Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Log-Analyse und Auswertung: Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 2 1 2
Alt 16.04.2013, 17:46   #16
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hallo Thorsten,

auf welchen Zeitpunkt bezieht sich dieses Schreiben der Telekom?
Deine Infektion wurde ja erst am Samstagabend entfernt.
__________________
cheers,
Leo

Alt 16.04.2013, 17:46   #17
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Tja, datiert ist das Schreiben auf gestern.
Ich denke auch, dass sich das überschnitten hat. Ich habe auch bei der T-Com ne Anfrage lauften, wann dort das letze Mal Aktivitäten festegstellt wurden.
__________________
Alt 16.04.2013, 17:53   #18
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Zitat:
Ich habe auch bei der T-Com ne Anfrage lauften, wann dort das letze Mal Aktivitäten festegstellt wurden.
Genau das hätte ich jetzt auch vorgeschlagen. Bis Samstagabend warst du unbestritten noch infiziert, vielleicht gilt die Warnung noch für den Zeitraum davor.


Aber schauen wir sicherheitshalber nochmals rein:


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
  • Schliesse bitte alle anderen Programme.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.
__________________
__________________
Alt 16.04.2013, 18:11   #19
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


hier sind sie:

OTL.txt

Code:
ATTFilter
OTL logfile created on: 16.04.2013 19:02:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\T_Hosang\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,87 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 77,34% Memory free
15,74 Gb Paging File | 13,11 Gb Available in Paging File | 83,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884,18 Gb Total Space | 833,58 Gb Free Space | 94,28% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 22,41 Gb Free Space | 89,63% Space Free | Partition Type: NTFS
 
