Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Log-Analyse und Auswertung: Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 13.04.2013, 11:05   #1
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Moin Moin,

auch ich habe ein Schreiben von der T-Com bekommen, das auf meinem Rechner ein Trojaner ist.
Ich msche hier bewusst ein neues Thema auf, da ich mich nicht an die Probleme anderer User anhängen möchte.
Ich habe, wie es von der Telekom empfohlen wurde den DE-Cleaner laufen lassen. Dieser brachte auch ein Fund, der aber als unkritisch angesehen wurde. Nun bin ich aber total verunsichert, ob der Trojaner wirklich nicht mehr vorhanden ist, da ich den Rechner auch beruflich in Kunden Netzwerken nutze.
Ich habe, wie in anderen Beiträgen schon geschrieben, die Scanner von ESET und den Malwarebytes laufen lassen.

anbei die Logfiles der beiden Scanner:

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=18fd4c5f5d434d45870a3f2a829733f5
# engine=13609
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-13 09:27:14
# local_time=2013-04-13 11:27:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 134667 4823480 127456 0
# compatibility_mode=5893 16776573 100 94 80731 117475084 0 0
# scanned=117717
# found=2
# cleaned=0
# scan_time=1764
sh=776709D50234DF5000CD0618E38B34F863906CDE ft=1 fh=a03ae6ff6d7f0ab6 vn="a variant of Win32/Kryptik.AYKH trojan" ac=I fn="C:\Users\T_Hosang\AppData\Roaming\Qysa\xapoo.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Kryptik.AYKH trojan" ac=I fn="${Memory}"
Malware:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
T_Hosang :: JG_HOSANG [Administrator]

Schutz: Aktiviert

13.04.2013 11:39:00
MBAM-log-2013-04-13 (12-01-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336687
Laufzeit: 21 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\T_Hosang\AppData\Roaming\Qysa\xapoo.exe (Trojan.Agent.BDAVGen) -> 7728 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{22BEC2C2-304A-F76A-A1A6-BE2F6A90A683} (Trojan.Agent.BDAVGen) -> Daten: C:\Users\T_Hosang\AppData\Roaming\Qysa\xapoo.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\T_Hosang\AppData\Roaming\Qysa\xapoo.exe (Trojan.Agent.BDAVGen) -> Keine Aktion durchgeführt.

(Ende)
Ich hoffe, mir kann hier einer der Wisssenden weiter helfen.

Gruß
Thorsten

Alt 13.04.2013, 14:18   #2
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hallo Thorsten,

bei dir läuft tatsächlich ein Zbot.
Lass zuerst MBAM nochmals im Quickscan durchlaufen und lösche alle Funde. Danach noch Scans zur weiteren Analyse.


Schritt 1
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 2

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button.
  • Bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
  • Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!



Schritt 3

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Schritt 4

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von MBAM
  • Log von Gmer
  • Logs von OTL
__________________

__________________
Alt 13.04.2013, 18:17   #3
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hi Leo,

Wow, das ging ja super schnell, danke schon mal für die Hilfe.

hier die Logfiles Teil 1:

MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
T_Hosang :: JG_HOSANG [Administrator]

Schutz: Aktiviert

13.04.2013 18:29:02
mbam-log-2013-04-13 (18-29-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234566
Laufzeit: 58 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\T_Hosang\AppData\Roaming\Qysa\xapoo.exe (Trojan.Agent.BDAVGen) -> 7728 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{22BEC2C2-304A-F76A-A1A6-BE2F6A90A683} (Trojan.Agent.BDAVGen) -> Daten: C:\Users\T_Hosang\AppData\Roaming\Qysa\xapoo.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\T_Hosang\AppData\Roaming\Qysa\xapoo.exe (Trojan.Agent.BDAVGen) -> Löschen bei Neustart.

(Ende)
GMER:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-13 18:54:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB
Running: 066pciil.exe; Driver: C:\Users\T_Hosang\AppData\Local\Temp\uwlcipow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                    00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                  00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                  00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                  00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                           000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                       000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                         000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                            000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                     000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                      000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                    000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\ole32.dll!CoCreateInstance                                                            000007fefefe7490 11 bytes JMP 000007fffd410228
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                           000007fefeffbf00 7 bytes JMP 000007fffd410260
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     0000000075ab1465 2 bytes [AB, 75]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    0000000075ab14bb 2 bytes [AB, 75]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000075ab1465 2 bytes [AB, 75]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         0000000075ab14bb 2 bytes [AB, 75]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000075ab1465 2 bytes [AB, 75]
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000075ab14bb 2 bytes [AB, 75]
.text   ...                                                                                                                                                                      * 2
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                 00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                               00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                               00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                               00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                        000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                    000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                      000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                         000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                  000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                   000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                 000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\dxgi.dll!CreateDXGIFactory                                                                                         000007fef5f8dc88 5 bytes JMP 000007fff5f600d8
.text   C:\Windows\system32\Dwm.exe[2888] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1                                                                                        000007fef5f8de10 5 bytes JMP 000007fff5f60110
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                      00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                             000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                             00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                             0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                               0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                  0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                    0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                       0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                               0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                 0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                       0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                   00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                      0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2828] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                       0000000075b09d0b 5 bytes JMP 000000016f821249
.text   C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                            000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                              000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3088] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                 000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3088] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                          000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3088] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                           000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3088] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                         000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3088] C:\Windows\system32\ole32.dll!CoCreateInstance                                                 000007fefefe7490 11 bytes JMP 000007fffd410228
.text   C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3088] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                000007fefeffbf00 7 bytes JMP 000007fffd410260
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                            00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                          00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                          00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                          00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                   000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                               000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                 000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                    000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                             000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                              000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                            000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                    000007fefefe7490 11 bytes JMP 000007fffd410228
.text   C:\Windows\System32\igfxpers.exe[3384] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                   000007fefeffbf00 7 bytes JMP 000007fffd410260
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                 00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                               00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                               00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                               00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                        000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                    000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                      000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                         000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                  000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                   000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3544] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                 000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                       00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                     00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                     00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                     00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                              000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                          000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                            000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                               000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                        000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                         000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                       000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                               000007fefefe7490 11 bytes JMP 000007fffd410228
.text   C:\Program Files\Elantech\ETDCtrl.exe[3912] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                              000007fefeffbf00 7 bytes JMP 000007fffd410260
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                               000000007748000c 1 byte [C3]
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                          000000007750f85a 5 bytes JMP 00000001774bd571
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                           00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                  000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                  00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                  0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                    0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                       0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                     0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                         0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                            0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                            0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                        00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                    0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                      0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                           0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                            0000000075b09d0b 5 bytes JMP 000000016f821249
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075ab1465 2 bytes [AB, 75]
.text   C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000075ab14bb 2 bytes [AB, 75]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                     00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                            000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                            00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                            0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                              0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                 0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                               0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                   0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                      0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\user32.dll!CreateWindowExW                                                      0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\user32.dll!EnumDisplayDevicesA                                                  00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                              0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                     0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe[3468] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                      0000000075b09d0b 5 bytes JMP 000000016f821249
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                               00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                             00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                             00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                             00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\kernel32.dll!RegSetValueExA                                      000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                  000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                    000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                       000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                 000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                               000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\ole32.dll!CoCreateInstance                                       000007fefefe7490 11 bytes JMP 000007fffd410228
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe[3592] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                      000007fefeffbf00 7 bytes JMP 000007fffd410260
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                                                       00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                                                              000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                                                              00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                                                              0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                                                                0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                   0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                 0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                     0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                        0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                  0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                        0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                    00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000075ab1465 2 bytes [AB, 75]
.text   C:\Program Files (x86)\Samsung\Kies\Kies.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              0000000075ab14bb 2 bytes [AB, 75]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW                                                    00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx                                                  00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation                                                  00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW                                                  00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\KERNEL32.dll!RegSetValueExA                                                           000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                       000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                         000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                            000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                     000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                      000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                    000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\ole32.dll!CoCreateInstance                                                            000007fefefe7490 11 bytes JMP 000007fffd410228
.text   C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3248] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                           000007fefeffbf00 7 bytes JMP 000007fffd410260
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\kernel32.dll!RegSetValueExA           00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW  000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx  00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation  0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW    0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW       0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW     0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW         0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary            0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList    0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo      0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\USER32.dll!CreateWindowExW            0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA        00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket           0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3696] C:\Windows\syswow64\ole32.dll!CoCreateInstance            0000000075b09d0b 5 bytes JMP 000000016f821249
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                       00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                     00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                     00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                     00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                              000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                          000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                            000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                               000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                        000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                         000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                       000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\ole32.dll!CoCreateInstance                                                               000007fefefe7490 11 bytes JMP 000007fffd410228
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2904] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                              000007fefeffbf00 7 bytes JMP 000007fffd410260
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                      00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                             000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                             00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                             0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                               0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                  0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                    0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                       0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                               0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                 0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                       0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                   00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                      0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4088] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                       0000000075b09d0b 5 bytes JMP 000000016f821249
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                     00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                            000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                            00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                            0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                              0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                 0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                               0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                   0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                      0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                      0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                  00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                              0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                     0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Program Files (x86)\FreePDF_XP\fpassist.exe[2852] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                      0000000075b09d0b 5 bytes JMP 000000016f821249
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                         00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                  0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                     0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                   0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                       0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                          0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                          0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                      00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                  0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                    0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                         0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3436] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                          0000000075b09d0b 5 bytes JMP 000000016f821249
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                      00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                    00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                    00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                    00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                             000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                         000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                           000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                              000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                       000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3692] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                              00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                     000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                     00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                     0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                       0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                          0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                        0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                            0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                               0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                               0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                           00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                       0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                         0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                              0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3796] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                               0000000075b09d0b 5 bytes JMP 000000016f821249
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                  00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                         000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                         00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                         0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                           0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                              0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                            0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                   0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                           0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                             0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                   0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe[3416] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                               00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                   00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                          000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                          00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                          0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                            0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                               0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                             0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                 0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                    0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                            0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                              0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                    0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                   0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                    0000000075b09d0b 5 bytes JMP 000000016f821249
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075ab1465 2 bytes [AB, 75]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          0000000075ab14bb 2 bytes [AB, 75]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                 00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                               00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                               00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                               00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                        000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                    000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                      000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                         000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                  000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                   000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[1284] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                 000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                              00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                              00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                              00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                       000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                   000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                     000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                        000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                 000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                  000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\Elantech\ETDIntelligent.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Windows\SysWOW64\RunDll32.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000075ab1465 2 bytes [AB, 75]
.text   C:\Windows\SysWOW64\RunDll32.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          0000000075ab14bb 2 bytes [AB, 75]
.text   ...                                                                                                                                                                      * 2
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                00000000771aefe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                              00000000771d99b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                              00000000771e94d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                              00000000771e9640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                       000000007720a500 7 bytes JMP 000000016fff01b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                   000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                     000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                        000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                 000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                  000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\ole32.dll!CoCreateInstance                                                        000007fefefe7490 11 bytes JMP 000007fffd410228
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[4524] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                       000007fefeffbf00 7 bytes JMP 000007fffd410260
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe[1956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                  000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe[1956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                    000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe[1956] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                       000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe[1956] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe[1956] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                 000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe[1956] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                               000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000075ab1465 2 bytes [AB, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000075ab14bb 2 bytes [AB, 75]
.text   ...                                                                                                                                                                      * 2
.text   C:\Windows\system32\wuauclt.exe[4824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                000007fefd423460 7 bytes JMP 000007fffd4100d8
.text   C:\Windows\system32\wuauclt.exe[4824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                  000007fefd429940 6 bytes JMP 000007fffd410148
.text   C:\Windows\system32\wuauclt.exe[4824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                     000007fefd429fb0 5 bytes JMP 000007fffd410180
.text   C:\Windows\system32\wuauclt.exe[4824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                              000007fefd42a150 5 bytes JMP 000007fffd410110
.text   C:\Windows\system32\wuauclt.exe[4824] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                     000007fefefe7490 11 bytes JMP 000007fffd410228
.text   C:\Windows\system32\wuauclt.exe[4824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                    000007fefeffbf00 7 bytes JMP 000007fffd410260
.text   C:\Windows\system32\wuauclt.exe[4824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                               000007fefd9689e0 8 bytes JMP 000007fffd4101f0
.text   C:\Windows\system32\wuauclt.exe[4824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                             000007fefd96be40 8 bytes JMP 000007fffd4101b8
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                             00000000757f1429 7 bytes JMP 000000016f8212ad
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                    000000007580b223 5 bytes JMP 000000016f8215be
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                    00000000758888f4 7 bytes JMP 000000016f821357
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                    0000000075888979 5 bytes JMP 000000016f8216e0
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                      0000000075888ccf 5 bytes JMP 000000016f821028
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                         0000000075411d1b 5 bytes JMP 000000016f8211ef
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                       0000000075411dc9 5 bytes JMP 000000016f821023
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                           0000000075412aa4 5 bytes JMP 000000016f82156e
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                              0000000075412d0a 5 bytes JMP 000000016f821294
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                      0000000075c4e9a2 5 bytes JMP 000000016f8215d7
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        0000000075c4ebdc 5 bytes JMP 000000016f8211b8
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                              0000000075298a29 5 bytes JMP 000000016f821050
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                          00000000752a4572 5 bytes JMP 000000016f8210d2
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                             0000000075ad5ea5 5 bytes JMP 000000016f821609
.text   C:\Users\T_Hosang\Desktop\066pciil.exe[6496] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                              0000000075b09d0b 5 bytes JMP 000000016f821249

