| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Vodafone PDF TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.11.2012, 16:27
| #1 | ||||||
| |  Vodafone PDF Trojaner Hallo, auch ich hab eine Fake-Vodafone-Rechnung per PDF bekommen. Die E-Mail war seriös gestaltet und da ich auch Vodafone Kunde bin habe ich das PDF-File geöffnet. Allerdings habe ich dann schnell gemerkt, dass es sich um ein Fake handelt. Mit Avira AntiVir habe ich bereits einen Scan gemacht, allerdings wurde nichts gefunden. Ich verwende Adobe Reader 10.1.4. Alle Windows Updates sind auf dem neuesten Stand. Während ich das PDF File geöffnet hatte war keine Internetverbindung vorhanden. Bis jetzt hab ich auch noch keine Auffälligkeiten bemerkt, allerdings nutze ich den Laptop für Onlinebanking und auch beruflich und möchte somit sicher gehen, dass mein System wirklich sauber ist (wenn möglich ohne Neuinstallation). Ich habe anschließend das Dokument bei https://joedd.joesecurity.org gescannt und dieser sagt, dass unter der Adobe Reader Version 10.1.3 (ich habe 10.1.4!) nichts gefunden wurde. Nur bei Version 8.1.2.
OTL Logfile OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.11.2012 15:18:00 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\******\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 43,01% Memory free
7,80 Gb Paging File | 5,61 Gb Available in Paging File | 71,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 51,74 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 411,24 Gb Free Space | 88,29% Space Free | Partition Type: NTFS
Computer Name: LAPTOP****** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D29E0D-0B94-4B41-96B1-46BBEC88AA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{035F7AC4-7EE6-4C0B-8D78-B4897DBC0869}" = lport=2869 | protocol=6 | dir=in | app=system |
"{050E517F-C680-47CD-91E5-8283DEBB45AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{195680FC-DBC1-4F8B-985B-72B774A53469}" = rport=10243 | protocol=6 | dir=out | app=system |
"{21C853BE-BB3E-475A-81EA-D962637C2D17}" = lport=137 | protocol=17 | dir=in | app=system |
"{31C0D989-A651-4A74-B5A7-8BDDD4321139}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4998C3FE-F183-4E54-9D01-93F0CEC435E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51D3A7A9-C5BC-418C-B83A-4D925E27F156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EA511FA-1665-47BF-8DD9-DF7277609F3A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7632894A-62EB-4B9A-AFC4-AD3CAE83BA1D}" = rport=137 | protocol=17 | dir=out | app=system |
"{A47B18BC-6772-4B0B-8531-54CC7885A482}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACC34A52-8027-45AA-B0BA-FA747492EA4D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF73A3A4-7F05-46F9-BF8F-71A373CF45CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4DAD413-6611-42F0-849E-83D1F5F2A3E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0460A0C-9C66-4F48-BC55-6F91C8EE4E20}" = rport=139 | protocol=6 | dir=out | app=system |
"{DCFACAF6-4014-478F-AC69-7DBA45E24B22}" = rport=138 | protocol=17 | dir=out | app=system |
"{E4CE2EBE-3E1C-41A0-8379-9205555C4982}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E73D6544-5A83-4E0E-8F06-8DE03C949A70}" = lport=138 | protocol=17 | dir=in | app=system |
"{EEA6E78D-CBB6-402E-8001-BC73660E6E1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1709317-B649-42F7-BCCF-1A8469F9D4A4}" = lport=445 | protocol=6 | dir=in | app=system |
"{F99F54E9-4894-43F4-BC33-E37FF35247DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD521A32-FC86-495B-ADFE-5C29ECD415C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AEC287-0789-4F98-998D-A1BD61F31027}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{0C02FE3E-08C5-4825-AAD6-F4298DBB12B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C285DE7-7D42-4F66-9EBC-8F0F49E5A515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CE0C961-DCDE-4937-B070-F8A0F8F3AEC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CE4A34C-906C-45CA-B0E3-1F8911F55382}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{129DD792-F3EE-43B9-90AD-E7D68D3C3788}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13571462-6382-4F29-BDC4-BBC2F8216A99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{268B472B-A64E-4C2B-96F3-FCEF43D59247}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{349BD310-DA94-4067-8DAF-9268B526A23C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{38C52AF9-70F6-4723-B01C-5254A3632FC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3973EA6E-FBFE-463C-83F3-61936F25B4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{3CF6F281-4AA9-477F-8625-8B7B985FF0B5}" = protocol=6 | dir=out | app=system |