Computer Name: JG_HOSANG | User Name: T_Hosang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.16 18:59:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T_Hosang\Desktop\OTL.exe
PRC - [2013.04.13 22:09:51 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013.04.11 21:56:43 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.04.05 19:38:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.05 19:38:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.05 19:38:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.28 11:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.03.28 11:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.03 16:09:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvc.exe
PRC - [2012.12.03 16:02:34 | 000,355,840 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe
PRC - [2012.05.21 16:26:28 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.04.23 17:49:26 | 000,069,632 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2012.04.23 17:49:04 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2012.02.29 10:20:04 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.29 10:19:58 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.29 10:19:48 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 21:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.13 22:09:51 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013.04.11 21:56:43 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.26 19:23:16 | 000,218,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\3b21f0b55f7c0dc1fe2295613c3cb921\Interop.FNCClient11Lib.ni.dll
MOD - [2013.03.26 19:23:16 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\692afb6aa3ecd0c71c9cea09c2eae2ed\Vodafone.UpdateManager.ni.dll
MOD - [2013.03.26 19:23:15 | 000,552,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\647443dc0f81de96a84d4d4db789cc42\Vodafone.View.SecondaryWindows.ni.dll
MOD - [2013.03.26 19:23:15 | 000,302,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\5c2c61c4d70a6706e0f30164cddd614f\Vodafone.DeviceAccess.Internals.ni.dll
MOD - [2013.03.26 19:23:15 | 000,198,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\153b2dd90af2ed145208944103101d65\Vodafone.Model.Connection.ni.dll
MOD - [2013.03.26 19:23:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\322749c2fbd26266ef8378513cf439bc\Vodafone.Core.Remoting.ni.dll
MOD - [2013.03.26 19:23:15 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.INSTALLERCO#\f52d12a80cd22baf114cbe6c178ea653\Interop.INSTALLERCONTROLLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,543,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\0ff7b572ccc932b41cd2d1eb67045d6c\Vodafone.Base.Internals.ni.dll
MOD - [2013.03.26 19:23:14 | 000,138,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\718d20210ed30f44294ecde6cfb04d0c\Vodafone.DeviceAccess.Factory.ni.dll
MOD - [2013.03.26 19:23:14 | 000,125,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\66d2d8ce84bf89f049a02c499cc6b0f6\Vodafone.Vpn.ni.dll
MOD - [2013.03.26 19:23:14 | 000,070,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.VpnApiLib\db3ad96a4eabdaf8c6d3621dfbef2379\Interop.VpnApiLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\6d09b9bc2989a46f86e424de338fa4f7\Vodafone.Base.Factory.ni.dll
MOD - [2013.03.26 19:23:14 | 000,031,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FCCOMINTDLL#\d22f87b0c2a72cb67b2171f9ae12c46c\Interop.FCCOMINTDLLLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1f209a64bf52d5c7d663efb1475d31a9\Vodafone.DeviceAccess.Interfaces.ni.dll
MOD - [2013.03.26 19:23:13 | 001,147,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\b470c0145f1efb6ad5c8b1e7bd7353bc\Vodafone.BusinessLogic.ni.dll
MOD - [2013.03.26 19:23:13 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\f5e838d40617381b3ff924b9560e0227\Vodafone.LanWlanManager.ni.dll
MOD - [2013.03.26 19:23:13 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\d9dc106e80c04099dd52cfb025488934\Vodafone.Core.CoreInstanceProvider.ni.dll
MOD - [2013.03.26 19:23:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\9b9e089271e12f12629c6dd4c28a17ab\Vodafone.Contracts.Adapter.ni.dll
MOD - [2013.03.26 19:23:12 | 000,353,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\81874d295af0a5acdf4439d1e993735a\Vodafone.ReportingManager.ni.dll
MOD - [2013.03.26 19:23:12 | 000,193,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\9ed375fd93ec3ff0a11c3a03afb084ac\Vodafone.SmsContactManager.ni.dll
MOD - [2013.03.26 19:23:12 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\28e927aefa407437945e6d6148a5963b\Vodafone.Core.Interfaces.ni.dll
MOD - [2013.03.26 19:23:12 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\be99bfb6b672913329019aed5af2b438\Vodafone.OutlookConnector.ni.dll
MOD - [2013.03.26 19:23:11 | 002,104,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\4a69d3bfa1111bcd9328e15165ee78ad\Spring.Core.ni.dll
MOD - [2013.03.26 19:23:11 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\0c5008375abad2d7074f91953acd7158\Common.Logging.ni.dll
MOD - [2013.03.26 19:23:10 | 000,363,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\dd58c977bd687a25a3fca70f42823d64\Vodafone.DataAccessor.ni.dll
MOD - [2013.03.26 19:23:10 | 000,119,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\d65e3892ff3bfd90b6b37f7ef0c8761c\Interop.Shell32.ni.dll
MOD - [2013.03.26 19:23:10 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\2e2f51624793d37af79fec4e31e9c526\Vodafone.SmsProfileManager.ni.dll
MOD - [2013.03.26 19:23:10 | 000,059,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\bac4366647500291fa77f70a8698625f\Vodafone.SettingsManager.ni.dll
MOD - [2013.03.26 19:23:10 | 000,042,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\4fafee69e5ba2a98d6d46d2a52568595\Vodafone.InstanceProvider.Impl.ni.dll
MOD - [2013.03.26 19:23:10 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\301e862ff848c3bdb219d92a3f8bf0ab\Vodafone.View.ManagedToolTip.ni.dll
MOD - [2013.03.26 19:23:09 | 000,971,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\d1fd414ec0cc1054205b2288efca8a59\Vodafone.View.Shared.ni.dll
MOD - [2013.03.26 19:23:09 | 000,387,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\cbb3dd676decfa4ea4c8ca2598f0ae95\Vodafone.CommonDialogs.ni.dll
MOD - [2013.03.26 19:23:07 | 001,304,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\f4ca72c3d9638d73b47c35ca730b0381\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll
MOD - [2013.03.26 19:23:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\75298ac9b1442d682eb275e0af55c54a\Infragistics2.Win.Misc.v9.2.ni.dll
MOD - [2013.03.26 19:23:04 | 011,055,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\b100ea9c0606c9e1f265c1f610c3ca88\Infragistics2.Win.v9.2.ni.dll