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4980:5640]                                                                                                           000007fefb262a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4980:5768]                                                                                                           000007fee734d618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4980:5644]                                                                                                           000007fef9df5124
Thread  C:\Windows\System32\svchost.exe [6056:2660]                                                                                                                              000007fee5c39688

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----

DANKE und Gruß
Thorsten
__________________
Alt 13.04.2013, 18:20   #4
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Und hier Teil 2:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 13.04.2013 19:04:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\T_Hosang\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,87 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 69,00% Memory free
15,74 Gb Paging File | 13,06 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884,18 Gb Total Space | 824,11 Gb Free Space | 93,21% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 22,41 Gb Free Space | 89,63% Space Free | Partition Type: NTFS
 
Computer Name: JG_HOSANG | User Name: T_Hosang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.13 19:02:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T_Hosang\Downloads\OTL.exe
PRC - [2013.04.11 21:56:43 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.04.05 19:38:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.05 19:38:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.05 19:38:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.28 11:32:38 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.03.28 11:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.03.28 11:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.13 11:37:04 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.03 16:09:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvc.exe
PRC - [2012.12.03 16:02:34 | 000,355,840 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe
PRC - [2012.05.21 16:26:28 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.04.23 17:49:26 | 000,069,632 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2012.04.23 17:49:04 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2012.02.29 10:20:04 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.29 10:19:58 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.29 10:19:48 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 21:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.11 21:56:43 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.26 19:23:16 | 000,218,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\3b21f0b55f7c0dc1fe2295613c3cb921\Interop.FNCClient11Lib.ni.dll
MOD - [2013.03.26 19:23:16 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\692afb6aa3ecd0c71c9cea09c2eae2ed\Vodafone.UpdateManager.ni.dll
MOD - [2013.03.26 19:23:15 | 000,552,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\647443dc0f81de96a84d4d4db789cc42\Vodafone.View.SecondaryWindows.ni.dll
MOD - [2013.03.26 19:23:15 | 000,302,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\5c2c61c4d70a6706e0f30164cddd614f\Vodafone.DeviceAccess.Internals.ni.dll
MOD - [2013.03.26 19:23:15 | 000,198,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\153b2dd90af2ed145208944103101d65\Vodafone.Model.Connection.ni.dll
MOD - [2013.03.26 19:23:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\322749c2fbd26266ef8378513cf439bc\Vodafone.Core.Remoting.ni.dll
MOD - [2013.03.26 19:23:15 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.INSTALLERCO#\f52d12a80cd22baf114cbe6c178ea653\Interop.INSTALLERCONTROLLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,543,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\0ff7b572ccc932b41cd2d1eb67045d6c\Vodafone.Base.Internals.ni.dll
MOD - [2013.03.26 19:23:14 | 000,138,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\718d20210ed30f44294ecde6cfb04d0c\Vodafone.DeviceAccess.Factory.ni.dll
MOD - [2013.03.26 19:23:14 | 000,125,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\66d2d8ce84bf89f049a02c499cc6b0f6\Vodafone.Vpn.ni.dll
MOD - [2013.03.26 19:23:14 | 000,070,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.VpnApiLib\db3ad96a4eabdaf8c6d3621dfbef2379\Interop.VpnApiLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\6d09b9bc2989a46f86e424de338fa4f7\Vodafone.Base.Factory.ni.dll
MOD - [2013.03.26 19:23:14 | 000,031,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FCCOMINTDLL#\d22f87b0c2a72cb67b2171f9ae12c46c\Interop.FCCOMINTDLLLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1f209a64bf52d5c7d663efb1475d31a9\Vodafone.DeviceAccess.Interfaces.ni.dll
MOD - [2013.03.26 19:23:13 | 001,147,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\b470c0145f1efb6ad5c8b1e7bd7353bc\Vodafone.BusinessLogic.ni.dll
MOD - [2013.03.26 19:23:13 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\f5e838d40617381b3ff924b9560e0227\Vodafone.LanWlanManager.ni.dll
MOD - [2013.03.26 19:23:13 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\d9dc106e80c04099dd52cfb025488934\Vodafone.Core.CoreInstanceProvider.ni.dll
MOD - [2013.03.26 19:23:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\9b9e089271e12f12629c6dd4c28a17ab\Vodafone.Contracts.Adapter.ni.dll
MOD - [2013.03.26 19:23:12 | 000,353,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\81874d295af0a5acdf4439d1e993735a\Vodafone.ReportingManager.ni.dll
MOD - [2013.03.26 19:23:12 | 000,193,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\9ed375fd93ec3ff0a11c3a03afb084ac\Vodafone.SmsContactManager.ni.dll
MOD - [2013.03.26 19:23:12 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\28e927aefa407437945e6d6148a5963b\Vodafone.Core.Interfaces.ni.dll
MOD - [2013.03.26 19:23:12 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\be99bfb6b672913329019aed5af2b438\Vodafone.OutlookConnector.ni.dll
MOD - [2013.03.26 19:23:11 | 002,104,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\4a69d3bfa1111bcd9328e15165ee78ad\Spring.Core.ni.dll
MOD - [2013.03.26 19:23:11 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\0c5008375abad2d7074f91953acd7158\Common.Logging.ni.dll
MOD - [2013.03.26 19:23:10 | 000,363,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\dd58c977bd687a25a3fca70f42823d64\Vodafone.DataAccessor.ni.dll
MOD - [2013.03.26 19:23:10 | 000,119,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\d65e3892ff3bfd90b6b37f7ef0c8761c\Interop.Shell32.ni.dll
MOD - [2013.03.26 19:23:10 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\2e2f51624793d37af79fec4e31e9c526\Vodafone.SmsProfileManager.ni.dll
MOD - [2013.03.26 19:23:10 | 000,059,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\bac4366647500291fa77f70a8698625f\Vodafone.SettingsManager.ni.dll
MOD - [2013.03.26 19:23:10 | 000,042,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\4fafee69e5ba2a98d6d46d2a52568595\Vodafone.InstanceProvider.Impl.ni.dll
MOD - [2013.03.26 19:23:10 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\301e862ff848c3bdb219d92a3f8bf0ab\Vodafone.View.ManagedToolTip.ni.dll
MOD - [2013.03.26 19:23:09 | 000,971,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\d1fd414ec0cc1054205b2288efca8a59\Vodafone.View.Shared.ni.dll
MOD - [2013.03.26 19:23:09 | 000,387,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\cbb3dd676decfa4ea4c8ca2598f0ae95\Vodafone.CommonDialogs.ni.dll
MOD - [2013.03.26 19:23:07 | 001,304,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\f4ca72c3d9638d73b47c35ca730b0381\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll
MOD - [2013.03.26 19:23:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\75298ac9b1442d682eb275e0af55c54a\Infragistics2.Win.Misc.v9.2.ni.dll
MOD - [2013.03.26 19:23:04 | 011,055,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\b100ea9c0606c9e1f265c1f610c3ca88\Infragistics2.Win.v9.2.ni.dll
MOD - [2013.03.26 19:22:58 | 000,871,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\1ebe24369c92a181b263b1426fce18f2\Infragistics2.Shared.v9.2.ni.dll
MOD - [2013.03.26 19:22:57 | 007,140,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\1bd47dc0e94ca0b2e7834b697cef6d59\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll
MOD - [2013.03.26 19:22:52 | 000,133,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\ea8f7363640229e960a5cc7d0af3cc74\Vodafone.Core.Contracts.ni.dll
MOD - [2013.03.26 19:22:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\637a9000e10f24056bad88a99b373ea3\Vodafone.Contracts.Presenter.ni.dll
MOD - [2013.03.26 19:22:51 | 002,068,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\cd1e0f2db302f54b64c5875162d30562\MobileBroadbandResources.ni.dll
MOD - [2013.03.26 19:22:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\6fbbdfb3476c03830778328858225e90\Vodafone.Contracts.Model.ni.dll
MOD - [2013.03.26 19:22:51 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\c02c2b70f0aa6a3ceaa2e5557f3d1a92\Vodafone.Contracts.View.ni.dll
MOD - [2013.03.26 19:22:51 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\d5b04b0f2d0202887ab8b07bb37aa876\Vodafone.Contracts.Common.ni.dll
MOD - [2013.03.26 19:22:51 | 000,091,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\c41f6a7ab89af0ab36028b3e610e98b9\Vodafone.DeviceAccess.Contracts.ni.dll
MOD - [2013.03.26 19:22:50 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\ae16d1c2a67ad16252492f63f965d81a\Vodafone.ApplicationHost.Impl.ni.dll
MOD - [2013.03.26 19:22:49 | 000,357,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\a86466fc2e5b4cf65a16796aa384788c\Vodafone.Base.Win32.ni.dll
MOD - [2013.03.26 19:22:49 | 000,178,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\21424d9809eade410fbb8d4e724e47ef\Vodafone.Common.ni.dll
MOD - [2013.03.26 19:22:49 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Mondrian\74ec52478cf6336c04c2b395cc4caa8e\Vodafone.Mondrian.ni.dll
MOD - [2013.03.26 19:22:48 | 000,645,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\fc5a7f356272e75ec53c6a707911d6b9\Vodafone.Data.ni.dll
MOD - [2013.03.26 19:22:48 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\ab447bac91a20964705c797ddeb4fb6b\Vodafone.Base.Contracts.ni.dll
MOD - [2013.03.26 19:22:48 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\fea5d71bb858ce110259395035feec8c\Vodafone.LogEngine.ni.dll
MOD - [2013.03.26 19:22:48 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\f0410779d3c0333eebdebbbd10de4392\Vodafone.MobileBroadband.CallbackHandler.ni.dll
MOD - [2013.03.26 19:22:47 | 001,421,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\289aa77ce94eec188a3b17ddc16caf1e\Vodafone.Platform.ni.dll
MOD - [2013.03.26 19:22:45 | 000,057,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\7afe76097b2a183db950a44b4e710d5c\MobileBroadband.ni.exe
MOD - [2013.03.13 11:37:04 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.02.20 18:40:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.02.20 18:40:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.02.20 18:39:50 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.02.20 18:28:41 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.02.20 18:28:32 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.02.20 18:28:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.02.20 18:28:26 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.02.20 18:28:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.02.20 18:28:23 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.02.20 18:28:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.02.20 18:28:15 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013.02.16 20:09:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.02.16 20:09:04 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll
MOD - [2013.02.16 20:09:04 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll
MOD - [2013.02.16 20:08:49 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.02.16 19:55:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.02.16 19:55:43 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.02.16 19:55:42 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.16 19:55:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.02.16 19:55:37 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.02.16 19:55:36 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.02.16 19:55:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.16 19:55:14 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.16 19:55:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013.02.16 19:55:09 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.02.16 19:54:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.02.16 19:54:51 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll
MOD - [2013.02.16 19:54:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.16 19:54:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.02.16 19:54:09 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.16 19:53:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.03 16:02:34 | 000,355,840 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe
MOD - [2012.12.03 16:01:36 | 000,998,912 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\COMWIN1_50.BPL
MOD - [2012.06.23 01:46:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.04.23 17:49:20 | 000,396,800 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2011.04.12 09:43:11 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.12.17 17:46:00 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.11 21:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.05 19:38:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.05 19:38:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.13 11:37:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.03 16:09:04 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvc.exe -- (ComWinService)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.07 13:03:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.23 17:49:04 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2012.02.29 10:20:04 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.29 10:19:58 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.29 10:19:48 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.01 19:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.12.05 10:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.05 09:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.06.24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.05 19:38:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.05 19:38:32 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.05 19:38:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.26 19:22:30 | 000,039,592 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2013.03.26 19:22:30 | 000,016,552 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.02.22 09:17:06 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.02.22 09:17:06 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.02.16 02:49:43 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013.02.16 02:49:43 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.08.07 20:40:48 | 000,311,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.06.07 12:49:08 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.05.21 16:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.05.21 16:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.05.21 16:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.04.20 18:45:36 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2012.04.20 18:45:36 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.04.20 18:45:36 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012.04.20 18:45:36 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.03.26 19:31:30 | 000,027,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.02 12:07:00 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.02 12:07:00 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.02 12:07:00 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.02 12:07:00 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.02 12:07:00 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.02 12:07:00 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.01.31 14:17:00 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.12.06 20:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.12.05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.12.05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.15 19:24:20 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.11.15 12:12:08 | 000,111,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.11.10 18:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.28 04:45:00 | 003,821,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL564.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.01 15:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.29 19:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF F7 AA 6C A3 25 CE 01  [binary data]
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2013.03.26 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:56:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:56:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:56:41 | 000,000,000 | ---D | M]
 