"{429B5194-261E-4ABA-A783-C30B4EEC5CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{491979D5-E812-4CC3-9269-13AE221DE83E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{549BBECB-0FA5-4EA6-A031-AD36AFA84554}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{56E7C27F-30A6-47CD-AAFC-E13F9BE8A653}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{5C8003E2-DF61-4234-98BF-5EC6D2F122A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65DF79F5-9A54-4F6B-AE43-4426F3E25AC9}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{7A1AD692-E7AE-468A-861A-60AA05E6BAB7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7A3B631A-6243-4B06-8C70-1B1B2EE33296}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C14087B-74D3-4536-92F3-F2A5EA61C0DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80EF4E06-B378-4F64-A565-578FE4CDA3AF}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{819F5B25-2842-42A6-BFC0-3F3E7246882E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CF28B38-B9E7-4B27-B422-9867CCA34EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EAD63D9-731C-4DE0-A532-FCD4F8DFF13A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9120543E-92A5-4364-8029-E84A774F54CD}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{9B2CAF00-5E50-4D11-88A1-7E8CDE6ED45D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AB2A318C-59A7-4D73-A209-D05507CB9E1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD46FF1E-3711-427A-B282-0B20948A5A81}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B24DDF93-B4A0-4598-9A0A-4FA06EDC9060}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{B3518DAC-BB34-4557-BBC3-2672533A5591}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B789E219-FC23-4814-A311-EC6466D8961E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B8A7022A-46B3-4CFE-9A78-843732F905C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9BF1853-481E-445A-822D-03A3F035F29B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CD6EC559-2F02-48B8-91FC-2BF6F80842F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D41B96C5-6DE5-4C8F-ABB7-9F88D1F20BA9}" = protocol=6 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe |
"{D4626446-E530-40B3-83FF-9D7C98C8BB68}" = protocol=17 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe |
"{D4C47CDE-9758-4231-80B7-1FB59388305D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D737E85B-97E2-4DE7-B485-2DFBE3FC34CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB68F748-BF84-4570-B091-7D136F266688}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE43636E-6F8D-4B9F-AF88-9B6BD907ACB6}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe |
"{E099641B-7132-409A-A461-312AE8C26EFC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E1B069B0-C4D1-41E5-94F5-C23171C8BC49}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E2F975B0-5DA4-4DBD-85EB-9D1A85E53BC5}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E49776C7-FA3C-4DBE-ABC3-1C80C80DFE33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E55A711D-E578-47E4-8743-8E213AB68F70}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{F491FBB5-EB66-4946-BCB6-93BCCF50C620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7C8526A-C751-416C-955B-3F0F449BE1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F8A3EA9B-0E93-4879-A64E-E385D70EEFBE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FE80FF01-24B8-4966-B823-783FD9818C0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF9333E4-2DFD-4C0B-82DF-B20D3C0A28C0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{00F78F78-D498-42AC-B17B-86C954F88FD5}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{41F7B54E-41CC-4D10-B9CD-C809B3D56346}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"TCP Query User{53471F84-7EB0-4920-8824-21EA6BB8ECCD}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
"TCP Query User{5AE4C19A-472D-427E-AC00-D53CB4AC52BA}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{73E5DE99-4A9B-4B77-AE53-E6564C351E10}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
"TCP Query User{A0E0DC51-0FBD-40C5-8D35-246749A00C1A}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe |
"TCP Query User{ABC9FB14-91F3-41CC-901B-A0B0A4547956}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{AE38CFAE-EF4A-4FF8-9AAF-945C6B2CE652}C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F212A9F4-6224-4F28-BD08-C83E5B78B20A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{F6662ECA-9282-4DE0-81DC-931A27308A53}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{13B0DCA3-B24D-4761-A3C3-BD3E3922B41F}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{1C40AF3B-8035-4DFA-AEFA-55D0F656B4A2}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
"UDP Query User{4FC2880A-B50F-4794-849B-870F4FEC3845}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{64CB9D8F-6F58-45B6-814F-1DA419B81763}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{76FE5F44-585C-4BDD-9608-8BA71ECAB45D}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{78D29BB1-4CF2-4628-8871-5543846785C6}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{A977C4DC-F94D-4891-B4C8-3FF1837C7B9C}C:\users\******\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\******\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C6E771D9-756D-42C4-BF13-49DC4B7E654C}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe |
"UDP Query User{C786944C-9CA2-4CB3-B419-8FACAF405F49}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{FF794A00-B962-4786-B754-437ECD288D15}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}" = Gigaset QuickSync
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}" = FRITZ!Fernzugang