MOD - [2013.03.26 19:22:58 | 000,871,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\1ebe24369c92a181b263b1426fce18f2\Infragistics2.Shared.v9.2.ni.dll
MOD - [2013.03.26 19:22:57 | 007,140,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\1bd47dc0e94ca0b2e7834b697cef6d59\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll
MOD - [2013.03.26 19:22:52 | 000,133,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\ea8f7363640229e960a5cc7d0af3cc74\Vodafone.Core.Contracts.ni.dll
MOD - [2013.03.26 19:22:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\637a9000e10f24056bad88a99b373ea3\Vodafone.Contracts.Presenter.ni.dll
MOD - [2013.03.26 19:22:51 | 002,068,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\cd1e0f2db302f54b64c5875162d30562\MobileBroadbandResources.ni.dll
MOD - [2013.03.26 19:22:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\6fbbdfb3476c03830778328858225e90\Vodafone.Contracts.Model.ni.dll
MOD - [2013.03.26 19:22:51 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\c02c2b70f0aa6a3ceaa2e5557f3d1a92\Vodafone.Contracts.View.ni.dll
MOD - [2013.03.26 19:22:51 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\d5b04b0f2d0202887ab8b07bb37aa876\Vodafone.Contracts.Common.ni.dll
MOD - [2013.03.26 19:22:51 | 000,091,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\c41f6a7ab89af0ab36028b3e610e98b9\Vodafone.DeviceAccess.Contracts.ni.dll
MOD - [2013.03.26 19:22:50 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\ae16d1c2a67ad16252492f63f965d81a\Vodafone.ApplicationHost.Impl.ni.dll
MOD - [2013.03.26 19:22:49 | 000,357,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\a86466fc2e5b4cf65a16796aa384788c\Vodafone.Base.Win32.ni.dll
MOD - [2013.03.26 19:22:49 | 000,178,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\21424d9809eade410fbb8d4e724e47ef\Vodafone.Common.ni.dll
MOD - [2013.03.26 19:22:49 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Mondrian\74ec52478cf6336c04c2b395cc4caa8e\Vodafone.Mondrian.ni.dll
MOD - [2013.03.26 19:22:48 | 000,645,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\fc5a7f356272e75ec53c6a707911d6b9\Vodafone.Data.ni.dll
MOD - [2013.03.26 19:22:48 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\ab447bac91a20964705c797ddeb4fb6b\Vodafone.Base.Contracts.ni.dll
MOD - [2013.03.26 19:22:48 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\fea5d71bb858ce110259395035feec8c\Vodafone.LogEngine.ni.dll
MOD - [2013.03.26 19:22:48 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\f0410779d3c0333eebdebbbd10de4392\Vodafone.MobileBroadband.CallbackHandler.ni.dll
MOD - [2013.03.26 19:22:47 | 001,421,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\289aa77ce94eec188a3b17ddc16caf1e\Vodafone.Platform.ni.dll
MOD - [2013.03.26 19:22:45 | 000,057,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\7afe76097b2a183db950a44b4e710d5c\MobileBroadband.ni.exe
MOD - [2013.02.20 18:40:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.02.20 18:40:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.02.20 18:39:50 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.02.20 18:28:41 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.02.20 18:28:32 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.02.20 18:28:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.02.20 18:28:26 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.02.20 18:28:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.02.20 18:28:23 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.02.20 18:28:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.02.20 18:28:15 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013.02.16 20:09:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.02.16 20:09:04 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll
MOD - [2013.02.16 20:09:04 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll
MOD - [2013.02.16 20:08:49 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.02.16 19:55:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.02.16 19:55:43 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.02.16 19:55:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.02.16 19:55:37 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.02.16 19:55:36 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.02.16 19:55:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.16 19:55:14 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.16 19:55:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013.02.16 19:55:09 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.02.16 19:54:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.02.16 19:54:51 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll
MOD - [2013.02.16 19:54:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.16 19:54:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.02.16 19:54:09 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.16 19:53:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.03 16:02:34 | 000,355,840 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe
MOD - [2012.12.03 16:01:36 | 000,998,912 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\COMWIN1_50.BPL
MOD - [2012.06.23 01:46:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.04.23 17:49:20 | 000,396,800 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2011.04.12 09:43:11 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2011.04.12 09:43:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.12.17 17:46:00 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.13 22:09:51 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.11 21:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.05 19:38:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.05 19:38:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.03 16:09:04 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvc.exe -- (ComWinService)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.07 13:03:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.23 17:49:04 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2012.02.29 10:20:04 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.29 10:19:58 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.29 10:19:48 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.01 19:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.12.05 10:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.05 09:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.06.24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF F7 AA 6C A3 25 CE 01  [binary data]
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2013.03.26 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:56:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:56:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:56:41 | 000,000,000 | ---D | M]
 
