Smart HDD/ Wie entfernen?

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Cathrin :: CATHRIN-HP [Administrator]

Schutz: Aktiviert

11.04.2012 12:25:58
mbam-log-2012-04-11 (12-25-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199931
Laufzeit: 11 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\yCtJmFuxrMKCWF.exe (Trojan.Agent) -> 5036 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|yCtJmFuxrMKCWF.exe (Trojan.Agent) -> Daten: C:\ProgramData\yCtJmFuxrMKCWF.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\yCtJmFuxrMKCWF.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Cathrin :: CATHRIN-HP [Administrator]

Schutz: Aktiviert

11.04.2012 12:41:50
mbam-log-2012-04-11 (12-41-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 371339
Laufzeit: 1 Stunde(n), 25 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

 defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:10 on 11/04/2012 (Cathrin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read SafeBoot.sys


-=E.O.F=-
         

 .
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421
Run by Cathrin at 14:11:14 on 2012-04-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.1967.338 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\ProgramData\DatacardService\DCService.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PDF24\pdf24.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Cathrin\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\hewlett-packard\hp protecttools security manager\bin\DPAgent.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: SwissAcademic.Citavi.Picker.IEPicker: {609d670f-b735-4da7-ac6d-f3bd358e325e} - mscoree.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "c:\program files\t-mobile\internetmanager_h\updatedog\ouc.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [<NO NAME>] 
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP Connection Manager.exe] 
mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NOBuActivation.exe" UNATTENDED
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DataCardMonitor] c:\program files\t-mobile\internetmanager_h\DataCardMonitor.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDFPrint] c:\program files\pdf24\pdf24.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\cathrin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\cathrin\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\cathrin\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\cathrin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Citavi Picker... - file://c:\programdata\swiss academic software\citavi picker\internet explorer\ShowContextMenu.html
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: google.com\mail
Trusted Zone: weightwatchers.de\signup
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://asa04.rmz.uni-lueneburg.de/+CSCOL+/relayp.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EBF5330-A852-43AD-8EFC-0CA4783F1720} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EBF5330-A852-43AD-8EFC-0CA4783F1720}\14C4943454D275C414E46454 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: DeviceNP - DeviceNP.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-8-31 13184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2010-2-2 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2010-2-2 13256]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2010-2-2 40088]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-4 207400]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe [2011-1-21 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-21 172032]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2010-4-5 103992]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2010-3-17 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-5 103992]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-6-14 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2010-2-2 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2010-1-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-3-1 264248]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-11 654408]
R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2010-3-16 331000]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-1-21 48640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-1-21 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-1-21 38912]
R2 SMManager;HP Connection Manager Service;c:\program files\hewlett-packard\hp connection manager\SMManager.exe [2010-3-13 82760]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-1-21 2320920]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-9-13 215208]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-8-31 63616]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-27 132480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-11 22344]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\drivers\rtsuvc.sys [2011-1-21 73344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-19 1664304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-1-21 29472]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-21 32312]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-8-31 101504]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-12-7 362040]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-8-31 69504]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-2-1 6755840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-11-23 1120752]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-1 1343400]
SUnknown sndcyobd;sndcyobd; [x]
.
=============== Created Last 30 ================
.
2012-04-11 10:40:54	56200	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{f73e59de-27ba-4c2c-9170-f36230000633}\offreg.dll
2012-04-11 10:24:05	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-11 09:56:50	--------	d--h--w-	c:\users\cathrin\appdata\roaming\Malwarebytes
2012-04-11 09:56:41	--------	d--h--w-	c:\programdata\Malwarebytes
2012-04-11 09:56:39	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-11 09:44:41	242688	---ha-w-	c:\programdata\1YuQ6AGiYV7j78.exe
2012-04-10 19:41:29	6582328	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{f73e59de-27ba-4c2c-9170-f36230000633}\mpengine.dll
2012-03-14 21:40:11	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 21:40:10	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 07:28:47	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 07:28:46	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 07:28:30	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:28:30	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 07:28:30	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:28:29	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 07:28:29	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 07:28:29	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-12 19:13:23	--------	d-----w-	c:\program files\common files\Bitdefender
.
==================== Find3M  ====================
.
2012-03-27 06:52:58	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05	237072	------w-	c:\windows\system32\MpSigStub.exe
.
============= FINISH: 14:12:01,55 ===============