[2013.02.16 16:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\Extensions
[2013.04.11 21:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 21:56:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.01 21:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 21:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.01 21:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 21:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 21:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 21:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [ComWin-Frame] C:\Program Files (x86)\HiPath 4000 Expert Access\comwinsvr.exe ()
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [HP Deskjet 3050 J610 series (NET)] C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://192.0.2.5/public/downloads/j2re-win-i.exe (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68463A1D-E420-45B4-A7E4-560C4EA199A1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D8F5EF9-6AEA-4449-A3A1-D54707BB83B0}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2592200-3B4D-4A54-A3CB-46C29430E558}: DhcpNameServer = 10.229.32.10 10.229.32.11 10.252.128.12
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{594b1766-7aa2-11e2-8c26-c0143dd7ba88}\Shell - "" = AutoRun
O33 - MountPoints2\{594b1766-7aa2-11e2-8c26-c0143dd7ba88}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{abfbd593-9077-11e2-b3d9-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{abfbd593-9077-11e2-b3d9-001e101f1838}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e281be9d-79b4-11e2-8c33-c0143dd7ba88}\Shell - "" = AutoRun
O33 - MountPoints2\{e281be9d-79b4-11e2-8c33-c0143dd7ba88}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e281bf5e-79b4-11e2-8c33-c0143dd7ba88}\Shell - "" = AutoRun
O33 - MountPoints2\{e281bf5e-79b4-11e2-8c33-c0143dd7ba88}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f401f793-9639-11e2-ac6d-c0143dd7ba88}\Shell - "" = AutoRun
O33 - MountPoints2\{f401f793-9639-11e2-ac6d-c0143dd7ba88}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.13 18:55:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.13 18:55:26 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.13 18:55:26 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.13 18:55:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.13 18:55:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.13 18:55:26 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.13 18:55:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.13 18:55:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.13 18:55:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.13 18:55:26 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.13 18:55:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.13 18:55:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.13 18:55:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.13 18:55:25 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.13 18:55:24 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.13 11:34:31 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\Malwarebytes
[2013.04.13 11:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.13 11:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.13 11:34:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.13 11:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.13 11:33:56 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Local\Programs
[2013.04.12 15:58:36 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.04.12 15:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.04.12 15:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.04.12 15:57:29 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.04.12 15:57:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.04.12 15:57:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.04.12 15:57:29 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.04.12 15:57:29 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.04.12 15:57:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.04.12 15:57:26 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.04.12 15:57:26 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.04.12 15:57:04 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.04.12 15:57:04 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.04.12 15:56:34 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2013.04.12 15:56:34 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2013.04.12 15:55:48 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Local\Windows Live
[2013.04.12 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.04.11 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 08:00:02 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 08:00:02 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 08:00:01 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 08:00:01 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 08:00:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 08:00:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 07:59:58 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 07:59:58 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 07:59:58 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 07:59:57 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 07:59:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 07:59:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.06 16:21:18 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.05 19:38:45 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.05 19:38:45 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.05 19:38:45 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.05 19:33:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.04.02 16:58:52 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.04.02 16:58:52 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.04.02 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013.03.26 19:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sierra Wireless
[2013.03.26 19:23:00 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01007.dll
[2013.03.26 19:23:00 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.03.26 19:23:00 | 000,087,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.03.26 19:22:58 | 000,422,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013.03.26 19:22:58 | 000,223,232 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.03.26 19:22:30 | 000,039,592 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2013.03.26 19:22:30 | 000,016,552 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2013.03.26 19:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2013.03.26 19:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.26 18:58:45 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.26 18:58:45 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.26 18:58:45 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.26 18:58:45 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.26 18:58:45 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.26 18:58:45 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.26 18:58:45 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.26 18:58:45 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.26 18:58:45 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.26 18:58:45 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.26 18:58:45 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.26 18:58:45 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.26 18:58:45 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.26 18:58:45 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.26 18:58:45 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.26 18:58:45 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.26 18:58:45 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.26 18:58:45 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.26 18:58:45 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.26 18:58:45 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.26 18:58:45 | 000,030,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2013.03.26 18:42:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.03.26 07:34:54 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.26 07:34:54 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.26 07:34:54 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.26 07:34:54 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.26 07:34:54 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.26 07:34:54 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.26 07:34:54 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.26 07:34:54 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.26 07:34:54 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.26 07:34:54 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.26 07:34:54 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.26 07:34:54 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.26 07:34:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.26 07:34:54 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.26 07:34:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.26 07:34:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.26 07:34:54 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.26 07:34:54 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.26 07:34:54 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.26 07:34:54 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.26 07:34:54 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.26 07:34:54 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.26 07:34:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.26 07:34:54 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.26 07:34:54 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.26 07:34:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.26 07:34:54 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.26 07:34:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.26 07:34:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.26 07:34:54 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.26 07:34:53 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.26 07:34:53 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.26 07:34:53 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.26 07:34:53 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.26 07:34:53 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.26 07:34:53 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.26 07:34:53 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.26 07:34:53 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.26 07:34:53 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.26 07:34:53 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.26 07:34:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.26 07:34:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.26 07:34:53 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.26 07:34:53 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.26 07:34:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.26 07:34:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.26 07:34:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.26 07:34:53 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.26 07:34:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.26 07:34:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.26 07:34:53 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.26 07:34:53 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.26 07:34:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.26 07:33:55 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.03.26 07:33:55 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.26 07:33:55 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.03.26 07:33:55 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.03.26 07:33:55 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.03.26 07:33:55 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.03.26 07:33:55 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.03.26 07:33:55 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.03.26 07:33:55 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.03.26 07:33:55 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.03.26 07:33:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.03.26 07:33:55 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.03.26 07:33:55 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.26 07:33:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.26 07:33:55 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.26 07:33:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.26 07:33:55 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.26 07:33:54 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.26 07:33:54 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.03.26 07:33:54 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.03.26 07:33:54 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.03.26 07:33:54 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.03.26 07:33:54 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.03.26 07:33:54 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.03.26 07:33:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.26 07:33:54 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.03.26 07:33:54 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\WinRAR
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 13:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.13 19:07:19 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 19:07:19 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 18:59:29 | 000,346,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.13 18:59:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.13 18:58:39 | 2041,921,535 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 18:37:45 | 000,377,856 | ---- | M] () -- C:\Users\T_Hosang\Desktop\066pciil.exe
[2013.04.13 18:36:23 | 000,000,000 | ---- | M] () -- C:\Users\T_Hosang\defogger_reenable
[2013.04.13 18:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.13 18:35:32 | 000,050,477 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Defogger.exe
[2013.04.11 21:17:25 | 000,002,923 | ---- | M] () -- C:\Users\T_Hosang\ComWin.Hst
[2013.04.11 14:13:02 | 000,000,000 | ---- | M] () -- C:\Users\T_Hosang\pr20130411.pro
[2013.04.10 17:37:21 | 000,002,074 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.10 17:37:21 | 000,002,003 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Avira DE-Cleaner.lnk
[2013.04.08 06:53:48 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 06:53:48 | 000,698,764 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 06:53:48 | 000,652,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 06:53:48 | 000,148,788 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 06:53:48 | 000,121,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.06 16:21:14 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.06 16:21:14 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.06 16:21:14 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.06 16:21:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.06 16:21:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.06 16:21:14 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.05 19:38:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.05 19:38:32 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.05 19:38:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 07:18:50 | 000,001,255 | ---- | M] () -- C:\Users\T_Hosang\Desktop\HP Scan.lnk
[2013.04.02 16:59:03 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.03.26 19:23:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.26 19:22:30 | 000,039,592 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2013.03.26 19:22:30 | 000,016,552 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2013.03.26 19:22:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.03.26 19:22:02 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013.03.26 07:34:54 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.26 07:34:54 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.26 07:34:54 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.26 07:34:54 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.26 07:34:54 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.26 07:34:54 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.26 07:34:54 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.26 07:34:54 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.26 07:34:54 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.26 07:34:54 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.26 07:34:54 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.26 07:34:54 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.26 07:34:54 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.26 07:34:54 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.26 07:34:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.26 07:34:54 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.26 07:34:54 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.26 07:34:54 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.26 07:34:54 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.26 07:34:54 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.26 07:34:54 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.26 07:34:54 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.26 07:34:54 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.26 07:34:54 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.26 07:34:54 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.26 07:34:54 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.26 07:34:54 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.26 07:34:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.26 07:34:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.26 07:34:54 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.26 07:34:54 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.26 07:34:53 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.26 07:34:53 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.26 07:34:53 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.26 07:34:53 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.26 07:34:53 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.26 07:34:53 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.26 07:34:53 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.26 07:34:53 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.26 07:34:53 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.26 07:34:53 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.26 07:34:53 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.26 07:34:53 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.26 07:34:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.26 07:34:53 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.26 07:34:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.26 07:34:53 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.26 07:34:53 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.26 07:34:53 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.26 07:34:53 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.26 07:34:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.26 07:34:53 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.26 07:34:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.26 07:34:53 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.26 07:34:53 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.26 07:33:55 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.03.26 07:33:55 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.03.26 07:33:55 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.03.26 07:33:55 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.03.26 07:33:55 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.03.26 07:33:55 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.03.26 07:33:55 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.03.26 07:33:55 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.03.26 07:33:55 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.03.26 07:33:55 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.03.26 07:33:55 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.03.26 07:33:55 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.03.26 07:33:55 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.03.26 07:33:55 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.26 07:33:55 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.26 07:33:55 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.26 07:33:55 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.26 07:33:55 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.26 07:33:54 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.26 07:33:54 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.03.26 07:33:54 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.03.26 07:33:54 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.03.26 07:33:54 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.03.26 07:33:54 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.03.26 07:33:54 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.03.26 07:33:54 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.03.26 07:33:54 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.03.26 07:33:54 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.03.21 13:20:51 | 597,318,253 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.21 13:19:04 | 001,560,839 | ---- | M] () -- C:\Users\T_Hosang\response.res
[2013.03.21 13:19:04 | 000,197,133 | ---- | M] () -- C:\Users\T_Hosang\pr20130321.pro
[2013.03.20 13:03:00 | 001,470,282 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Cordlessprogramm.rar
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.03.15 07:53:06 | 026,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.15 07:53:06 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.15 07:53:06 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.15 07:53:06 | 017,990,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.15 07:53:06 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.15 07:53:06 | 015,508,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.15 07:53:06 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.15 07:53:06 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.15 07:53:06 | 009,414,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.15 07:53:06 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.15 07:53:06 | 007,573,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.15 07:53:06 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.15 07:53:06 | 002,913,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.15 07:53:06 | 002,864,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.03.15 07:53:06 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.15 07:53:06 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.15 07:53:06 | 002,355,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.15 07:53:06 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.15 07:53:06 | 001,118,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.03.15 07:53:06 | 000,968,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.15 07:53:06 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.15 07:53:06 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys
[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.15 06:16:18 | 003,477,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.03.15 06:16:17 | 006,398,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.03.15 06:16:10 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.03.15 06:16:10 | 001,016,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll
[2013.03.15 06:16:10 | 000,568,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\oemdspif.dll
[2013.03.15 06:16:10 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.03.15 06:16:10 | 000,076,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll
[2013.03.15 06:16:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
 
========== Files Created - No Company Name ==========
 
[2013.04.13 18:37:44 | 000,377,856 | ---- | C] () -- C:\Users\T_Hosang\Desktop\066pciil.exe
[2013.04.13 18:36:23 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\defogger_reenable
[2013.04.13 18:35:30 | 000,050,477 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Defogger.exe
[2013.04.12 15:58:33 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.04.12 15:58:27 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.04.11 14:13:02 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130411.pro
[2013.04.10 17:37:21 | 000,002,074 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.10 17:37:21 | 000,002,003 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Avira DE-Cleaner.lnk
[2013.04.04 07:18:50 | 000,001,255 | ---- | C] () -- C:\Users\T_Hosang\Desktop\HP Scan.lnk
[2013.04.02 16:59:03 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.03.26 19:23:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.26 19:22:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.03.26 19:22:02 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013.03.26 07:34:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.26 07:34:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.21 11:14:14 | 000,197,133 | ---- | C] () -- C:\Users\T_Hosang\pr20130321.pro
[2013.03.20 13:03:00 | 001,470,282 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Cordlessprogramm.rar
[2013.03.11 11:55:23 | 000,102,168 | ---- | C] () -- C:\Users\T_Hosang\pr20130311.pro
[2013.03.07 14:14:28 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130307-1.pro
[2013.03.07 10:49:51 | 000,788,470 | ---- | C] () -- C:\Users\T_Hosang\pr20130307.pro
[2013.03.05 13:04:01 | 000,027,708 | ---- | C] () -- C:\Users\T_Hosang\pr20130305.pro
[2013.02.27 09:43:15 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130227.pro
[2013.02.20 11:22:52 | 000,007,111 | ---- | C] () -- C:\Users\T_Hosang\pr20130220-1.pro
[2013.02.20 09:57:21 | 000,021,223 | ---- | C] () -- C:\Users\T_Hosang\pr20130220.pro
[2013.02.19 12:14:01 | 000,003,455 | ---- | C] () -- C:\Users\T_Hosang\pr20130219.pro
[2013.02.19 12:13:05 | 000,000,176 | ---- | C] () -- C:\Users\T_Hosang\properties
[2013.02.18 15:24:19 | 000,008,813 | ---- | C] () -- C:\Users\T_Hosang\response-1.res
[2013.02.18 15:24:19 | 000,001,798 | ---- | C] () -- C:\Users\T_Hosang\pr20130218-1.pro
[2013.02.18 15:24:19 | 000,000,312 | ---- | C] () -- C:\Users\T_Hosang\ComWinAccessSecMCache.ini
[2013.02.18 15:01:35 | 001,560,839 | ---- | C] () -- C:\Users\T_Hosang\response.res
[2013.02.18 15:01:35 | 000,159,419 | ---- | C] () -- C:\Users\T_Hosang\pr20130218.pro
[2013.02.16 16:37:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.02.16 16:22:19 | 000,002,923 | ---- | C] () -- C:\Users\T_Hosang\ComWin.Hst
[2013.02.16 03:03:30 | 001,594,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.07 12:58:18 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.06.07 12:58:18 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.06.07 12:37:36 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.06.07 11:04:32 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.04.20 18:43:54 | 000,286,680 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Alt 13.04.2013, 18:22   #5
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Und Teil 3:

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 13.04.2013 19:04:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\T_Hosang\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,87 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 69,00% Memory free
15,74 Gb Paging File | 13,06 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884,18 Gb Total Space | 824,11 Gb Free Space | 93,21% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 22,41 Gb Free Space | 89,63% Space Free | Partition Type: NTFS
 
Computer Name: JG_HOSANG | User Name: T_Hosang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048ED90D-6EEE-4A16-921D-BE7E24AEBB4D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0B17DCE0-522C-46F3-9B79-FB02AC75B38B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1840FE09-3F8A-496E-A2CD-B045B56FD5B9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{18655C56-433E-4275-B892-44E5E380E14A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{190A58F5-BEA9-4DA0-954A-34AD3B210A82}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1A8786B0-8008-4426-B880-12A7A7C925A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{1CBA8EAC-1C69-428E-A76C-E0C25660CF75}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2103E92D-5CB9-4EB7-86FF-6BA6EDA046AD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{29CA20C0-38AF-4014-B9D6-3F07EF31E827}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{336B1B2B-4C8A-4748-A782-0D3DEEBB9267}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{346AC7FE-4E45-442E-8D58-E593AB874D43}" = rport=139 | protocol=6 | dir=out | app=system | 
"{43397131-549C-4456-B680-D71E2098BA5D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{43EF3560-9BAE-4823-A5FC-BECBDC44FBB4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4C2A0157-1362-42C6-9DC9-D59219B7C3EE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5320B08F-BD80-4FEA-802E-61058D029BDE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5F0A67AD-7847-454D-84AE-ECE81ECE7BD4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{778451D3-1CD7-480B-AEFB-B48CD6401EE1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8F6ADFE7-AE13-4458-AAF2-8C12B924E003}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96AA1A20-93EC-4382-B9B4-6F61104663F7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9BB456E9-578F-4221-B90C-85BDCB14190B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4C1E86A-FA10-4C5C-A510-FEF990E02DDD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B941B292-C47E-480B-87C0-302D28EAD15B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C18CF916-B878-42A7-8EB5-08704E041404}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CBA78450-6223-44E6-9536-2FE03C6670EA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CE90E626-14A0-4487-9BD3-66A7142EE609}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEB6F1C3-61FC-413B-BC17-739C1C86A64E}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{CFF5687B-8B13-4C38-A6FF-5BF2C7B3723B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DED821FE-EBD9-4024-A055-DF1EC3B12A62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DFF00467-FA4E-4E68-82B7-369812C32F9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{ECAB3E60-1534-4611-A9F2-10E96DE88A2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ECF17610-ACF0-44BA-B27A-1C0B632A8CF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FED8CD1A-90C9-41C4-A7DC-8764001955BC}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042785F1-FBF0-40F2-8053-68A33C0B6CB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{34776D13-EF04-496D-9897-C9A9374B5730}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{384AA766-4046-4F85-BE4B-B411C6535776}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E6EA6CC-7256-471F-9620-DC891DBD8054}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{49502B84-6CC1-4B51-AD7E-EB8B7BB22878}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4FB3D66C-3002-4FD5-B55B-71DD48B47365}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5AFD1B13-EB6B-481C-A2D5-4CCB41AD8883}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicatorcom.exe | 
"{75066E4E-F8AB-49B8-8CE5-EF1D4A6EAE4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{81CD006A-97F3-4156-8EF2-55CF3096BC8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8EF14197-7050-40DC-ABB8-CEB1BB83F2CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F61AC27-1CE2-4B5D-870C-78CCC905249A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9D72520C-1B08-4345-BC90-35AFD7903EEA}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{A071B85D-6009-4C7E-A6BC-864C948C59B8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A840159F-DCBB-446A-808A-FE59C19A7ADE}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{AC979A56-6DEB-467C-82B9-63B9185C4851}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{B0F0C657-9F1B-4BBD-96FC-A347AB92B19E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B489C2C3-1574-448D-B69F-A4FC850AC040}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B4C3A11B-B392-4529-BABC-8C7D2A935425}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF3623AA-D418-4EA8-9FEB-17D1A9F5116A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C657E113-FFD3-4267-96C0-7B9500F65BA5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C994562C-AB6A-4A79-87FA-7E20EBFBFAD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CFD98EF8-9901-4E25-884B-2A79204F02A0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DEC6C256-AE59-44CA-A2E1-6E0631DAFB2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4D65228-50E5-4ACD-9682-9796FF636F85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA3F1260-3077-4BE7-80C6-6EC0A1F7968B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EB1EF426-2A61-49C6-BB15-D61165E1D351}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F309CD4E-4B95-4D65-899A-017F531341DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC9BFF47-B8EC-4D54-B0BF-9EEEA00BFAC0}" = protocol=6 | dir=out | app=system | 
"TCP Query User{0056C398-77E5-4CD3-B7CE-36B51AB37588}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{5093FA4A-CE4C-455A-BE1E-9D7E0DC45AE3}C:\program files (x86)\hipath 4000 expert access\comwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hipath 4000 expert access\comwin.exe | 
"TCP Query User{B013F175-8994-48A0-8EA7-90143771090A}C:\program files (x86)\hipath 4000 expert access\comwindbaccessclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hipath 4000 expert access\comwindbaccessclient.exe | 
"TCP Query User{C5EF3832-E4EE-4AC5-BE58-3473625C6E7A}C:\users\t_hosang\appdata\roaming\qysa\xapoo.exe" = protocol=6 | dir=in | app=c:\users\t_hosang\appdata\roaming\qysa\xapoo.exe | 
"TCP Query User{C73EA1CA-E2A2-4A73-BD64-B2045D93D3F0}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{5E0F0455-0270-478B-96FF-F0B32E57043C}C:\program files (x86)\hipath 4000 expert access\comwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hipath 4000 expert access\comwin.exe | 
"UDP Query User{72FA22AF-E8AE-4118-8FF2-87DD24B89491}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{8C6DC140-865A-4D11-9F63-5D6D5BB89343}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{BADD0DC9-C37E-4EA3-AC81-7B88076A07C7}C:\users\t_hosang\appdata\roaming\qysa\xapoo.exe" = protocol=17 | dir=in | app=c:\users\t_hosang\appdata\roaming\qysa\xapoo.exe | 
"UDP Query User{D954D614-975D-4C16-B8D1-84C54131A8A8}C:\program files (x86)\hipath 4000 expert access\comwindbaccessclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hipath 4000 expert access\comwindbaccessclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF3293DE-FCAC-4742-91BF-AD0174143FC3}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43E4E07B-6EC7-465B-9765-0A200E5CDBC5}" = mcEUPAC
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E4243ED3-DB3B-46D1-B2EB-5F81B5C26C31}" = ComWin / HiPath 4000 Expert Access
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.03.2013 13:20:55 | Computer Name = JG_Hosang | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "Vodafone Mobile Connect Service" konnte
 nicht neu gestartet werden.
 
Error - 26.03.2013 13:26:04 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.04.2013 00:59:21 | Computer Name = JG_Hosang | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 03.04.2013 00:59:22 | Computer Name = JG_Hosang | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 05.04.2013 13:43:00 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2013 04:55:12 | Computer Name = JG_Hosang | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T_Hosang\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.04.2013 04:55:16 | Computer Name = JG_Hosang | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T_Hosang\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.04.2013 05:16:24 | Computer Name = JG_Hosang | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.04.2013 12:34:37 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2013 12:35:53 | Computer Name = JG_Hosang | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\T_Hosang\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.04.2013 13:00:31 | Computer Name = JG_Hosang | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 13.04.2013 12:34:18 | Computer Name = JG_Hosang | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
Error - 13.04.2013 12:34:36 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 13.04.2013 12:41:17 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 13.04.2013 12:41:17 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 30013
Description = 
 
Error - 13.04.2013 12:54:48 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 30013
Description = 
 
Error - 13.04.2013 12:54:53 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 13.04.2013 13:01:39 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 13.04.2013 13:01:41 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 31004
Description = 
 
Error - 13.04.2013 13:01:41 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 34001
Description = 
 
Error - 13.04.2013 13:01:41 | Computer Name = JG_Hosang | Source = ipnathlp | ID = 30013
Description = 
 
 
< End of report >


Alt 13.04.2013, 18:41   #6
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Ok, weiter:


Schritt 1

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Combofix
  • Log von OTL
__________________
--> Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt

Alt 13.04.2013, 19:11   #7
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


so sei es
ComboFix.txt:

Code:
ATTFilter
ComboFix 13-04-12.02 - T_Hosang 13.04.2013  19:46:43.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8058.5628 [GMT 2:00]
ausgeführt von:: c:\users\T_Hosang\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\T_Hosang\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0816123F-568B-48F7-95FC-792CED2C30FC}.xps
c:\users\T_Hosang\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4A629EEE-152B-4C44-B52F-1927B1CE3C8D}.xps
c:\users\T_Hosang\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4BE810A8-C4A2-42FF-8AD8-706B5622F996}.xps
c:\users\T_Hosang\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B8C3B5E8-3E64-4C40-A2B3-10C6F035716C}.xps
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-13 bis 2013-04-13  ))))))))))))))))))))))))))))))
.
.
2013-04-13 17:49 . 2013-04-13 17:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-13 17:49 . 2013-04-13 17:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-13 09:34 . 2013-04-13 09:34	--------	d-----w-	c:\users\T_Hosang\AppData\Roaming\Malwarebytes
2013-04-13 09:34 . 2013-04-13 09:34	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-13 09:34 . 2013-04-13 09:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-13 09:34 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-13 09:33 . 2013-04-13 09:33	--------	d-----w-	c:\users\T_Hosang\AppData\Local\Programs
2013-04-12 13:58 . 2013-04-12 13:58	--------	d-----w-	c:\windows\de
2013-04-12 13:58 . 2013-04-12 13:58	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-12 13:57 . 2013-04-12 13:58	--------	d-----w-	c:\program files (x86)\Windows Live
2013-04-12 13:57 . 2010-06-02 02:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2013-04-12 13:57 . 2010-06-02 02:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2013-04-12 13:57 . 2010-06-02 02:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2013-04-12 13:57 . 2010-06-02 02:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2013-04-12 13:57 . 2010-05-26 09:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2013-04-12 13:57 . 2010-05-26 09:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2013-04-12 13:57 . 2010-05-26 09:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2013-04-12 13:57 . 2010-05-26 09:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2013-04-12 13:57 . 2009-09-04 15:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2013-04-12 13:57 . 2009-09-04 15:29	523088	----a-w-	c:\windows\system32\d3dx10_42.dll
2013-04-12 13:56 . 2006-11-29 11:06	4398360	----a-w-	c:\windows\system32\d3dx9_32.dll
2013-04-12 13:56 . 2006-11-29 11:06	3426072	----a-w-	c:\windows\SysWow64\d3dx9_32.dll
2013-04-12 13:55 . 2013-04-12 14:15	--------	d-----w-	c:\users\T_Hosang\AppData\Local\Windows Live
2013-04-12 13:55 . 2013-04-12 13:55	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2013-04-12 13:51 . 2013-04-12 13:51	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-12 13:51 . 2013-04-12 13:51	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-12 13:51 . 2013-04-12 13:51	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-12 11:01 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1885351D-708A-441B-A168-B215AB4104CB}\mpengine.dll
2013-04-10 06:00 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 06:00 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 06:00 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-04-10 06:00 . 2013-02-15 06:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-10 06:00 . 2013-02-15 06:02	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 06:00 . 2013-02-15 04:34	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-04-10 06:00 . 2013-02-15 03:25	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-04-10 05:59 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 05:59 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 05:59 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 05:59 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 05:59 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 05:59 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 05:59 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-06 14:21 . 2013-04-06 14:21	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-05 17:38 . 2013-04-05 17:38	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-05 17:38 . 2013-04-05 17:38	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-05 17:38 . 2013-04-05 17:38	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-04-02 14:58 . 2013-02-22 07:17	203544	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-04-02 14:58 . 2013-02-22 07:17	102936	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-04-02 14:56 . 2013-04-02 14:56	--------	d-----w-	c:\program files (x86)\MarkAny
2013-03-26 17:25 . 2013-03-26 17:25	--------	d-----w-	c:\programdata\Sierra Wireless
2013-03-26 17:23 . 2012-04-20 16:45	87040	----a-w-	c:\windows\system32\drivers\ew_jubusenum.sys
2013-03-26 17:23 . 2012-04-20 16:45	1490656	----a-w-	c:\windows\system32\wdfcoinstaller01007.dll
2013-03-26 17:23 . 2012-04-20 16:45	117248	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2013-03-26 17:22 . 2012-04-20 16:45	422400	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2013-03-26 17:22 . 2012-04-20 16:45	223232	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2013-03-26 17:22 . 2013-03-26 17:22	39592	----a-w-	c:\windows\system32\drivers\tcpipBM.sys
2013-03-26 17:22 . 2013-03-26 17:22	16552	----a-w-	c:\windows\system32\drivers\BMLoad.sys
2013-03-26 17:21 . 2013-03-26 17:21	--------	d-----w-	c:\programdata\Macrovision
2013-03-26 17:21 . 2013-03-26 17:21	--------	d-----w-	c:\program files (x86)\Vodafone
2013-03-26 17:21 . 2013-03-26 17:21	--------	d-----w-	c:\program files (x86)\Sierra Wireless Inc
2013-03-26 17:00 . 2013-03-26 17:00	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-03-26 16:42 . 2013-03-26 16:42	--------	d-----w-	C:\NVIDIA
2013-03-26 05:33 . 2013-03-26 05:33	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-20 11:05 . 2013-03-20 11:05	--------	d-----w-	c:\program files\WinRAR
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-13 16:56 . 2013-02-19 14:37	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-06 14:21 . 2013-02-19 10:11	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-06 14:21 . 2013-02-19 10:11	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-15 05:53 . 2013-02-16 00:44	2864144	----a-w-	c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2013-02-16 00:44	250504	----a-w-	c:\windows\system32\nvinitx.dll
2013-03-15 05:53 . 2013-02-16 00:44	205184	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-03-15 05:53 . 2013-02-16 00:44	1118776	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-03-15 04:16 . 2013-02-16 00:44	3477280	----a-w-	c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2013-02-16 00:44	6398240	----a-w-	c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2013-02-16 00:44	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2013-02-16 00:44	76064	----a-w-	c:\windows\system32\nv3dappshextr.dll
2013-03-15 04:16 . 2013-02-16 00:44	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2013-02-16 00:44	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2013-02-16 00:44	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2013-02-16 00:44	1016096	----a-w-	c:\windows\system32\nv3dappshext.dll
2013-03-15 04:16 . 2013-02-16 00:44	568608	----a-w-	c:\windows\SysWow64\oemdspif.dll
2013-03-13 16:24 . 2013-02-16 00:44	3065455	----a-w-	c:\windows\system32\nvcoproc.bin
2013-03-13 09:37 . 2013-02-16 20:10	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 09:37 . 2013-02-16 20:10	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-11 23:10 . 2010-11-21 03:27	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-02-18 13:19 . 2013-02-18 13:19	410984	----a-w-	c:\windows\SysWow64\deploytk.dll
2013-02-18 11:10 . 2013-02-18 11:10	8464	----a-w-	c:\windows\SysWow64\SpOrder.dll
2013-02-16 00:49 . 2013-02-16 00:50	19872	----a-w-	c:\windows\system32\LenovoSDKEmSubSystem.dll
2013-02-16 00:49 . 2013-02-16 00:50	39008	----a-w-	c:\windows\system32\drivers\LhdX64.sys
2013-02-16 00:49 . 2011-12-15 13:09	30816	----a-w-	c:\windows\system32\drivers\AcpiVpc.sys
2013-02-12 05:45 . 2013-03-13 09:26	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 09:26	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 09:26	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 09:26	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 09:26	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:26	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-14 09:28	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-05 16:53 . 2013-02-20 16:30	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2013-02-05 16:52 . 2013-02-05 16:52	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2013-02-05 16:52 . 2013-02-05 16:52	330240	----a-w-	c:\windows\MASetupCaller.dll
2013-02-05 16:52 . 2013-02-05 16:52	30568	----a-w-	c:\windows\MusiccityDownload.exe
2013-02-05 16:52 . 2013-02-05 16:52	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2013-02-05 16:52 . 2013-02-05 16:52	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2013-02-05 16:52 . 2013-02-05 16:52	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2013-02-05 16:52 . 2013-02-05 16:52	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2013-02-05 16:52 . 2013-02-05 16:52	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2013-02-05 16:52 . 2013-02-05 16:52	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2013-02-05 16:52 . 2013-02-05 16:52	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2013-02-05 16:52 . 2013-02-05 16:52	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2013-02-05 16:52 . 2013-02-05 16:52	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2013-02-05 16:52 . 2013-02-05 16:52	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2013-02-05 16:52 . 2013-02-05 16:52	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2013-02-05 16:52 . 2013-02-05 16:52	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2013-02-05 16:52 . 2013-02-05 16:52	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2013-02-05 16:52 . 2013-02-05 16:52	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2013-02-05 16:52 . 2013-02-05 16:52	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2013-02-05 16:52 . 2013-02-05 16:52	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2013-02-05 16:52 . 2013-02-05 16:52	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2013-02-05 16:52 . 2013-02-05 16:52	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
2013-02-05 16:52 . 2013-02-20 16:30	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComWin-Frame"="c:\program files (x86)\HiPath 4000 Expert Access\comwinsvr.exe" [2012-12-03 355840]
"HP Deskjet 3050 J610 series (NET)"="c:\program files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-03-28 1511792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-05 345312]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-28 310640]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-04-23 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-1 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-12-05 195584]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-22 102936]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-04-20 117248]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-04-20 422400]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 116096]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-11-15 313960]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-22 203544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2013-03-26 16552]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-21 19264]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2013-02-16 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-05 28600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-05 659968]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-04-05 86752]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-05 135952]
S2 ComWinService;ComWin Service;c:\program files (x86)\HiPath 4000 Expert Access\ComWinSvc.exe [2012-12-03 63488]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-29 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-06-24 317296]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2012-04-23 8704]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2013-02-16 30816]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-12-05 195584]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-08-07 311632]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-20 87040]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-21 357184]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-21 789824]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-11-15 111216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-03-26 27408]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-16 09:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-12-15 564352]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2011-12-06 1654400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-07 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-07 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-07 440128]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-02-16 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-02-16 6199128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\T_Hosang\AppData\Roaming\Mozilla\Firefox\Profiles\pvsno6m7.default\
FF - ExtSQL: 2013-03-26 18:21; ff-bmboc@bytemobile.com; c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon
FF - ExtSQL: 2013-04-13 19:43; {99B98C2C-7274-45a3-A640-D9DF1A1C8460}; c:\users\T_Hosang\AppData\Roaming\Mozilla\Firefox\Profiles\pvsno6m7.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-13  19:51:26
ComboFix-quarantined-files.txt  2013-04-13 17:51
.
Vor Suchlauf: 10 Verzeichnis(se), 884.524.601.344 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 885.613.699.072 Bytes frei
.
- - End Of File - - 71CD9C35328DB8A51643AB17EFA9B978
OTL.txt:

Code:
ATTFilter
OTL logfile created on: 13.04.2013 20:04:44 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\T_Hosang\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,87 Gb Total Physical Memory | 5,51 Gb Available Physical Memory | 70,01% Memory free
15,74 Gb Paging File | 13,13 Gb Available in Paging File | 83,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884,18 Gb Total Space | 825,26 Gb Free Space | 93,34% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 22,41 Gb Free Space | 89,63% Space Free | Partition Type: NTFS
 
Computer Name: JG_HOSANG | User Name: T_Hosang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.13 19:02:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T_Hosang\Downloads\OTL.exe
PRC - [2013.04.11 21:56:43 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.04.05 19:38:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.05 19:38:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.05 19:38:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.28 11:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.03.28 11:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.13 11:37:04 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.03 16:09:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvc.exe
PRC - [2012.12.03 16:02:34 | 000,355,840 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe
PRC - [2012.05.21 16:26:28 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.04.23 17:49:26 | 000,069,632 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2012.04.23 17:49:04 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2012.02.29 10:20:04 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.29 10:19:58 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.29 10:19:48 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 21:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.11 21:56:43 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.26 19:23:16 | 000,218,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\3b21f0b55f7c0dc1fe2295613c3cb921\Interop.FNCClient11Lib.ni.dll
MOD - [2013.03.26 19:23:16 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\692afb6aa3ecd0c71c9cea09c2eae2ed\Vodafone.UpdateManager.ni.dll
MOD - [2013.03.26 19:23:15 | 000,552,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\647443dc0f81de96a84d4d4db789cc42\Vodafone.View.SecondaryWindows.ni.dll
MOD - [2013.03.26 19:23:15 | 000,302,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\5c2c61c4d70a6706e0f30164cddd614f\Vodafone.DeviceAccess.Internals.ni.dll
MOD - [2013.03.26 19:23:15 | 000,198,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\153b2dd90af2ed145208944103101d65\Vodafone.Model.Connection.ni.dll
MOD - [2013.03.26 19:23:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\322749c2fbd26266ef8378513cf439bc\Vodafone.Core.Remoting.ni.dll
MOD - [2013.03.26 19:23:15 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.INSTALLERCO#\f52d12a80cd22baf114cbe6c178ea653\Interop.INSTALLERCONTROLLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,543,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\0ff7b572ccc932b41cd2d1eb67045d6c\Vodafone.Base.Internals.ni.dll
MOD - [2013.03.26 19:23:14 | 000,138,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\718d20210ed30f44294ecde6cfb04d0c\Vodafone.DeviceAccess.Factory.ni.dll
MOD - [2013.03.26 19:23:14 | 000,125,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\66d2d8ce84bf89f049a02c499cc6b0f6\Vodafone.Vpn.ni.dll
MOD - [2013.03.26 19:23:14 | 000,070,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.VpnApiLib\db3ad96a4eabdaf8c6d3621dfbef2379\Interop.VpnApiLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\6d09b9bc2989a46f86e424de338fa4f7\Vodafone.Base.Factory.ni.dll
MOD - [2013.03.26 19:23:14 | 000,031,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FCCOMINTDLL#\d22f87b0c2a72cb67b2171f9ae12c46c\Interop.FCCOMINTDLLLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1f209a64bf52d5c7d663efb1475d31a9\Vodafone.DeviceAccess.Interfaces.ni.dll
MOD - [2013.03.26 19:23:13 | 001,147,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\b470c0145f1efb6ad5c8b1e7bd7353bc\Vodafone.BusinessLogic.ni.dll
MOD - [2013.03.26 19:23:13 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\f5e838d40617381b3ff924b9560e0227\Vodafone.LanWlanManager.ni.dll
MOD - [2013.03.26 19:23:13 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\d9dc106e80c04099dd52cfb025488934\Vodafone.Core.CoreInstanceProvider.ni.dll
MOD - [2013.03.26 19:23:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\9b9e089271e12f12629c6dd4c28a17ab\Vodafone.Contracts.Adapter.ni.dll
MOD - [2013.03.26 19:23:12 | 000,353,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\81874d295af0a5acdf4439d1e993735a\Vodafone.ReportingManager.ni.dll
MOD - [2013.03.26 19:23:12 | 000,193,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\9ed375fd93ec3ff0a11c3a03afb084ac\Vodafone.SmsContactManager.ni.dll
MOD - [2013.03.26 19:23:12 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\28e927aefa407437945e6d6148a5963b\Vodafone.Core.Interfaces.ni.dll
MOD - [2013.03.26 19:23:12 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\be99bfb6b672913329019aed5af2b438\Vodafone.OutlookConnector.ni.dll
MOD - [2013.03.26 19:23:11 | 002,104,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\4a69d3bfa1111bcd9328e15165ee78ad\Spring.Core.ni.dll
MOD - [2013.03.26 19:23:11 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\0c5008375abad2d7074f91953acd7158\Common.Logging.ni.dll
MOD - [2013.03.26 19:23:10 | 000,363,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\dd58c977bd687a25a3fca70f42823d64\Vodafone.DataAccessor.ni.dll
MOD - [2013.03.26 19:23:10 | 000,119,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\d65e3892ff3bfd90b6b37f7ef0c8761c\Interop.Shell32.ni.dll
MOD - [2013.03.26 19:23:10 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\2e2f51624793d37af79fec4e31e9c526\Vodafone.SmsProfileManager.ni.dll
MOD - [2013.03.26 19:23:10 | 000,059,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\bac4366647500291fa77f70a8698625f\Vodafone.SettingsManager.ni.dll
MOD - [2013.03.26 19:23:10 | 000,042,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\4fafee69e5ba2a98d6d46d2a52568595\Vodafone.InstanceProvider.Impl.ni.dll
MOD - [2013.03.26 19:23:10 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\301e862ff848c3bdb219d92a3f8bf0ab\Vodafone.View.ManagedToolTip.ni.dll
MOD - [2013.03.26 19:23:09 | 000,971,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\d1fd414ec0cc1054205b2288efca8a59\Vodafone.View.Shared.ni.dll
MOD - [2013.03.26 19:23:09 | 000,387,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\cbb3dd676decfa4ea4c8ca2598f0ae95\Vodafone.CommonDialogs.ni.dll
MOD - [2013.03.26 19:23:07 | 001,304,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\f4ca72c3d9638d73b47c35ca730b0381\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll
MOD - [2013.03.26 19:23:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\75298ac9b1442d682eb275e0af55c54a\Infragistics2.Win.Misc.v9.2.ni.dll
MOD - [2013.03.26 19:23:04 | 011,055,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\b100ea9c0606c9e1f265c1f610c3ca88\Infragistics2.Win.v9.2.ni.dll
MOD - [2013.03.26 19:22:58 | 000,871,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\1ebe24369c92a181b263b1426fce18f2\Infragistics2.Shared.v9.2.ni.dll
MOD - [2013.03.26 19:22:57 | 007,140,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\1bd47dc0e94ca0b2e7834b697cef6d59\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll
MOD - [2013.03.26 19:22:52 | 000,133,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\ea8f7363640229e960a5cc7d0af3cc74\Vodafone.Core.Contracts.ni.dll
MOD - [2013.03.26 19:22:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\637a9000e10f24056bad88a99b373ea3\Vodafone.Contracts.Presenter.ni.dll
MOD - [2013.03.26 19:22:51 | 002,068,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\cd1e0f2db302f54b64c5875162d30562\MobileBroadbandResources.ni.dll
MOD - [2013.03.26 19:22:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\6fbbdfb3476c03830778328858225e90\Vodafone.Contracts.Model.ni.dll
MOD - [2013.03.26 19:22:51 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\c02c2b70f0aa6a3ceaa2e5557f3d1a92\Vodafone.Contracts.View.ni.dll
MOD - [2013.03.26 19:22:51 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\d5b04b0f2d0202887ab8b07bb37aa876\Vodafone.Contracts.Common.ni.dll
MOD - [2013.03.26 19:22:51 | 000,091,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\c41f6a7ab89af0ab36028b3e610e98b9\Vodafone.DeviceAccess.Contracts.ni.dll
MOD - [2013.03.26 19:22:50 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\ae16d1c2a67ad16252492f63f965d81a\Vodafone.ApplicationHost.Impl.ni.dll
MOD - [2013.03.26 19:22:49 | 000,357,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\a86466fc2e5b4cf65a16796aa384788c\Vodafone.Base.Win32.ni.dll
MOD - [2013.03.26 19:22:49 | 000,178,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\21424d9809eade410fbb8d4e724e47ef\Vodafone.Common.ni.dll
MOD - [2013.03.26 19:22:49 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Mondrian\74ec52478cf6336c04c2b395cc4caa8e\Vodafone.Mondrian.ni.dll
MOD - [2013.03.26 19:22:48 | 000,645,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\fc5a7f356272e75ec53c6a707911d6b9\Vodafone.Data.ni.dll
MOD - [2013.03.26 19:22:48 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\ab447bac91a20964705c797ddeb4fb6b\Vodafone.Base.Contracts.ni.dll
MOD - [2013.03.26 19:22:48 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\fea5d71bb858ce110259395035feec8c\Vodafone.LogEngine.ni.dll
MOD - [2013.03.26 19:22:48 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\f0410779d3c0333eebdebbbd10de4392\Vodafone.MobileBroadband.CallbackHandler.ni.dll
MOD - [2013.03.26 19:22:47 | 001,421,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\289aa77ce94eec188a3b17ddc16caf1e\Vodafone.Platform.ni.dll
MOD - [2013.03.26 19:22:45 | 000,057,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\7afe76097b2a183db950a44b4e710d5c\MobileBroadband.ni.exe
MOD - [2013.03.13 11:37:04 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.02.20 18:40:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.02.20 18:40:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.02.20 18:39:50 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.02.20 18:28:41 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.02.20 18:28:32 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.02.20 18:28:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.02.20 18:28:26 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.02.20 18:28:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.02.20 18:28:23 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.02.20 18:28:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.02.20 18:28:15 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013.02.16 20:09:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.02.16 20:09:04 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll
MOD - [2013.02.16 20:09:04 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll
MOD - [2013.02.16 20:08:49 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.02.16 19:55:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.02.16 19:55:43 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013.02.16 19:55:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.02.16 19:55:37 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.02.16 19:55:36 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.02.16 19:55:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.16 19:55:14 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.16 19:55:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013.02.16 19:55:09 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.02.16 19:54:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.02.16 19:54:51 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll
MOD - [2013.02.16 19:54:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.16 19:54:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.02.16 19:54:09 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.16 19:53:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.03 16:02:34 | 000,355,840 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe
MOD - [2012.12.03 16:01:36 | 000,998,912 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\COMWIN1_50.BPL
MOD - [2012.06.23 01:46:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.04.23 17:49:20 | 000,396,800 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2011.04.12 09:43:11 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.12.17 17:46:00 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.11 21:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.05 19:38:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.05 19:38:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.13 11:37:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.03 16:09:04 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvc.exe -- (ComWinService)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.07 13:03:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.23 17:49:04 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2012.02.29 10:20:04 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.29 10:19:58 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.29 10:19:48 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.01 19:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.12.05 10:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.05 09:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.06.24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.05 19:38:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.05 19:38:32 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.05 19:38:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.26 19:22:30 | 000,039,592 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2013.03.26 19:22:30 | 000,016,552 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.02.22 09:17:06 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.02.22 09:17:06 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.02.16 02:49:43 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013.02.16 02:49:43 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.08.07 20:40:48 | 000,311,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.06.07 12:49:08 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.05.21 16:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.05.21 16:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.05.21 16:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.04.20 18:45:36 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2012.04.20 18:45:36 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.04.20 18:45:36 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012.04.20 18:45:36 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.03.26 19:31:30 | 000,027,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.02 12:07:00 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.02 12:07:00 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.02 12:07:00 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.02 12:07:00 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.02 12:07:00 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.02 12:07:00 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.01.31 14:17:00 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.12.06 20:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.12.05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.12.05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.15 19:24:20 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.11.15 12:12:08 | 000,111,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.11.10 18:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.28 04:45:00 | 003,821,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL564.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.01 15:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.29 19:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF F7 AA 6C A3 25 CE 01  [binary data]
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2013.03.26 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:56:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:56:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:56:41 | 000,000,000 | ---D | M]
 