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94198F92-0C11-40FB-ADAD-D033C85D4D74}" = Drive Encryption for HP ProtectTools
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PDF-XChange 3_is1" = PDF-XChange 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}" = Mindjet MindManager 9
"{0F3A02CF-09B1-4B49-BE02-A70790F18B56}" = StarMoney
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{22B76906-5831-4052-9463-E13C5B7A5B40}" = HP ESU for Microsoft Windows 7
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66D6C49D-B4F4-423A-85EA-3AF843115A91}" = StarMoney
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8DF067D5-EAFB-4B93-AFF6-A6E33D9697C7}" = HP ProtectTools Security Manager
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B4814B84-AEEC-4647-90A4-67E2DF637544}" = StarMoney 8.0 S-Edition
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{D1C42E76-0165-4542-95FD-5A9F75023573}" = Credential Manager for HP ProtectTools
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis True Image Home
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.6.0.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePass Password Safe_is1" = KeePass Password Safe 1.22
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Personal Backup 5_is1" = Personal Backup 5.3
"Pharos" = Pharos
"PhonerLite_is1" = PhonerLite 2.04
"TeamViewer 7" = TeamViewer 7
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 5.1
"Wireshark" = Wireshark 1.6.7 (64-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.11.2012 09:15:02 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 17.11.2012 09:57:31 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 17.11.2012 11:46:28 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 17.11.2012 16:55:19 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 18.11.2012 00:54:40 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 18.11.2012 11:25:37 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.11.2012 13:16:24 | Computer Name = Laptop****** | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 2.0.1.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 19c8 Startzeit:
01cdc5b047798888 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Berichts-ID:
a366c8e5-31a3-11e2-a129-00247e766500
Error - 18.11.2012 20:30:27 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.11.2012 22:43:37 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 19.11.2012 07:34:10 | Computer Name = Laptop****** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
[ Credential Manager Events ]
Error - 30.10.2012 00:42:54 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 30.10.2012 00:42:54 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 01.11.2012 15:57:24 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 01.11.2012 15:57:24 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 01.11.2012 15:57:27 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 01.11.2012 15:57:27 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 10.11.2012 18:23:20 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 10.11.2012 18:23:20 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 14.11.2012 08:55:38 | Computer Name = Laptop****** | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
******@LAPTOP****** Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 14.11.2012 08:55:38 | Computer Name = Laptop****** | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: ******@LAPTOP******
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
[ System Events ]
Error - 27.07.2012 19:11:49 | Computer Name = Laptop****** | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 28.07.2012 03:04:22 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 28.07.2012 04:24:20 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 28.07.2012 04:24:56 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
Error - 28.07.2012 21:46:12 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 29.07.2012 08:30:18 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 31.07.2012 10:26:39 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 31.07.2012 17:48:52 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
Error - 31.07.2012 19:01:32 | Computer Name = Laptop****** | Source = DCOM | ID = 10010
Description =
Error - 01.08.2012 04:47:29 | Computer Name = Laptop****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.11.2012 15:18:00 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\******\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 43,01% Memory free 7,80 Gb Paging File | 5,61 Gb Available in Paging File | 71,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 51,74 Gb Free Space | 43,43% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 411,24 Gb Free Space | 88,29% Space Free | Partition Type: NTFS Computer Name: LAPTOP****** | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\******\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe () PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsGHost.exe (Bioscrypt Inc.) PRC - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Mindjet\MindManager 9\zlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (BotkindSyncService) -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (avmike) -- C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin) SRV - (nwtsrv) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) SRV - (certsrv) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HpFkCryptService) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsChnl.dll (Bioscrypt Inc.) SRV - (Pharos Systems ComTaskMaster) -- C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (tdrpman251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (NWIM) -- C:\Windows\SysNative\drivers\avmnwim.sys (AVM Berlin) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\SbFsLock.sys (SafeBoot International) DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\RsvLock.sys (SafeBoot International) DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\SafeBoot.sys () DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (SbAlg) -- C:\Windows\SysNative\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 59 9A 67 9A C3 CD 01 [binary data] IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "PONS.eu : Englisch » Deutsch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {c666c018-6409-4479-afa3-68e4129e7eff}:1.1.0 FF - prefs.js..extensions.enabledAddons: contextMenuExtension@leo.org:0.3.1 FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2012.08.30 14:51:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 15:23:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 15:23:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.28 13:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions [2012.10.23 22:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\o2h4a6uk.default\extensions [2012.09.20 00:08:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\o2h4a6uk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.16 18:04:09 | 000,018,789 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\contextMenuExtension@leo.org.xpi [2012.09.19 13:00:23 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012.08.23 07:51:55 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.09.16 18:03:30 | 000,013,268 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi [2012.07.25 02:02:52 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.05.22 19:53:15 | 000,000,983 | ---- | M] () -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\ponseu--englisch--deutsch.xml [2012.05.09 14:39:32 | 000,002,057 | ---- | M] () -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\youtube-videosuche.xml [2012.11.18 17:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 15:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.29 15:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.29 15:23:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 01:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 22:06:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 01:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 01:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 01:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 01:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\ItIEAddIn64.dll (Bioscrypt Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [] File not found O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CDC35AB-A692-4D64-884D-23F4B7A925A0}: DhcpNameServer = 89.101.160.4 89.101.160.5 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.) O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell - "" = AutoRun O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{403e1d86-9156-11e1-ba7a-00247e766500}\Shell\install\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.18 17:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.18 17:42:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.18 17:42:20 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.18 17:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.11.18 17:30:00 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.11.18 17:30:00 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.11.18 17:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.11.16 15:05:17 | 000,000,000 | ---D | C] -- d:\Users\******\Documents\Outlook-Dateien [2012.11.16 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Clipboarder [2012.11.16 03:06:33 | 000,032,768 | ---- | C] (Analog Devices) -- C:\Windows\SysWow64\adidrm.dll [2012.11.16 03:06:32 | 000,060,928 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysWow64\SFFXComm.dll [2012.11.16 03:06:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX [2012.11.16 03:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus [2012.11.15 23:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.11.14 21:32:19 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.14 21:32:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.14 21:32:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.11.14 21:32:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.11.14 21:32:01 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.11.14 21:32:00 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.11.14 21:32:00 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.11.14 21:32:00 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.11.14 21:32:00 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.11.14 