[2013.02.16 16:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\Extensions
[2013.04.13 22:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\Firefox\Profiles\pvsno6m7.default\extensions
[2013.04.13 22:14:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\Firefox\Profiles\pvsno6m7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.04.13 19:43:02 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\firefox\profiles\pvsno6m7.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2013.04.11 21:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 21:56:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.01 21:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 21:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.01 21:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 21:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 21:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 21:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.13 19:49:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [ComWin-Frame] C:\Program Files (x86)\HiPath 4000 Expert Access\comwinsvr.exe ()
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [HP Deskjet 3050 J610 series (NET)] C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://192.0.2.5/public/downloads/j2re-win-i.exe (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68463A1D-E420-45B4-A7E4-560C4EA199A1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D8F5EF9-6AEA-4449-A3A1-D54707BB83B0}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2592200-3B4D-4A54-A3CB-46C29430E558}: DhcpNameServer = 10.229.32.10 10.229.32.11 10.252.128.12
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.16 19:00:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\T_Hosang\Desktop\OTL.exe
[2013.04.13 22:11:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.13 20:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.13 19:54:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.13 19:49:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.13 19:45:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.13 18:55:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.13 18:55:26 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.13 18:55:26 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.13 18:55:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.13 18:55:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.13 18:55:26 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.13 18:55:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.13 18:55:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.13 18:55:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.13 18:55:26 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.13 18:55:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.13 18:55:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.13 18:55:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.13 18:55:25 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.13 18:55:24 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.13 11:34:31 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\Malwarebytes
[2013.04.13 11:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.13 11:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.13 11:34:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.13 11:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.13 11:33:56 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Local\Programs
[2013.04.12 15:58:36 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.04.12 15:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.04.12 15:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.04.12 15:57:29 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.04.12 15:57:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.04.12 15:57:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.04.12 15:57:29 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.04.12 15:57:29 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.04.12 15:57:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.04.12 15:57:26 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.04.12 15:57:26 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.04.12 15:57:04 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.04.12 15:57:04 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.04.12 15:56:34 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2013.04.12 15:56:34 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013.04.12 15:55:48 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Local\Windows Live
[2013.04.12 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.04.11 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 08:00:02 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 08:00:02 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 08:00:01 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 08:00:01 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 08:00:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 08:00:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 07:59:58 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 07:59:58 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 07:59:58 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 07:59:57 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 07:59:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 07:59:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.06 16:21:18 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.05 19:38:45 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.05 19:38:45 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.05 19:38:45 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.05 19:33:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.04.02 16:58:52 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.04.02 16:58:52 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.04.02 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013.03.26 19:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sierra Wireless
[2013.03.26 19:23:00 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01007.dll
[2013.03.26 19:23:00 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.03.26 19:23:00 | 000,087,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.03.26 19:22:58 | 000,422,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013.03.26 19:22:58 | 000,223,232 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.03.26 19:22:30 | 000,039,592 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2013.03.26 19:22:30 | 000,016,552 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2013.03.26 19:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2013.03.26 19:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.26 18:58:45 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.26 18:58:45 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.26 18:58:45 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.26 18:58:45 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.26 18:58:45 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.26 18:58:45 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.26 18:58:45 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.26 18:58:45 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.26 18:58:45 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.26 18:58:45 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.26 18:58:45 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.26 18:58:45 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.26 18:58:45 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.26 18:58:45 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.26 18:58:45 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.26 18:58:45 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.26 18:58:45 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.26 18:58:45 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.26 18:58:45 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.26 18:58:45 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.26 18:58:45 | 000,030,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2013.03.26 18:42:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.03.26 07:34:54 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.26 07:34:54 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.26 07:34:54 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.26 07:34:54 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.26 07:34:54 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.26 07:34:54 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.26 07:34:54 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.26 07:34:54 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.26 07:34:54 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.26 07:34:54 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.26 07:34:54 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.26 07:34:54 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.26 07:34:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.26 07:34:54 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.26 07:34:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.26 07:34:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.26 07:34:54 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.26 07:34:54 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.26 07:34:54 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.26 07:34:54 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.26 07:34:54 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.26 07:34:54 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.26 07:34:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.26 07:34:54 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.26 07:34:54 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.26 07:34:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.26 07:34:54 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.26 07:34:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.26 07:34:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.26 07:34:54 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.26 07:34:53 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.26 07:34:53 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.26 07:34:53 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.26 07:34:53 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.26 07:34:53 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.26 07:34:53 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.26 07:34:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.26 07:34:53 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.26 07:34:53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.26 07:34:53 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.26 07:34:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.26 07:34:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.26 07:34:53 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.26 07:34:53 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.26 07:34:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.26 07:34:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.26 07:34:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.26 07:34:53 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.26 07:34:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.26 07:34:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.26 07:34:53 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.26 07:34:53 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.26 07:34:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.26 07:33:55 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.03.26 07:33:55 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.26 07:33:55 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.03.26 07:33:55 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.03.26 07:33:55 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.03.26 07:33:55 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.03.26 07:33:55 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.03.26 07:33:55 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.03.26 07:33:55 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.03.26 07:33:55 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.03.26 07:33:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.03.26 07:33:55 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.03.26 07:33:55 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.26 07:33:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.26 07:33:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.26 07:33:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.26 07:33:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.26 07:33:54 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.26 07:33:54 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.03.26 07:33:54 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.03.26 07:33:54 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.03.26 07:33:54 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.03.26 07:33:54 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.03.26 07:33:54 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.03.26 07:33:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.26 07:33:54 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.03.26 07:33:54 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\WinRAR
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 13:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.16 18:59:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T_Hosang\Desktop\OTL.exe
[2013.04.16 18:36:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.16 17:23:16 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.16 17:23:16 | 000,698,764 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.16 17:23:16 | 000,652,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.16 17:23:16 | 000,148,788 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.16 17:23:16 | 000,121,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.16 17:19:42 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.04.16 17:19:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.16 10:30:05 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.16 10:30:05 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.16 10:21:46 | 2041,921,535 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 22:09:51 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.13 22:09:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.13 19:49:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.13 18:59:29 | 000,346,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.11 21:17:25 | 000,002,923 | ---- | M] () -- C:\Users\T_Hosang\ComWin.Hst
[2013.04.11 14:13:02 | 000,000,000 | ---- | M] () -- C:\Users\T_Hosang\pr20130411.pro
[2013.04.10 17:37:21 | 000,002,074 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.10 17:37:21 | 000,002,003 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Avira DE-Cleaner.lnk
[2013.04.06 16:21:14 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.06 16:21:14 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.06 16:21:14 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.06 16:21:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.06 16:21:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.06 16:21:14 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.05 19:38:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.05 19:38:32 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.05 19:38:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 07:18:50 | 000,001,255 | ---- | M] () -- C:\Users\T_Hosang\Desktop\HP Scan.lnk
[2013.04.02 16:59:03 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.03.26 19:23:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.26 19:22:30 | 000,039,592 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2013.03.26 19:22:30 | 000,016,552 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2013.03.26 19:22:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.03.26 19:22:02 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013.03.26 07:34:54 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.26 07:34:54 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.26 07:34:54 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.26 07:34:54 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.26 07:34:54 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.26 07:34:54 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.26 07:34:54 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.26 07:34:54 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.26 07:34:54 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.26 07:34:54 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.26 07:34:54 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.26 07:34:54 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.26 07:34:54 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.26 07:34:54 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.26 07:34:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.26 07:34:54 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.26 07:34:54 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.26 07:34:54 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.26 07:34:54 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.26 07:34:54 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.26 07:34:54 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.26 07:34:54 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.26 07:34:54 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.26 07:34:54 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.26 07:34:54 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.26 07:34:54 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.26 07:34:54 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.26 07:34:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.26 07:34:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.26 07:34:54 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.26 07:34:54 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.26 07:34:53 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.26 07:34:53 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.26 07:34:53 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.26 07:34:53 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.26 07:34:53 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.26 07:34:53 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.26 07:34:53 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.26 07:34:53 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.26 07:34:53 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.26 07:34:53 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.26 07:34:53 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.26 07:34:53 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.26 07:34:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.26 07:34:53 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.26 07:34:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.26 07:34:53 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.26 07:34:53 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.26 07:34:53 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.26 07:34:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.26 07:34:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.26 07:34:53 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.26 07:34:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.26 07:34:53 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.26 07:34:53 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.26 07:33:55 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.03.26 07:33:55 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.26 07:33:55 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.03.26 07:33:55 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.03.26 07:33:55 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.03.26 07:33:55 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.03.26 07:33:55 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.03.26 07:33:55 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.03.26 07:33:55 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.03.26 07:33:55 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.03.26 07:33:55 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.03.26 07:33:55 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.03.26 07:33:55 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.26 07:33:55 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.26 07:33:55 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.26 07:33:55 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.26 07:33:55 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.26 07:33:54 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.26 07:33:54 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.03.26 07:33:54 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.03.26 07:33:54 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.03.26 07:33:54 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.03.26 07:33:54 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.03.26 07:33:54 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.03.26 07:33:54 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.26 07:33:54 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.03.26 07:33:54 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.03.21 13:20:51 | 597,318,253 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.21 13:19:04 | 001,560,839 | ---- | M] () -- C:\Users\T_Hosang\response.res
[2013.03.21 13:19:04 | 000,197,133 | ---- | M] () -- C:\Users\T_Hosang\pr20130321.pro
[2013.03.20 13:03:00 | 001,470,282 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Cordlessprogramm.rar
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
 