[2013.02.16 16:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\Extensions
[2013.04.13 19:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\Firefox\Profiles\pvsno6m7.default\extensions
[2013.04.13 19:43:02 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\firefox\profiles\pvsno6m7.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2013.04.11 21:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 21:56:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.01 21:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 21:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.01 21:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 21:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 21:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 21:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.13 19:49:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [ComWin-Frame] C:\Program Files (x86)\HiPath 4000 Expert Access\comwinsvr.exe ()
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [HP Deskjet 3050 J610 series (NET)] C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://192.0.2.5/public/downloads/j2re-win-i.exe (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68463A1D-E420-45B4-A7E4-560C4EA199A1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D8F5EF9-6AEA-4449-A3A1-D54707BB83B0}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2592200-3B4D-4A54-A3CB-46C29430E558}: DhcpNameServer = 10.229.32.10 10.229.32.11 10.252.128.12
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.13 19:54:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.13 19:49:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.13 19:46:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.13 19:46:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.13 19:46:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.13 19:46:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.13 19:45:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.13 11:34:31 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\Malwarebytes
[2013.04.13 11:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.13 11:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.13 11:34:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.13 11:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.13 11:33:56 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Local\Programs
[2013.04.12 15:58:36 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.04.12 15:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.04.12 15:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.04.12 15:55:48 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Local\Windows Live
[2013.04.12 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.04.11 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.05 19:38:45 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.05 19:38:45 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.05 19:38:45 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.05 19:33:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.04.02 16:58:52 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.04.02 16:58:52 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.04.02 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013.03.26 19:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sierra Wireless
[2013.03.26 19:23:00 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.03.26 19:23:00 | 000,087,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.03.26 19:22:58 | 000,422,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013.03.26 19:22:58 | 000,223,232 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.03.26 19:22:30 | 000,039,592 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2013.03.26 19:22:30 | 000,016,552 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2013.03.26 19:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2013.03.26 19:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.26 18:42:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\WinRAR
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 13:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.13 20:02:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 20:02:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 19:55:40 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.04.13 19:54:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.13 19:54:08 | 2041,921,535 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 19:49:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.13 19:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.13 18:59:29 | 000,346,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.13 18:37:45 | 000,377,856 | ---- | M] () -- C:\Users\T_Hosang\Desktop\066pciil.exe
[2013.04.13 18:36:23 | 000,000,000 | ---- | M] () -- C:\Users\T_Hosang\defogger_reenable
[2013.04.13 18:35:32 | 000,050,477 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Defogger.exe
[2013.04.11 21:17:25 | 000,002,923 | ---- | M] () -- C:\Users\T_Hosang\ComWin.Hst
[2013.04.11 14:13:02 | 000,000,000 | ---- | M] () -- C:\Users\T_Hosang\pr20130411.pro
[2013.04.10 17:37:21 | 000,002,074 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.10 17:37:21 | 000,002,003 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Avira DE-Cleaner.lnk
[2013.04.08 06:53:48 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 06:53:48 | 000,698,764 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 06:53:48 | 000,652,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 06:53:48 | 000,148,788 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 06:53:48 | 000,121,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.05 19:38:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.05 19:38:32 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.05 19:38:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 07:18:50 | 000,001,255 | ---- | M] () -- C:\Users\T_Hosang\Desktop\HP Scan.lnk
[2013.04.02 16:59:03 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.03.26 19:23:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.26 19:22:30 | 000,039,592 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2013.03.26 19:22:30 | 000,016,552 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2013.03.26 19:22:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.03.26 19:22:02 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013.03.26 07:34:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.26 07:34:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.21 13:20:51 | 597,318,253 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.21 13:19:04 | 001,560,839 | ---- | M] () -- C:\Users\T_Hosang\response.res
[2013.03.21 13:19:04 | 000,197,133 | ---- | M] () -- C:\Users\T_Hosang\pr20130321.pro
[2013.03.20 13:03:00 | 001,470,282 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Cordlessprogramm.rar
[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
 
========== Files Created - No Company Name ==========
 
[2013.04.13 19:46:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.13 19:46:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.13 19:46:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.13 19:46:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.13 19:46:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.13 18:37:44 | 000,377,856 | ---- | C] () -- C:\Users\T_Hosang\Desktop\066pciil.exe
[2013.04.13 18:36:23 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\defogger_reenable
[2013.04.13 18:35:30 | 000,050,477 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Defogger.exe
[2013.04.12 15:58:33 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.04.12 15:58:27 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.04.11 14:13:02 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130411.pro
[2013.04.10 17:37:21 | 000,002,074 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.10 17:37:21 | 000,002,003 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Avira DE-Cleaner.lnk
[2013.04.04 07:18:50 | 000,001,255 | ---- | C] () -- C:\Users\T_Hosang\Desktop\HP Scan.lnk
[2013.04.02 16:59:03 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.03.26 19:23:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.26 19:22:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.03.26 19:22:02 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013.03.26 07:34:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.26 07:34:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.21 11:14:14 | 000,197,133 | ---- | C] () -- C:\Users\T_Hosang\pr20130321.pro
[2013.03.20 13:03:00 | 001,470,282 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Cordlessprogramm.rar
[2013.03.11 11:55:23 | 000,102,168 | ---- | C] () -- C:\Users\T_Hosang\pr20130311.pro
[2013.03.07 14:14:28 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130307-1.pro
[2013.03.07 10:49:51 | 000,788,470 | ---- | C] () -- C:\Users\T_Hosang\pr20130307.pro
[2013.03.05 13:04:01 | 000,027,708 | ---- | C] () -- C:\Users\T_Hosang\pr20130305.pro
[2013.02.27 09:43:15 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130227.pro
[2013.02.20 11:22:52 | 000,007,111 | ---- | C] () -- C:\Users\T_Hosang\pr20130220-1.pro
[2013.02.20 09:57:21 | 000,021,223 | ---- | C] () -- C:\Users\T_Hosang\pr20130220.pro
[2013.02.19 12:14:01 | 000,003,455 | ---- | C] () -- C:\Users\T_Hosang\pr20130219.pro
[2013.02.19 12:13:05 | 000,000,176 | ---- | C] () -- C:\Users\T_Hosang\properties
[2013.02.18 15:24:19 | 000,008,813 | ---- | C] () -- C:\Users\T_Hosang\response-1.res
[2013.02.18 15:24:19 | 000,001,798 | ---- | C] () -- C:\Users\T_Hosang\pr20130218-1.pro
[2013.02.18 15:24:19 | 000,000,312 | ---- | C] () -- C:\Users\T_Hosang\ComWinAccessSecMCache.ini
[2013.02.18 15:01:35 | 001,560,839 | ---- | C] () -- C:\Users\T_Hosang\response.res
[2013.02.18 15:01:35 | 000,159,419 | ---- | C] () -- C:\Users\T_Hosang\pr20130218.pro
[2013.02.16 16:37:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.02.16 16:22:19 | 000,002,923 | ---- | C] () -- C:\Users\T_Hosang\ComWin.Hst
[2013.02.16 03:03:30 | 001,594,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.07 12:58:18 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.06.07 12:58:18 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.06.07 12:37:36 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.06.07 11:04:32 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.04.20 18:43:54 | 000,286,680 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.16 16:31:31 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Roaming\FreePDF
[2013.04.13 18:32:46 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Roaming\Qysa
[2013.04.02 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Roaming\Samsung
[2013.03.26 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 

< End of report >

Alt 13.04.2013, 19:18   #8
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Jep, sieht besser aus.
Dann kommt noch die allgemeine Warnung zum Zbot und wir kontrollieren nochmals.
Wie läuft der Rechner?


Warnung: Infostealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.



Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
[2013.04.13 18:32:46 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Roaming\Qysa

:commands
[emptytemp]
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Downloade dir bitte SecurityCheck (Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 5

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL
__________________
cheers,
Leo

Alt 13.04.2013, 19:38   #9
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


OTL fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\T_Hosang\AppData\Roaming\Qysa folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: T_Hosang
->Temp folder emptied: 17820 bytes
->Temporary Internet Files folder emptied: 208578506 bytes
->Java cache emptied: 10942350 bytes
->FireFox cache emptied: 14320682 bytes
->Flash cache emptied: 10410 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6498 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 40086 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36151296 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 258,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04132013_202207

Files\Folders moved on Reboot...
C:\Users\T_Hosang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\T_Hosang\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
MBAM:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
T_Hosang :: JG_HOSANG [Administrator]

Schutz: Aktiviert

13.04.2013 20:39:09
mbam-log-2013-04-13 (20-39-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 236944
Laufzeit: 1 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET:

Keine Funde

SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 11  
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Alt 13.04.2013, 20:46   #10
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hi,

prima, sieht wieder gut aus.
Jetzt unbedingt noch alle veralteten Programmversionen runterwerfen und dann räumen wir auf.


Schritt 1

Du hast eine veraltete Java-Version installiert. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 17.
  • Gehe zu
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
    Start --> Systemsteuerung --> Software (bei Win XP)
    und deinstalliere alle älteren Java-Versionen.