21:32:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.11.14 21:32:00 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.11.14 21:32:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.11.14 21:32:00 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.11.14 21:32:00 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.11.14 21:32:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.11.14 21:32:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.11.14 21:32:00 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.11.14 21:32:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.11.14 21:32:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.11.14 21:32:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.11.14 21:32:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.11.14 21:32:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.11.14 21:31:59 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.11.14 21:31:59 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.11.14 21:26:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.14 21:26:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.14 21:26:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.14 21:26:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.14 21:26:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.14 21:26:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.14 21:26:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.14 21:26:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.14 21:26:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.14 21:26:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.14 21:26:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.14 21:26:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.14 21:26:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.14 21:26:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.14 21:26:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.14 21:22:04 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.14 21:22:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.14 21:22:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.14 21:22:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.14 21:21:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.11.14 21:21:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.11.14 20:08:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.14 20:08:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.14 20:08:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.14 20:08:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.14 20:08:03 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.14 20:08:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.14 20:08:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.14 20:07:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.14 20:07:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.11 01:41:53 | 000,000,000 | ---D | C] -- d:\Users\******\Documents\Frisuren [2012.11.10 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Niki [2012.11.10 15:36:29 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\S [2012.11.09 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Gigaset_Communications_Gm [2012.11.05 14:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.29 15:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.24 21:02:19 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Avira [2012.10.24 20:57:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.24 20:57:00 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.24 20:57:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.23 22:18:56 | 000,000,000 | ---D | C] -- d:\Users\******\Documents\Bluetooth-Exchange-Ordner [2012.10.22 15:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2012.10.22 14:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP [2012.10.22 11:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\DeltaCopy [2012.10.22 01:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\FtpSync [2012.10.22 01:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ISM [2012.10.22 01:29:01 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Musik Sophie [2012.10.22 01:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks [2012.10.22 01:04:34 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Deployment [2012.10.22 01:04:34 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Apps [2012.10.22 00:44:26 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\topster.de [2012.10.22 00:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software [2012.10.21 23:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software [2012.10.21 23:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software ========== Files - Modified Within 30 Days ========== [2012.11.19 14:37:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.19 13:39:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.19 12:25:59 | 000,002,236 | -H-- | M] () -- d:\Users\******\Documents\Default.rdp [2012.11.19 12:15:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 12:15:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.19 11:38:55 