========== Files Created - No Company Name ==========
 
[2013.04.12 15:58:33 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.04.12 15:58:27 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.04.11 14:13:02 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130411.pro
[2013.04.10 17:37:21 | 000,002,074 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.10 17:37:21 | 000,002,003 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Avira DE-Cleaner.lnk
[2013.04.04 07:18:50 | 000,001,255 | ---- | C] () -- C:\Users\T_Hosang\Desktop\HP Scan.lnk
[2013.04.02 16:59:03 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.03.26 19:23:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.26 19:22:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.03.26 19:22:02 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013.03.26 07:34:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.26 07:34:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.21 11:14:14 | 000,197,133 | ---- | C] () -- C:\Users\T_Hosang\pr20130321.pro
[2013.03.20 13:03:00 | 001,470,282 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Cordlessprogramm.rar
[2013.03.11 11:55:23 | 000,102,168 | ---- | C] () -- C:\Users\T_Hosang\pr20130311.pro
[2013.03.07 14:14:28 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130307-1.pro
[2013.03.07 10:49:51 | 000,788,470 | ---- | C] () -- C:\Users\T_Hosang\pr20130307.pro
[2013.03.05 13:04:01 | 000,027,708 | ---- | C] () -- C:\Users\T_Hosang\pr20130305.pro
[2013.02.27 09:43:15 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130227.pro
[2013.02.20 11:22:52 | 000,007,111 | ---- | C] () -- C:\Users\T_Hosang\pr20130220-1.pro
[2013.02.20 09:57:21 | 000,021,223 | ---- | C] () -- C:\Users\T_Hosang\pr20130220.pro
[2013.02.19 12:14:01 | 000,003,455 | ---- | C] () -- C:\Users\T_Hosang\pr20130219.pro
[2013.02.19 12:13:05 | 000,000,176 | ---- | C] () -- C:\Users\T_Hosang\properties
[2013.02.18 15:24:19 | 000,008,813 | ---- | C] () -- C:\Users\T_Hosang\response-1.res
[2013.02.18 15:24:19 | 000,001,798 | ---- | C] () -- C:\Users\T_Hosang\pr20130218-1.pro
[2013.02.18 15:24:19 | 000,000,312 | ---- | C] () -- C:\Users\T_Hosang\ComWinAccessSecMCache.ini
[2013.02.18 15:01:35 | 001,560,839 | ---- | C] () -- C:\Users\T_Hosang\response.res
[2013.02.18 15:01:35 | 000,159,419 | ---- | C] () -- C:\Users\T_Hosang\pr20130218.pro
[2013.02.16 16:37:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.02.16 16:22:19 | 000,002,923 | ---- | C] () -- C:\Users\T_Hosang\ComWin.Hst
[2013.02.16 03:03:30 | 001,594,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.07 12:58:18 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.06.07 12:58:18 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.06.07 12:37:36 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.06.07 11:04:32 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.04.20 18:43:54 | 000,286,680 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.04.13 19:54:49 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013.02.20 10:01:00 | 000,000,000 | ---D | M] -- C:\Appletcache
[2013.04.13 18:56:07 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.02.16 02:03:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.02.16 15:31:59 | 000,000,000 | ---D | M] -- C:\Drivers
[2013.02.16 02:40:32 | 000,000,000 | ---D | M] -- C:\Intel
[2013.02.16 16:18:05 | 000,000,000 | R--D | M] -- C:\MSOCache
[2013.03.26 18:42:34 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.03.20 13:05:34 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.04.13 20:42:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.04.13 19:49:38 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013.02.16 02:03:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.02.16 02:03:57 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.04.16 19:02:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.02.16 02:44:49 | 000,000,000 | R--D | M] -- C:\Users
[2013.04.13 22:11:53 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2013.04.13 18:56:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-003D-0000-0000-0000000FF1CE}
[2013.04.12 15:58:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
 