Schritt 2

Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Falls zu Beginn defogger verwendet wurde, dann starte defogger und drücke den Button Re-enable.
  2. Falls Combofix eingesetzt wurde, dann deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
  3. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
  4. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  5. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  6. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________
cheers,
Leo

Alt 13.04.2013, 20:47   #11
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


OTL:

Code:
ATTFilter
OTL logfile created on: 13.04.2013 21:42:37 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\T_Hosang\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,87 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 70,79% Memory free
15,74 Gb Paging File | 13,11 Gb Available in Paging File | 83,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884,18 Gb Total Space | 824,75 Gb Free Space | 93,28% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 22,41 Gb Free Space | 89,63% Space Free | Partition Type: NTFS
 
Computer Name: JG_HOSANG | User Name: T_Hosang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.13 20:43:59 | 000,890,815 | ---- | M] () -- C:\Users\T_Hosang\Desktop\SecurityCheck.exe
PRC - [2013.04.13 19:02:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\T_Hosang\Downloads\OTL.exe
PRC - [2013.04.11 21:56:43 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.04.05 19:38:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.05 19:38:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.05 19:38:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.28 11:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.03.28 11:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.13 11:37:04 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.03 16:09:04 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvc.exe
PRC - [2012.12.03 16:02:34 | 000,355,840 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe
PRC - [2012.05.21 16:26:28 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.04.23 17:49:26 | 000,069,632 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2012.04.23 17:49:04 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2012.02.29 10:20:04 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.29 10:19:58 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.29 10:19:48 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 21:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.11.21 05:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.13 20:43:59 | 000,890,815 | ---- | M] () -- C:\Users\T_Hosang\Desktop\SecurityCheck.exe
MOD - [2013.04.11 21:56:43 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.26 19:23:16 | 000,218,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\3b21f0b55f7c0dc1fe2295613c3cb921\Interop.FNCClient11Lib.ni.dll
MOD - [2013.03.26 19:23:16 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\692afb6aa3ecd0c71c9cea09c2eae2ed\Vodafone.UpdateManager.ni.dll
MOD - [2013.03.26 19:23:15 | 000,552,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\647443dc0f81de96a84d4d4db789cc42\Vodafone.View.SecondaryWindows.ni.dll
MOD - [2013.03.26 19:23:15 | 000,302,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\5c2c61c4d70a6706e0f30164cddd614f\Vodafone.DeviceAccess.Internals.ni.dll
MOD - [2013.03.26 19:23:15 | 000,198,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\153b2dd90af2ed145208944103101d65\Vodafone.Model.Connection.ni.dll
MOD - [2013.03.26 19:23:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\322749c2fbd26266ef8378513cf439bc\Vodafone.Core.Remoting.ni.dll
MOD - [2013.03.26 19:23:15 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.INSTALLERCO#\f52d12a80cd22baf114cbe6c178ea653\Interop.INSTALLERCONTROLLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,543,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\0ff7b572ccc932b41cd2d1eb67045d6c\Vodafone.Base.Internals.ni.dll
MOD - [2013.03.26 19:23:14 | 000,138,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\718d20210ed30f44294ecde6cfb04d0c\Vodafone.DeviceAccess.Factory.ni.dll
MOD - [2013.03.26 19:23:14 | 000,125,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\66d2d8ce84bf89f049a02c499cc6b0f6\Vodafone.Vpn.ni.dll
MOD - [2013.03.26 19:23:14 | 000,070,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.VpnApiLib\db3ad96a4eabdaf8c6d3621dfbef2379\Interop.VpnApiLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\6d09b9bc2989a46f86e424de338fa4f7\Vodafone.Base.Factory.ni.dll
MOD - [2013.03.26 19:23:14 | 000,031,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FCCOMINTDLL#\d22f87b0c2a72cb67b2171f9ae12c46c\Interop.FCCOMINTDLLLib.ni.dll
MOD - [2013.03.26 19:23:14 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\1f209a64bf52d5c7d663efb1475d31a9\Vodafone.DeviceAccess.Interfaces.ni.dll
MOD - [2013.03.26 19:23:13 | 001,147,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\b470c0145f1efb6ad5c8b1e7bd7353bc\Vodafone.BusinessLogic.ni.dll
MOD - [2013.03.26 19:23:13 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\f5e838d40617381b3ff924b9560e0227\Vodafone.LanWlanManager.ni.dll
MOD - [2013.03.26 19:23:13 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\d9dc106e80c04099dd52cfb025488934\Vodafone.Core.CoreInstanceProvider.ni.dll
MOD - [2013.03.26 19:23:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\9b9e089271e12f12629c6dd4c28a17ab\Vodafone.Contracts.Adapter.ni.dll
MOD - [2013.03.26 19:23:12 | 000,353,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\81874d295af0a5acdf4439d1e993735a\Vodafone.ReportingManager.ni.dll
MOD - [2013.03.26 19:23:12 | 000,193,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\9ed375fd93ec3ff0a11c3a03afb084ac\Vodafone.SmsContactManager.ni.dll
MOD - [2013.03.26 19:23:12 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\28e927aefa407437945e6d6148a5963b\Vodafone.Core.Interfaces.ni.dll
MOD - [2013.03.26 19:23:12 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\be99bfb6b672913329019aed5af2b438\Vodafone.OutlookConnector.ni.dll
MOD - [2013.03.26 19:23:11 | 002,104,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\4a69d3bfa1111bcd9328e15165ee78ad\Spring.Core.ni.dll
MOD - [2013.03.26 19:23:11 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\0c5008375abad2d7074f91953acd7158\Common.Logging.ni.dll
MOD - [2013.03.26 19:23:10 | 000,363,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\dd58c977bd687a25a3fca70f42823d64\Vodafone.DataAccessor.ni.dll
MOD - [2013.03.26 19:23:10 | 000,119,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\d65e3892ff3bfd90b6b37f7ef0c8761c\Interop.Shell32.ni.dll
MOD - [2013.03.26 19:23:10 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\2e2f51624793d37af79fec4e31e9c526\Vodafone.SmsProfileManager.ni.dll
MOD - [2013.03.26 19:23:10 | 000,059,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\bac4366647500291fa77f70a8698625f\Vodafone.SettingsManager.ni.dll
MOD - [2013.03.26 19:23:10 | 000,042,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\4fafee69e5ba2a98d6d46d2a52568595\Vodafone.InstanceProvider.Impl.ni.dll
MOD - [2013.03.26 19:23:10 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\301e862ff848c3bdb219d92a3f8bf0ab\Vodafone.View.ManagedToolTip.ni.dll
MOD - [2013.03.26 19:23:09 | 000,971,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\d1fd414ec0cc1054205b2288efca8a59\Vodafone.View.Shared.ni.dll
MOD - [2013.03.26 19:23:09 | 000,387,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\cbb3dd676decfa4ea4c8ca2598f0ae95\Vodafone.CommonDialogs.ni.dll
MOD - [2013.03.26 19:23:07 | 001,304,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\f4ca72c3d9638d73b47c35ca730b0381\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll
MOD - [2013.03.26 19:23:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\75298ac9b1442d682eb275e0af55c54a\Infragistics2.Win.Misc.v9.2.ni.dll
MOD - [2013.03.26 19:23:04 | 011,055,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\b100ea9c0606c9e1f265c1f610c3ca88\Infragistics2.Win.v9.2.ni.dll
MOD - [2013.03.26 19:22:58 | 000,871,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\1ebe24369c92a181b263b1426fce18f2\Infragistics2.Shared.v9.2.ni.dll
MOD - [2013.03.26 19:22:57 | 007,140,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\1bd47dc0e94ca0b2e7834b697cef6d59\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll
MOD - [2013.03.26 19:22:52 | 000,133,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\ea8f7363640229e960a5cc7d0af3cc74\Vodafone.Core.Contracts.ni.dll
MOD - [2013.03.26 19:22:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\637a9000e10f24056bad88a99b373ea3\Vodafone.Contracts.Presenter.ni.dll
MOD - [2013.03.26 19:22:51 | 002,068,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\cd1e0f2db302f54b64c5875162d30562\MobileBroadbandResources.ni.dll
MOD - [2013.03.26 19:22:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\6fbbdfb3476c03830778328858225e90\Vodafone.Contracts.Model.ni.dll
MOD - [2013.03.26 19:22:51 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\c02c2b70f0aa6a3ceaa2e5557f3d1a92\Vodafone.Contracts.View.ni.dll
MOD - [2013.03.26 19:22:51 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\d5b04b0f2d0202887ab8b07bb37aa876\Vodafone.Contracts.Common.ni.dll
MOD - [2013.03.26 19:22:51 | 000,091,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\c41f6a7ab89af0ab36028b3e610e98b9\Vodafone.DeviceAccess.Contracts.ni.dll
MOD - [2013.03.26 19:22:50 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\ae16d1c2a67ad16252492f63f965d81a\Vodafone.ApplicationHost.Impl.ni.dll
MOD - [2013.03.26 19:22:49 | 000,357,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\a86466fc2e5b4cf65a16796aa384788c\Vodafone.Base.Win32.ni.dll
MOD - [2013.03.26 19:22:49 | 000,178,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\21424d9809eade410fbb8d4e724e47ef\Vodafone.Common.ni.dll
MOD - [2013.03.26 19:22:49 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Mondrian\74ec52478cf6336c04c2b395cc4caa8e\Vodafone.Mondrian.ni.dll
MOD - [2013.03.26 19:22:48 | 000,645,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\fc5a7f356272e75ec53c6a707911d6b9\Vodafone.Data.ni.dll
MOD - [2013.03.26 19:22:48 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\ab447bac91a20964705c797ddeb4fb6b\Vodafone.Base.Contracts.ni.dll
MOD - [2013.03.26 19:22:48 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\fea5d71bb858ce110259395035feec8c\Vodafone.LogEngine.ni.dll
MOD - [2013.03.26 19:22:48 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\f0410779d3c0333eebdebbbd10de4392\Vodafone.MobileBroadband.CallbackHandler.ni.dll
MOD - [2013.03.26 19:22:47 | 001,421,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\289aa77ce94eec188a3b17ddc16caf1e\Vodafone.Platform.ni.dll
MOD - [2013.03.26 19:22:45 | 000,057,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\7afe76097b2a183db950a44b4e710d5c\MobileBroadband.ni.exe
MOD - [2013.03.13 11:37:04 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.02.20 18:40:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.02.20 18:40:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.02.20 18:39:50 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.02.20 18:28:41 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.02.20 18:28:32 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.02.20 18:28:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.02.20 18:28:26 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.02.20 18:28:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.02.20 18:28:23 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.02.20 18:28:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.02.20 18:28:15 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013.02.16 20:09:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.02.16 20:09:04 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll
MOD - [2013.02.16 20:09:04 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll
MOD - [2013.02.16 20:08:49 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.02.16 19:55:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.02.16 19:55:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.02.16 19:55:37 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.02.16 19:55:36 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.02.16 19:55:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.16 19:55:14 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.02.16 19:55:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013.02.16 19:55:09 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.02.16 19:54:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.02.16 19:54:51 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll
MOD - [2013.02.16 19:54:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.02.16 19:54:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.02.16 19:54:09 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.02.16 19:53:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.03 16:02:34 | 000,355,840 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvr.exe
MOD - [2012.12.03 16:01:36 | 000,998,912 | ---- | M] () -- C:\Program Files (x86)\HiPath 4000 Expert Access\COMWIN1_50.BPL
MOD - [2012.06.23 01:46:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.04.23 17:49:20 | 000,396,800 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.12.17 17:46:00 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.11 21:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.05 19:38:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.05 19:38:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.13 11:37:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.03 16:09:04 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HiPath 4000 Expert Access\ComWinSvc.exe -- (ComWinService)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.06.07 13:03:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.23 17:49:04 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2012.02.29 10:20:04 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.29 10:19:58 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.29 10:19:48 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.01 19:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.12.05 10:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.05 09:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011.11.29 21:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.06.24 12:44:16 | 000,317,296 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe -- (SwiCardDetectSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.05 19:38:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.05 19:38:32 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.05 19:38:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.26 19:22:30 | 000,039,592 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2013.03.26 19:22:30 | 000,016,552 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.02.22 09:17:06 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.02.22 09:17:06 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.02.16 02:49:43 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013.02.16 02:49:43 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012.08.07 20:40:48 | 000,311,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.06.07 12:49:08 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.05.21 16:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.05.21 16:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.05.21 16:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.04.20 18:45:36 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2012.04.20 18:45:36 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012.04.20 18:45:36 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012.04.20 18:45:36 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.03.26 19:31:30 | 000,027,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.02 12:07:00 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012.02.02 12:07:00 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.02 12:07:00 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.02 12:07:00 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012.02.02 12:07:00 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.02 12:07:00 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.01.31 14:17:00 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.12.06 20:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.12.05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.12.05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.15 19:24:20 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011.11.15 12:12:08 | 000,111,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.11.10 18:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.28 04:45:00 | 003,821,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL564.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.01 15:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.29 19:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF F7 AA 6C A3 25 CE 01  [binary data]
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2013.03.26 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:56:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 21:56:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 21:56:41 | 000,000,000 | ---D | M]
 