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.19 11:38:55 | 000,657,850 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.19 11:38:55 | 000,619,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.19 11:38:55 | 000,131,190 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.19 11:38:55 | 000,107,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.19 11:34:01 | 3142,791,168 | -HS- | M] () -- C:\hiberfil.sys [2012.11.19 01:16:19 | 000,062,880 | ---- | M] () -- C:\Users\******\Desktop\Article.pdf [2012.11.18 17:42:15 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.11.18 17:42:15 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.11.18 17:42:15 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.18 17:42:15 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.18 17:29:52 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.11.18 17:29:52 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.11.17 20:55:13 | 474,311,708 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.16 02:53:29 | 000,007,607 | ---- | M] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg [2012.11.15 22:50:23 | 000,001,035 | ---- | M] () -- C:\Users\******\Desktop\PhonerLite.lnk [2012.11.14 21:38:36 | 000,420,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.14 19:13:38 | 000,113,967 | ---- | M] () -- C:\Users\******\Desktop\Edignburgh - Tour.pdf [2012.11.14 11:32:20 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.14 11:32:20 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.08 00:11:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.08 00:11:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.05 15:56:24 | 000,000,962 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.10.26 23:03:33 | 000,020,428 | ---- | M] () -- d:\Users\******\Documents\KeePass_Database.kdb [2012.10.22 15:57:17 | 000,000,600 | ---- | M] () -- C:\Users\******\AppData\Roaming\winscp.rnd [2012.10.21 23:37:36 | 000,008,912 | ---- | M] () -- C:\Users\******\Desktop\FTP-BackUp.buj ========== Files Created - No Company Name ========== [2012.11.19 01:16:28 | 000,062,880 | ---- | C] () -- C:\Users\******\Desktop\Article.pdf [2012.11.14 21:32:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 21:22:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 19:13:38 | 000,113,967 | ---- | C] () -- C:\Users\******\Desktop\Edignburgh - Tour.pdf [2012.11.07 21:16:17 | 474,311,708 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.22 14:54:25 | 000,000,600 | ---- | C] () -- C:\Users\******\AppData\Roaming\winscp.rnd [2012.10.22 14:47:36 | 000,002,236 | -H-- | C] () -- d:\Users\******\Documents\Default.rdp [2012.08.06 11:37:50 | 000,000,028 | ---- | C] () -- C:\Users\******\AppData\Roaming\PhonerLitesettings.ini [2012.04.29 06:21:29 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.28 15:02:49 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2012.04.28 13:32:30 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2012.04.28 13:32:30 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.04.27 18:22:42 | 000,007,607 | ---- | C] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg [2012.03.28 20:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 20:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 20:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 20:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 20:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.03 11:32:40 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.06.03 11:32:40 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.06.03 11:32:40 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin ========== ZeroAccess Check ========== [2009.07.14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.31 12:45:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\1&1 [2012.09.06 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Acronis [2012.05.31 21:01:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Amazon [2012.04.28 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canneverbe Limited [2012.04.28 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Credential Manager [2012.11.19 11:36:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Dropbox [2012.09.20 00:08:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft [2012.09.20 00:08:01 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.09 14:17:41 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\e-academy Inc [2012.05.07 06:24:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\elsterformular [2012.11.19 02:42:56 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FileZilla [2012.06.04 00:23:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FTPbox [2012.10.22 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\KeePass [2012.10.17 23:33:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\MyPhoneExplorer [2012.07.17 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia [2012.07.17 13:07:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia Suite [2012.05.06 14:44:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PC Suite [2012.10.22 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PersBackup5 [2012.11.15 22:50:05 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhonerLite [2012.04.28 18:39:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Samsung [2012.04.29 08:51:44 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TeamViewer [2012.10.22 00:46:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\topster.de [2012.09.06 14:12:52 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report > Avira AntiVir Log File (nichts gefunden) Code:
ATTFilter
Avira Free Antivirus
Report file date: Montag, 19. November 2012 14:19
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Professional
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : ******
Computer name : LAPTOP******
Version information:
BUILD.DAT : 13.0.0.2761 48279 Bytes 09.11.2012 16:45:00
AVSCAN.EXE : 13.4.0.262 638752 Bytes 14.11.2012 11:30:36
AVSCANRC.DLL : 13.4.0.219 54560 Bytes 09.10.2012 17:19:07
LUKE.DLL : 13.4.0.251 67360 Bytes 14.11.2012 11:32:05
AVSCPLR.DLL : 13.4.0.262 93984 Bytes 13.11.2012 00:16:55
AVREG.DLL : 13.4.0.244 245536 Bytes 13.11.2012 00:16:55
avlode.dll : 13.4.0.255 426272 Bytes 14.11.2012 11:32:21
avlode.rdf : 13.0.0.24 7196 Bytes 27.09.2012 10:30:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11.10.2012 20:57:58
VBASE008.VDF : 7.11.45.208 2048 Bytes 11.10.2012 20:57:58
VBASE009.VDF : 7.11.45.209 2048 Bytes 11.10.2012 20:57:58
VBASE010.VDF : 7.11.45.210 2048 Bytes 11.10.2012 20:57:58
VBASE011.VDF : 7.11.45.211 2048 Bytes 11.10.2012 20:57:58
VBASE012.VDF : 7.11.45.212 2048 Bytes 11.10.2012 20:57:58
VBASE013.VDF : 7.11.45.213 2048 Bytes 11.10.2012 20:57:59
VBASE014.VDF : 7.11.46.65 220160 Bytes 16.10.2012 20:58:00
VBASE015.VDF : 7.11.46.153 173568 Bytes 18.10.2012 20:58:01
VBASE016.VDF : 7.11.46.223 162304 Bytes 19.10.2012 20:58:02
VBASE017.VDF : 7.11.47.35 126464 Bytes 22.10.2012 20:58:03
VBASE018.VDF : 7.11.47.95 175616 Bytes 24.10.2012 20:58:04
VBASE019.VDF : 7.11.47.177 164352 Bytes 26.10.2012 14:37:35
VBASE020.VDF : 7.11.47.229 143360 Bytes 28.10.2012 14:37:35
VBASE021.VDF : 7.11.48.47 138240 Bytes 30.10.2012 14:37:36
VBASE022.VDF : 7.11.48.135 122880 Bytes 01.11.2012 14:37:36
VBASE023.VDF : 7.11.48.209 142848 Bytes 05.11.2012 14:37:36
VBASE024.VDF : 7.11.48.243 119296 Bytes 05.11.2012 20:37:36
VBASE025.VDF : 7.11.49.47 136704 Bytes 07.11.2012 18:40:22
VBASE026.VDF : 7.11.49.135 194560 Bytes 09.11.2012 01:25:19
VBASE027.VDF : 7.11.49.209 188416 Bytes 12.11.2012 00:16:54
VBASE028.VDF : 7.11.50.27 212992 Bytes 14.11.2012 15:10:28
VBASE029.VDF : 7.11.50.105 200704 Bytes 18.11.2012 17:28:57
VBASE030.VDF : 7.11.50.106 2048 Bytes 18.11.2012 17:28:57
VBASE031.VDF : 7.11.50.122 53760 Bytes 19.11.2012 11:39:16
Engine version : 8.2.10.202
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55
AESCRIPT.DLL : 8.1.4.66 463227 Bytes 12.11.2012 13:01:01
AESCN.DLL : 8.1.9.4 131445 Bytes 15.11.2012 15:10:38
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 18:40:30
AEPACK.DLL : 8.3.0.40 815479 Bytes 12.11.2012 13:01:01
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:37:43
AEHEUR.DLL : 8.1.4.138 5542265 Bytes 15.11.2012 15:10:38
AEHELP.DLL : 8.1.25.2 258423 Bytes 24.10.2012 20:58:08
AEGEN.DLL : 8.1.6.10 438646 Bytes 15.11.2012 15:10:29
AEEXP.DLL : 8.2.0.10 119158 Bytes 05.11.2012 14:37:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55
AECORE.DLL : 8.1.29.2 201079 Bytes 07.11.2012 18:40:23
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:37:37
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 19:09:30
AVPREF.DLL : 13.4.0.163 50464 Bytes 19.09.2012 19:07:51
AVREP.DLL : 13.4.0.244 177952 Bytes 13.11.2012 00:16:55
AVARKT.DLL : 13.4.0.232 260384 Bytes 16.10.2012 17:55:29
AVEVTLOG.DLL : 13.4.0.232 167200 Bytes 16.10.2012 17:56:35
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 19:08:55
NETNT.DLL : 13.4.0.163 15648 Bytes 19.09.2012 19:16:26
RCIMAGE.DLL : 13.4.0.163 4782880 Bytes 19.09.2012 20:40:13
RCTEXT.DLL : 13.4.0.163 66336 Bytes 19.10.2012 12:56:26
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Start of the scan: Montag, 19. November 2012 14:19
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started:
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '100' Module(s) have been scanned
Scan process 'ATService.exe' - '49' Module(s) have been scanned
Scan process 'HpFkCrypt.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '104' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '79' Module(s) have been scanned
Scan process 'Hpservice.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'spoolsv.exe' - '91' Module(s) have been scanned
Scan process 'ac.sharedstore.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'acevents.exe' - '60' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'schedul2.exe' - '27' Module(s) have been scanned
Scan process 'armsvc.exe' - '30' Module(s) have been scanned
Scan process 'AEADISRV.EXE' - '18' Module(s) have been scanned
Scan process 'agr64svc.exe' - '17' Module(s) have been scanned
Scan process 'avguard.exe' - '78' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '70' Module(s) have been scanned
Scan process 'avmike.exe' - '44' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'SyncService.exe' - '28' Module(s) have been scanned