< %localappdata%\*. /5 >
[2013.04.16 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Local\FreePDF_XP
[2013.04.12 16:14:49 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Local\Microsoft
[2013.04.13 11:33:56 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Local\Programs
[2013.04.16 19:02:37 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Local\Temp
[2013.04.12 16:15:05 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Local\Windows Live

< End of report >

Alt 16.04.2013, 18:12   #20
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 16.04.2013 19:02:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\T_Hosang\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,87 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 77,34% Memory free
15,74 Gb Paging File | 13,11 Gb Available in Paging File | 83,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884,18 Gb Total Space | 833,58 Gb Free Space | 94,28% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 22,41 Gb Free Space | 89,63% Space Free | Partition Type: NTFS
 
Computer Name: JG_HOSANG | User Name: T_Hosang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048ED90D-6EEE-4A16-921D-BE7E24AEBB4D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0B17DCE0-522C-46F3-9B79-FB02AC75B38B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1840FE09-3F8A-496E-A2CD-B045B56FD5B9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{18655C56-433E-4275-B892-44E5E380E14A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{190A58F5-BEA9-4DA0-954A-34AD3B210A82}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1A8786B0-8008-4426-B880-12A7A7C925A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{1CBA8EAC-1C69-428E-A76C-E0C25660CF75}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2103E92D-5CB9-4EB7-86FF-6BA6EDA046AD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{29CA20C0-38AF-4014-B9D6-3F07EF31E827}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{336B1B2B-4C8A-4748-A782-0D3DEEBB9267}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{346AC7FE-4E45-442E-8D58-E593AB874D43}" = rport=139 | protocol=6 | dir=out | app=system | 
"{43397131-549C-4456-B680-D71E2098BA5D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{43EF3560-9BAE-4823-A5FC-BECBDC44FBB4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4C2A0157-1362-42C6-9DC9-D59219B7C3EE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5320B08F-BD80-4FEA-802E-61058D029BDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5F0A67AD-7847-454D-84AE-ECE81ECE7BD4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{778451D3-1CD7-480B-AEFB-B48CD6401EE1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8F6ADFE7-AE13-4458-AAF2-8C12B924E003}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96AA1A20-93EC-4382-B9B4-6F61104663F7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9BB456E9-578F-4221-B90C-85BDCB14190B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4C1E86A-FA10-4C5C-A510-FEF990E02DDD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B941B292-C47E-480B-87C0-302D28EAD15B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C18CF916-B878-42A7-8EB5-08704E041404}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CBA78450-6223-44E6-9536-2FE03C6670EA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CE90E626-14A0-4487-9BD3-66A7142EE609}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEB6F1C3-61FC-413B-BC17-739C1C86A64E}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{CFF5687B-8B13-4C38-A6FF-5BF2C7B3723B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DED821FE-EBD9-4024-A055-DF1EC3B12A62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DFF00467-FA4E-4E68-82B7-369812C32F9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{ECAB3E60-1534-4611-A9F2-10E96DE88A2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ECF17610-ACF0-44BA-B27A-1C0B632A8CF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FED8CD1A-90C9-41C4-A7DC-8764001955BC}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042785F1-FBF0-40F2-8053-68A33C0B6CB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{34776D13-EF04-496D-9897-C9A9374B5730}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{384AA766-4046-4F85-BE4B-B411C6535776}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E6EA6CC-7256-471F-9620-DC891DBD8054}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{49502B84-6CC1-4B51-AD7E-EB8B7BB22878}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4FB3D66C-3002-4FD5-B55B-71DD48B47365}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5AFD1B13-EB6B-481C-A2D5-4CCB41AD8883}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicatorcom.exe | 
"{75066E4E-F8AB-49B8-8CE5-EF1D4A6EAE4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{81CD006A-97F3-4156-8EF2-55CF3096BC8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EF14197-7050-40DC-ABB8-CEB1BB83F2CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F61AC27-1CE2-4B5D-870C-78CCC905249A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9D72520C-1B08-4345-BC90-35AFD7903EEA}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{A071B85D-6009-4C7E-A6BC-864C948C59B8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A840159F-DCBB-446A-808A-FE59C19A7ADE}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{AC979A56-6DEB-467C-82B9-63B9185C4851}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{B0F0C657-9F1B-4BBD-96FC-A347AB92B19E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B489C2C3-1574-448D-B69F-A4FC850AC040}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B4C3A11B-B392-4529-BABC-8C7D2A935425}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF3623AA-D418-4EA8-9FEB-17D1A9F5116A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C657E113-FFD3-4267-96C0-7B9500F65BA5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C994562C-AB6A-4A79-87FA-7E20EBFBFAD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CFD98EF8-9901-4E25-884B-2A79204F02A0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DEC6C256-AE59-44CA-A2E1-6E0631DAFB2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4D65228-50E5-4ACD-9682-9796FF636F85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA3F1260-3077-4BE7-80C6-6EC0A1F7968B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EB1EF426-2A61-49C6-BB15-D61165E1D351}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F309CD4E-4B95-4D65-899A-017F531341DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC9BFF47-B8EC-4D54-B0BF-9EEEA00BFAC0}" = protocol=6 | dir=out | app=system | 
