-9A3D-098FD6D6EB47}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{86943559-0E5B-4562-90DD-4080E97D6FED}C:\program files\dc software\dl10xp.exe" = protocol=6 | dir=in | app=c:\program files\dc software\dl10xp.exe |
"TCP Query User{8EC5C83C-AE53-4515-9CA4-D2ACDE6F7F28}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{93B2C2F2-F181-4AF3-8C39-A6260882B5EE}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{B7173293-60CF-4439-B256-3C2DC7D70D36}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E8FAAA9C-98E9-4B18-BF2D-8AC8E3AC21BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0A3048C4-F179-42C5-A4FA-B6270BEFE13F}C:\program files\dc software\dl10xp.exe" = protocol=17 | dir=in | app=c:\program files\dc software\dl10xp.exe |
"UDP Query User{116C6CB0-BB7E-4179-A4FE-2CC9272B36E3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4A0CFD38-886D-4C20-91C0-E3EFF32D5096}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7CD40BE5-5720-4800-A5FC-CC527DD1876F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8B7FCA69-5768-4C5A-9292-B2109E95CA32}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{8EEE5F62-7A55-4D54-8AE8-9D28EA89A991}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{9355E78B-CB55-4A76-9443-74BAE058983F}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{FBE05C59-A463-4106-834B-F54CE1F21FB6}C:\program files\panda security\panda global protection 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda global protection 2012\apvxdwin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}" = AAVUpdateManager
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{2A708B4E-B226-4EBB-AA55-639C17E7939E}" = DC Software
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4420_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A05A6CC-EA05-420E-8F6E-8ADF414BEDB3}" = Panda Global Protection 2012
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4420_Help
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76F79738-4234-45E8-80AA-F56F8FCD4FBE}" = QuickSteuer 2009
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{81A25967-DB85-4B48-A8A7-D25AC191DEE4}" = Panda Global Protection 2012
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E8F5F4AB-512F-44EB-9018-3C527AF6A717}" = Irodio Photo & Video Studio
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE5BCA77-F9B8-4896-BB04-6CBE587BC8CE}" = QuickSteuer 2009
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.62
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"EndNote" = EndNote
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.6
"yEd Graph Editor 3.6.1.1" = yEd Graph Editor 3.6.1.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-960103346-2356150022-3725157409-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:08:50 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
Error - 14.11.2011 16:12:22 | Computer Name = SamsungR510 | Source = LoadPerf | ID = 3012
Description =
 
Error - 14.11.2011 16:12:22 | Computer Name = SamsungR510 | Source = LoadPerf | ID = 3012
Description =
 
Error - 14.11.2011 16:12:22 | Computer Name = SamsungR510 | Source = LoadPerf | ID = 3011
Description =
 
Error - 15.11.2011 02:15:40 | Computer Name = SamsungR510 | Source = WinMgmt | ID = 10
Description =
 
Error - 15.11.2011 15:59:43 | Computer Name = SamsungR510 | Source = Windows Search Service | ID = 3013
Description =
 
[ OSession Events ]
Error - 03.06.2010 12:30:58 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:31:37 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:31:53 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:32:10 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:36:11 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:36:35 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:41:39 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 12:41:53 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 14:44:37 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 15:02:01 | Computer Name = SamsungR510 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.02.2013 08:42:39 | Computer Name = SamsungR510 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 03.02.2013 08:42:39 | Computer Name = SamsungR510 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 03.02.2013 08:42:39 | Computer Name = SamsungR510 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 03.02.2013 08:42:39 | Computer Name = SamsungR510 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 03.02.2013 08:42:39 | Computer Name = SamsungR510 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 03.02.2013 08:42:39 | Computer Name = SamsungR510 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 03.02.2013 08:42:39 | Computer Name = SamsungR510 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
 
Error - 03.02.2013 08:42:40 | Computer Name = SamsungR510 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 03.02.2013 12:36:52 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.02.2013 12:37:57 | Computer Name = SamsungR510 | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >

ryder 03.02.2013 21:14
So die Datei ist jetzt entfernt worden.

Hast du noch Fragen?

horstmeier 03.02.2013 22:04
besten dank!

und da wo sie jetzt ist (in c:\otl\... ) da macht sie nix nehm ich an?

und was hatte es mit dieser windows reparatur option auf sich?

ryder 04.02.2013 16:34
Lass es so entfernen:

Aufräumen mit delfix

Downloade Dir bitte delfix auf deinen Desktop:
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.

Das war nochmal eine andere Form des Scannens. Mach dir keine Sorgen :)

horstmeier 05.02.2013 19:40
wunderbar! delfix gestartet, alles weg inklusive der videoload-datei...
keine fehlermeldungen mehr, laptop läuft wieder rund!

1000 Dank! zwischenzeitlich hatte ich ja die hoffnung bereits aufgegeben.. ;)

:abklatsch: :D

nur eine sache noch: hab aus neugier noch mal von cd gestartet und in den reparaturmodus geklickt und bekomme da noch genau die selbe fehlermeldung mit der option es zu "reparieren". was ist das und sollte ich es "reparieren" oder nicht?


vielleicht doch noch eine klitze kleine sache :D: welchen scanknecht empfiehlst du denn persönlich? ist meiner so schlecht? wurde mir mal empfohlen, da er angeblich "resourcen-schonend" arbeitet..

wirklich die allerletzte sache :D: inwiefern kann man so eine bereinigung wie wir sie jetzt gemacht haben als 100% bezeichnen? der ein oder andere sagt ja, es bliebe immer etwas zurück..?


Beste grüße und vielen Dank!

:party: :applaus: :Boogie:

ryder 05.02.2013 20:58
:zzwhip: Das hab ich dir eigentliich alles schon geschrieben? Am 13.1.

horstmeier 05.02.2013 21:46
nicht doch, lass die peitsche stecken! :heulen:

gut, also zur virensoftware hast du was geschrieben stimmt. (hörte sich nur so unpersönlich an)

aber zur 100%igen bereinigung und zur frage ob ich den diesen reparaturmodus machen soll hast du nichts geschrieben.

verzeih mir lehrer wenn doch und ich nicht fähig bin es rauszulesen! :balla:


seis drum..

:dankeschoen:

ryder 05.02.2013 21:50
100% Sicherheit gibt es in der Tat nicht und nie wieder, wenn es mal Probleme in der Richtung gab. (Steht am Anfang :) )

Wenn alles läuft, dann musst du natürlich auch nix reparieren. Es gilt immer noch: Never touch a running system.

horstmeier 05.02.2013 22:09
ok. thx!

wie gesagt danke und bis zum nächsten mal... :)

ryder 05.02.2013 22:21
Schön, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22