[2013.02.16 16:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\Extensions
[2013.04.13 19:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\Firefox\Profiles\pvsno6m7.default\extensions
[2013.04.13 19:43:02 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\T_Hosang\AppData\Roaming\mozilla\firefox\profiles\pvsno6m7.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2013.04.11 21:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 21:56:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.02.01 21:33:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.01 21:33:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.01 21:33:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.01 21:33:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.01 21:33:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.01 21:33:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.13 19:49:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [ComWin-Frame] C:\Program Files (x86)\HiPath 4000 Expert Access\comwinsvr.exe ()
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [HP Deskjet 3050 J610 series (NET)] C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2237916325-3766352128-2985040784-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://192.0.2.5/public/downloads/j2re-win-i.exe (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68463A1D-E420-45B4-A7E4-560C4EA199A1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D8F5EF9-6AEA-4449-A3A1-D54707BB83B0}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2592200-3B4D-4A54-A3CB-46C29430E558}: DhcpNameServer = 10.229.32.10 10.229.32.11 10.252.128.12
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.13 20:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.13 20:22:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.13 19:54:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.13 19:49:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.13 19:46:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.13 19:46:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.13 19:46:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.13 19:46:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.13 19:45:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.13 11:34:31 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\Malwarebytes
[2013.04.13 11:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.13 11:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.13 11:34:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.13 11:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.13 11:33:56 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Local\Programs
[2013.04.12 15:58:36 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.04.12 15:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.04.12 15:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.04.12 15:55:48 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Local\Windows Live
[2013.04.12 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.04.11 21:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.05 19:38:45 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.05 19:38:45 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.05 19:38:45 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.05 19:33:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.04.02 16:58:52 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.04.02 16:58:52 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.04.02 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013.03.26 19:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sierra Wireless
[2013.03.26 19:23:00 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2013.03.26 19:23:00 | 000,087,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2013.03.26 19:22:58 | 000,422,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2013.03.26 19:22:58 | 000,223,232 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2013.03.26 19:22:30 | 000,039,592 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2013.03.26 19:22:30 | 000,016,552 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2013.03.26 19:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Wireless Inc
[2013.03.26 19:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2013.03.26 19:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.26 18:42:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\WinRAR
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\Users\T_Hosang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 13:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.20 13:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.13 21:36:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.13 20:43:59 | 000,890,815 | ---- | M] () -- C:\Users\T_Hosang\Desktop\SecurityCheck.exe
[2013.04.13 20:32:32 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 20:32:32 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 20:25:21 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.04.13 20:24:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.13 20:24:30 | 2041,921,535 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 19:49:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.13 18:59:29 | 000,346,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.13 18:37:45 | 000,377,856 | ---- | M] () -- C:\Users\T_Hosang\Desktop\066pciil.exe
[2013.04.13 18:36:23 | 000,000,000 | ---- | M] () -- C:\Users\T_Hosang\defogger_reenable
[2013.04.13 18:35:32 | 000,050,477 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Defogger.exe
[2013.04.11 21:17:25 | 000,002,923 | ---- | M] () -- C:\Users\T_Hosang\ComWin.Hst
[2013.04.11 14:13:02 | 000,000,000 | ---- | M] () -- C:\Users\T_Hosang\pr20130411.pro
[2013.04.10 17:37:21 | 000,002,074 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.10 17:37:21 | 000,002,003 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Avira DE-Cleaner.lnk
[2013.04.08 06:53:48 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 06:53:48 | 000,698,764 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 06:53:48 | 000,652,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 06:53:48 | 000,148,788 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 06:53:48 | 000,121,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.05 19:38:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.05 19:38:32 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.05 19:38:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 07:18:50 | 000,001,255 | ---- | M] () -- C:\Users\T_Hosang\Desktop\HP Scan.lnk
[2013.04.02 16:59:03 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.03.26 19:23:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.26 19:22:30 | 000,039,592 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2013.03.26 19:22:30 | 000,016,552 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2013.03.26 19:22:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.03.26 19:22:02 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013.03.26 07:34:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.26 07:34:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.21 13:20:51 | 597,318,253 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.21 13:19:04 | 001,560,839 | ---- | M] () -- C:\Users\T_Hosang\response.res
[2013.03.21 13:19:04 | 000,197,133 | ---- | M] () -- C:\Users\T_Hosang\pr20130321.pro
[2013.03.20 13:03:00 | 001,470,282 | ---- | M] () -- C:\Users\T_Hosang\Desktop\Cordlessprogramm.rar
[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
 
========== Files Created - No Company Name ==========
 
[2013.04.13 20:43:57 | 000,890,815 | ---- | C] () -- C:\Users\T_Hosang\Desktop\SecurityCheck.exe
[2013.04.13 19:46:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.13 19:46:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.13 19:46:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.13 19:46:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.13 19:46:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.13 18:37:44 | 000,377,856 | ---- | C] () -- C:\Users\T_Hosang\Desktop\066pciil.exe
[2013.04.13 18:36:23 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\defogger_reenable
[2013.04.13 18:35:30 | 000,050,477 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Defogger.exe
[2013.04.12 15:58:33 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.04.12 15:58:27 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.04.11 14:13:02 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130411.pro
[2013.04.10 17:37:21 | 000,002,074 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.04.10 17:37:21 | 000,002,003 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Avira DE-Cleaner.lnk
[2013.04.04 07:18:50 | 000,001,255 | ---- | C] () -- C:\Users\T_Hosang\Desktop\HP Scan.lnk
[2013.04.02 16:59:03 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.03.26 19:23:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2013.03.26 19:22:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vodafone_K3805-z_dc_enum_01009.Wdf
[2013.03.26 19:22:02 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Broadband.lnk
[2013.03.26 07:34:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.26 07:34:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.21 11:14:14 | 000,197,133 | ---- | C] () -- C:\Users\T_Hosang\pr20130321.pro
[2013.03.20 13:03:00 | 001,470,282 | ---- | C] () -- C:\Users\T_Hosang\Desktop\Cordlessprogramm.rar
[2013.03.11 11:55:23 | 000,102,168 | ---- | C] () -- C:\Users\T_Hosang\pr20130311.pro
[2013.03.07 14:14:28 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130307-1.pro
[2013.03.07 10:49:51 | 000,788,470 | ---- | C] () -- C:\Users\T_Hosang\pr20130307.pro
[2013.03.05 13:04:01 | 000,027,708 | ---- | C] () -- C:\Users\T_Hosang\pr20130305.pro
[2013.02.27 09:43:15 | 000,000,000 | ---- | C] () -- C:\Users\T_Hosang\pr20130227.pro
[2013.02.20 11:22:52 | 000,007,111 | ---- | C] () -- C:\Users\T_Hosang\pr20130220-1.pro
[2013.02.20 09:57:21 | 000,021,223 | ---- | C] () -- C:\Users\T_Hosang\pr20130220.pro
[2013.02.19 12:14:01 | 000,003,455 | ---- | C] () -- C:\Users\T_Hosang\pr20130219.pro
[2013.02.19 12:13:05 | 000,000,176 | ---- | C] () -- C:\Users\T_Hosang\properties
[2013.02.18 15:24:19 | 000,008,813 | ---- | C] () -- C:\Users\T_Hosang\response-1.res
[2013.02.18 15:24:19 | 000,001,798 | ---- | C] () -- C:\Users\T_Hosang\pr20130218-1.pro
[2013.02.18 15:24:19 | 000,000,312 | ---- | C] () -- C:\Users\T_Hosang\ComWinAccessSecMCache.ini
[2013.02.18 15:01:35 | 001,560,839 | ---- | C] () -- C:\Users\T_Hosang\response.res
[2013.02.18 15:01:35 | 000,159,419 | ---- | C] () -- C:\Users\T_Hosang\pr20130218.pro
[2013.02.16 16:37:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.02.16 16:22:19 | 000,002,923 | ---- | C] () -- C:\Users\T_Hosang\ComWin.Hst
[2013.02.16 03:03:30 | 001,594,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.07 12:58:18 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.06.07 12:58:18 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.06.07 12:37:36 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.06.07 11:04:32 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.04.20 18:43:54 | 000,286,680 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.16 16:31:31 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Roaming\FreePDF
[2013.04.02 16:55:25 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Roaming\Samsung
[2013.03.26 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\T_Hosang\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 

< End of report >
das war der Rest :-)

Zitat:
Zitat von aharonov Beitrag anzeigen
Hi,

prima, sieht wieder gut aus.
Jetzt unbedingt noch alle veralteten Programmversionen runterwerfen und dann räumen wir auf.
...
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
Hi Leo,

Das aufräumen werde ich aber erst morgen machen.

Das wir uns nicht so schnel wieder sehen, wird sich morgen zeigen, wenn ich meinen 2. Rechner gecheckt habe ;-)

VIELEN VIELEN DANK. so schnelle Hilfe hatte ich bisher in keinem Forum

Gruß
Thorsten

Alt 13.04.2013, 20:56   #12
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hallo Thorsten,

das ausstehende OTL-Log hab ich vergessen.
Aber das sieht auch gut aus.

Zitat:
Das aufräumen werde ich aber erst morgen machen.
In Ordnung. Melde dich einfach kurz, wenn alles erledigt ist oder falls noch Probleme auftauchen.
__________________
cheers,
Leo

Alt 14.04.2013, 12:02   #13
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Moin Leo,

nochmal viele Dank für Deine Hilfe. Mein Rechner läuft jetzt soweit wieder sauber. Ich werde Deine Tipps auf jeden Fall berücksichtigen.

Ich habe jetzt auch auf meinem zweiten Rechner MBAM laufen lassen und was soll ich sagen, auch hier hat der Scanner angeschlagen. kannst du da evtl. auch mal über die LOG Datei drüber schauen. Sollte das der Zeus sein, kann ich bei dem Rechner genau so vorgehen, wie bei meinem Firmenrechner?

Gruß
Thorsten

MBAM:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.13.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
THosang :: NC6320 [Administrator]

14.04.2013 11:29:41
MBAM-log-2013-04-14 (11-46-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235782
Laufzeit: 16 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 14.04.2013, 12:19   #14
aharonov
/// TB-Ausbilder
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hallo Thorsten,

Zitat:
Mein Rechner läuft jetzt soweit wieder sauber.
Sehr gut.

Zitat:
kann ich bei dem Rechner genau so vorgehen, wie bei meinem Firmenrechner?
Bei einer gravierenden Infektion sollte man nie das Vorgehen für einen anderen Rechner kopieren. Jeder Fall muss individuell angeschaut werden.

Zitat:
auch hier hat der Scanner angeschlagen.
Diese Funde sind harmlos, das ist nur ein bisschen Werbung. Du kannst auf dem Rechner mal selbstständig den AdwCleaner durchlaufen lassen und wenn danach immer noch etwas stört, dann am besten hier bei uns einen neuen Thread eröffnen für diesen zweiten Rechner zur genaueren Kontrolle (wir fahren hier nach dem Prinzip: ein Thread pro Rechner).

Können wir dieses Thema hier zum ersten Rechner beenden oder ist noch etwas offen von deiner Seite?
__________________
cheers,
Leo

Alt 16.04.2013, 17:30   #15
Bonzai_hh
 
Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Standard

Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


Hallo Leo,

ich habe heute wieder ein Schreiben von der T-Com bekommen, dass von meinem Rechner immer noch eine Gefahr aus geht und Sie mir den Emailport 25 gesperrt haben und es evtl. noch irgentwelche Backdoors geben würde. Ich habe eben nochmal MBAM laufen lassen, aber ohne Ergebniss.

Und nun
Kann sich der Trojaner auch auf Android einnisten?

Gruß
Thorsten

Antwort
Seite 1 von 2 1 2

Themen zu Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt
administrator, anti-malware, appdata, autostart, code, dateien, downloader, escan, explorer, hängen, kunde, logfiles, malwarebytes, microsoft, probleme, rechner, roaming, software, speicher, t-com, telekom, trojan.agent.bdavgen, trojaner, variant, win32/kryptik.aykh


« Geschwindigketseinbruch beim Browser | Iminent taucht jede Woche neu auf »


Ähnliche Themen: Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt


  1. Telekom Brief Zeus/Zbot
    Log-Analyse und Auswertung - 26.05.2015 (32)
  2. Telekom E-Mail 'zeuS' 'Zbot'
    Log-Analyse und Auswertung - 01.02.2014 (3)
  3. Telekom e-mail Zeus/ZBot
    Log-Analyse und Auswertung - 26.11.2013 (7)
  4. Telekom Brief - ZeuS/ZBot Infektion
    Log-Analyse und Auswertung - 26.11.2013 (9)
  5. Sicherheitswarnung Telekom ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (9)
  6. Zeus/ZBot Telekom email
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (29)
  7. Zeus/ZBot vermutet. Schreiben Telekom und Hausbank hierzu.
    Log-Analyse und Auswertung - 31.05.2013 (19)
  8. ZeuS/ZBot Warnung von der Telekom
    Log-Analyse und Auswertung - 30.05.2013 (23)
  9. Telekom Brief Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (22)
  10. Telekom Warnung vor ZeuS/ZBot
    Log-Analyse und Auswertung - 05.03.2013 (15)
  11. Telekom Brief, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (16)
  12. Telekom-Hinweis auf ZeuS/ZBot
    Log-Analyse und Auswertung - 18.02.2013 (7)
  13. ZeuS/ZBot Schädling Schreiben der Telekom (Windows 7 32 und 64 bit)
    Log-Analyse und Auswertung - 22.12.2012 (49)
  14. Trojaner ZeuS/ZBot Telekom Brief
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (20)
  15. Post von der Telekom (ZeuS/ZBot)
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (4)
  16. Telekom verweist auf ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (11)
  17. Trojanerwarnung Zeus/ZBot von Telekom
    Log-Analyse und Auswertung - 28.10.2012 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt - Moin Moin, auch ich habe ein Schreiben von der T-Com bekommen, das auf meinem Rechner ein Trojaner ist. Ich msche hier bewusst ein neues Thema auf, da ich mich nicht - Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt...
Archiv
Du betrachtest: Schreiben von der Telekom / Zeus/ZBOT / DE-Cleaner ausgeführt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55