"TCP Query User{0056C398-77E5-4CD3-B7CE-36B51AB37588}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{5093FA4A-CE4C-455A-BE1E-9D7E0DC45AE3}C:\program files (x86)\hipath 4000 expert access\comwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hipath 4000 expert access\comwin.exe | 
"TCP Query User{B013F175-8994-48A0-8EA7-90143771090A}C:\program files (x86)\hipath 4000 expert access\comwindbaccessclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hipath 4000 expert access\comwindbaccessclient.exe | 
"TCP Query User{C5EF3832-E4EE-4AC5-BE58-3473625C6E7A}C:\users\t_hosang\appdata\roaming\qysa\xapoo.exe" = protocol=6 | dir=in | app=c:\users\t_hosang\appdata\roaming\qysa\xapoo.exe | 
"TCP Query User{C73EA1CA-E2A2-4A73-BD64-B2045D93D3F0}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{5E0F0455-0270-478B-96FF-F0B32E57043C}C:\program files (x86)\hipath 4000 expert access\comwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hipath 4000 expert access\comwin.exe | 
"UDP Query User{72FA22AF-E8AE-4118-8FF2-87DD24B89491}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{8C6DC140-865A-4D11-9F63-5D6D5BB89343}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{BADD0DC9-C37E-4EA3-AC81-7B88076A07C7}C:\users\t_hosang\appdata\roaming\qysa\xapoo.exe" = protocol=17 | dir=in | app=c:\users\t_hosang\appdata\roaming\qysa\xapoo.exe | 
"UDP Query User{D954D614-975D-4C16-B8D1-84C54131A8A8}C:\program files (x86)\hipath 4000 expert access\comwindbaccessclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hipath 4000 expert access\comwindbaccessclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF3293DE-FCAC-4742-91BF-AD0174143FC3}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43E4E07B-6EC7-465B-9765-0A200E5CDBC5}" = mcEUPAC
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E4243ED3-DB3B-46D1-B2EB-5F81B5C26C31}" = ComWin / HiPath 4000 Expert Access
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.04.2013 12:34:37 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2013 12:35:53 | Computer Name = JG_Hosang | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T_Hosang\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.04.2013 13:00:31 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2013 13:55:58 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2013 14:26:20 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2013 14:42:34 | Computer Name = JG_Hosang | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T_Hosang\Downloads\esetsmartinstaller_enu(1).exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.04.2013 14:42:36 | Computer Name = JG_Hosang | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T_Hosang\Downloads\esetsmartinstaller_enu(1).exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.04.2013 14:44:09 | Computer Name = JG_Hosang | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T_Hosang\Downloads\esetsmartinstaller_enu(1).exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 15.04.2013 04:06:16 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.04.2013 04:23:33 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.04.2013 06:11:50 | Computer Name = JG_Hosang | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ Media Center Events ]
Error - 16.04.2013 04:26:07 | Computer Name = JG_Hosang | Source = MCUpdate | ID = 0
Description = 10:26:07 - Fehler beim Herstellen der Internetverbindung.  10:26:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2013 04:26:55 | Computer Name = JG_Hosang | Source = MCUpdate | ID = 0
Description = 10:26:54 - Fehler beim Herstellen der Internetverbindung.  10:26:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2013 05:27:44 | Computer Name = JG_Hosang | Source = MCUpdate | ID = 0
Description = 11:27:44 - Fehler beim Herstellen der Internetverbindung.  11:27:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2013 05:28:32 | Computer Name = JG_Hosang | Source = MCUpdate | ID = 0
Description = 11:28:32 - Fehler beim Herstellen der Internetverbindung.  11:28:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2013 06:29:26 | Computer Name = JG_Hosang | Source = MCUpdate | ID = 0
Description = 12:29:26 - Fehler beim Herstellen der Internetverbindung.  12:29:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2013 06:30:17 | Computer Name = JG_Hosang | Source = MCUpdate | ID = 0
Description = 12:30:13 - Fehler beim Herstellen der Internetverbindung.  12:30:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2013 07:31:07 | Computer Name = JG_Hosang | Source = MCUpdate | ID = 0
Description = 13:31:07 - Fehler beim Herstellen der Internetverbindung.  13:31:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2013 07:31:54 | Computer Name = JG_Hosang | Source = MCUpdate | ID = 0
Description = 13:31:54 - Fehler beim Herstellen der Internetverbindung.  13:31:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 16.04.2013 08:44:47 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 16.04.2013 08:46:16 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 16.04.2013 08:50:24 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 16.04.2013 09:24:20 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 16.04.2013 11:19:41 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 16.04.2013 11:19:41 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 16.04.2013 11:19:42 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 34001
Description = 
 
Error - 16.04.2013 11:19:42 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 30013
Description = 
 
Error - 16.04.2013 11:19:49 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 16.04.2013 13:02:10 | Computer Name = JG_Hosang | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
 
< End of report >


Alt 16.04.2013, 18:22   #21
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hallo,

ich kann da nichts mehr sehen.. (was aber natürlich keine Garantie bedeutet!)
Ich schlage vor, du wartest erstmal die Antwort der Telekom ab, wann diese Aktivitäten aufgezeichnet wurden und ob diese immer noch aktuell sind, ok?
Kannst du mir dann dieses Resultat bitte ebenfalls mitteilen?
__________________
--> Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt

Alt 16.04.2013, 18:40   #22
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Danke Dir, Ich werde die Antwort von der T-Com dann hier posten.

Gruß
Thorsten

Alt 16.04.2013, 18:44   #23
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Ok, alles klar, danke.
__________________
cheers,
Leo

Alt 17.04.2013, 16:17   #24
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hallo Leo,

hier die Antwort von der T-Com:

Zitat:
Sehr geehrter Herr XXX,

die beschwerdegegenständlichen Zugriffe fanden über die folgenden, Ihrem Zugang zugewiesenen IP-Adressen zu den angegebenen Zeitpunkten statt, die relevanten Zeitangaben aus den Beschwerden haben wir in die jeweilige deutsche Zeitzone (MESZ/MEZ) umgerechnet:

| 79.195.95.xxx Fr, 05.04.2013 15:04:45 MESZ
| 79.195.76.xxx Sa, 06.04.2013 16:08:37 MESZ Ermahnung
| 79.195.78.xxx Mo, 08.04.2013 20:13:50 MESZ
| 79.195.82.xxx Di, 09.04.2013 08:06:34 MESZ
| 91.50.75.xxx Di, 09.04.2013 18:10:09 MESZ
| 79.195.86.xxx Mi, 10.04.2013 07:52:30 MESZ
| 79.195.81.xxx Mi, 10.04.2013 16:37:13 MESZ
| 91.50.77.xxx Do, 11.04.2013 07:49:24 MESZ
| 79.195.68.xxx Sa, 13.04.2013 10:51:57 MESZ Portsperre: extern

Mit freundlichen Grüßen

Cxxxxx Rxxxxx
Gruß
Thorsten

Alt 17.04.2013, 16:35   #25
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hallo Thorsten,

der Zbot wurde hier in diesem Scan von MBAM entdeckt und gelöscht:
Zitat:
13.04.2013 18:29:02
mbam-log-2013-04-13 (18-29-02).txt

Infizierte Dateien: 1
C:\Users\T_Hosang\AppData\Roaming\Qysa\xapoo.exe (Trojan.Agent.BDAVGen) -> Löschen bei Neustart.
Die von der Telekom aufgezeichneten und angemahnten Aktivitäten stammen also tatsächlich allesamt vom Zeitraum vor dieser Löschung.
Wenn von Seiten der Telekom nichts Neues mehr kommt, ist die Sache in meinen Augen erledigt.
Wie siehst du das?
__________________
cheers,
Leo

Alt 17.04.2013, 16:52   #26
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


So sehe ich das auch. Somit können wir das Thema schliessen.

Gruß
Thorsten

Alt 17.04.2013, 16:56   #27
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Prima.
(Und nicht vergessen noch alle Passwörter zu ändern.)


Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort
Seite 2 von 2 1 2

Themen zu Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt
administrator, anti-malware, appdata, autostart, code, dateien, downloader, escan, explorer, hängen, kunde, logfiles, malwarebytes, microsoft, probleme, rechner, roaming, software, speicher, t-com, telekom, trojan.agent.bdavgen, trojaner, variant, win32/kryptik.aykh


« Geschwindigketseinbruch beim Browser | Iminent taucht jede Woche neu auf »


Ähnliche Themen: Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


  1. Telekom Brief Zeus/Zbot
    Log-Analyse und Auswertung - 26.05.2015 (32)
  2. Telekom E-Mail 'zeuS' 'Zbot'
    Log-Analyse und Auswertung - 01.02.2014 (3)
  3. Telekom e-mail Zeus/ZBot
    Log-Analyse und Auswertung - 26.11.2013 (7)
  4. Telekom Brief - ZeuS/ZBot Infektion
    Log-Analyse und Auswertung - 26.11.2013 (9)
  5. Sicherheitswarnung Telekom ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (9)
  6. Zeus/ZBot Telekom email
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (29)
  7. Zeus/ZBot vermutet. Schreiben Telekom und Hausbank hierzu.
    Log-Analyse und Auswertung - 31.05.2013 (19)
  8. ZeuS/ZBot Warnung von der Telekom
    Log-Analyse und Auswertung - 30.05.2013 (23)
  9. Telekom Brief Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (22)
  10. Telekom Warnung vor ZeuS/ZBot
    Log-Analyse und Auswertung - 05.03.2013 (15)
  11. Telekom Brief, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (16)
  12. Telekom-Hinweis auf ZeuS/ZBot
    Log-Analyse und Auswertung - 18.02.2013 (7)
  13. ZeuS/ZBot Schädling Schreiben der Telekom (Windows 7 32 und 64 bit)
    Log-Analyse und Auswertung - 22.12.2012 (49)
  14. Trojaner ZeuS/ZBot Telekom Brief
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (20)
  15. Post von der Telekom (ZeuS/ZBot)
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (4)
  16. Telekom verweist auf ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (11)
  17. Trojanerwarnung Zeus/ZBot von Telekom
    Log-Analyse und Auswertung - 28.10.2012 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Hallo Thorsten, auf welchen Zeitpunkt bezieht sich dieses Schreiben der Telekom? Deine Infektion wurde ja erst am Samstagabend entfernt. - Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt...
Archiv
Du betrachtest: Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55