Scan process 'certsrv.exe' - '26' Module(s) have been scanned
Scan process 'nwtsrv.exe' - '47' Module(s) have been scanned
Scan process 'CTskMstr.exe' - '49' Module(s) have been scanned
Scan process 'StarMoneyOnlineUpdate.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '89' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '42' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '35' Module(s) have been scanned
Scan process 'taskhost.exe' - '53' Module(s) have been scanned
Scan process 'Dwm.exe' - '33' Module(s) have been scanned
Scan process 'AsGHost.exe' - '136' Module(s) have been scanned
Scan process 'Explorer.EXE' - '247' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '45' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '48' Module(s) have been scanned
Scan process 'igfxtray.exe' - '30' Module(s) have been scanned
Scan process 'hkcmd.exe' - '49' Module(s) have been scanned
Scan process 'igfxpers.exe' - '34' Module(s) have been scanned
Scan process 'acevents.exe' - '62' Module(s) have been scanned
Scan process 'accrdsub.exe' - '70' Module(s) have been scanned
Scan process 'schedhlp.exe' - '32' Module(s) have been scanned
Scan process 'SoundMAX.exe' - '51' Module(s) have been scanned
Scan process 'StikyNot.exe' - '38' Module(s) have been scanned
Scan process 'Kies.exe' - '86' Module(s) have been scanned
Scan process 'sidebar.exe' - '108' Module(s) have been scanned
Scan process 'GoogleCalendarSync.exe' - '73' Module(s) have been scanned
Scan process 'Dropbox.exe' - '78' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '68' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '67' Module(s) have been scanned
Scan process 'VCDDaemon.exe' - '35' Module(s) have been scanned
Scan process 'KiesTrayAgent.exe' - '88' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '19' Module(s) have been scanned
Scan process 'pthosttr.exe' - '97' Module(s) have been scanned
Scan process 'TrueImageMonitor.exe' - '51' Module(s) have been scanned
Scan process 'TimounterMonitor.exe' - '41' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned
Scan process 'avgnt.exe' - '89' Module(s) have been scanned
Scan process 'pdf24.exe' - '38' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '43' Module(s) have been scanned
Scan process 'jusched.exe' - '32' Module(s) have been scanned
Scan process 'VolCtrl.exe' - '35' Module(s) have been scanned
Scan process 'iPodService.exe' - '35' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '108' Module(s) have been scanned
Scan process 'helppane.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '112' Module(s) have been scanned
Scan process 'OSPPSVC.EXE' - '34' Module(s) have been scanned
Scan process 'splwow64.exe' - '28' Module(s) have been scanned
Scan process 'hpqToaster.exe' - '50' Module(s) have been scanned
Scan process 'firefox.exe' - '184' Module(s) have been scanned
Scan process 'avcenter.exe' - '126' Module(s) have been scanned
Scan process 'avscan.exe' - '109' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '43' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '30' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '28' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'lsass.exe' - '81' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '34' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '3457' files ).
Starting the file scan:
Begin scan in 'C:\'
Begin scan in 'D:\' <Volume>
End of the scan: Montag, 19. November 2012 14:50
Used time: 31:10 Minute(s)
The scan has been done completely.
36999 Scanned directories
595359 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
595359 Files not concerned
6223 Archives were scanned
0 Warnings
0 Notes
747974 Objects were scanned with rootkit scan
0 Hidden objects were found
Vielen Dank für eure Hilfe!!!   Malwarebytes Anti-Malware Logfile Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.20.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Thomas :: LAPTOP**** [Administrator] 20.11.2012 13:52:24 mbam-log-2012-11-20 (13-52-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 399082 Laufzeit: 42 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
23.11.2012, 10:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Vodafone PDF Trojaner Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
23.11.2012, 11:15
| #3 |
| | Vodafone PDF Trojaner Hallo Cosinus,
__________________vielen Dank, dass du mir bei meinem Problem hilfst. aswMBR - Logfile den aswMBR konnte ich nur mit "none" Scannen, da er ansonsten immer abgestürzt ist. Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 10:02:55
-----------------------------
10:02:55.808 OS Version: Windows x64 6.1.7601 Service Pack 1
10:02:55.808 Number of processors: 2 586 0x170A
10:02:55.808 ComputerName: LAPTOPTHOMAS UserName: Thomas
10:02:56.104 Initialize success
10:03:02.188 AVAST engine defs: 12112201
10:03:06.697 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:03:06.697 Disk 0 Vendor: M4-CT128 0309 Size: 122104MB BusType: 3
10:03:06.712 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
10:03:06.712 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
10:03:06.712 Disk 0 MBR read successfully
10:03:06.712 Disk 0 MBR scan
10:03:06.728 Disk 0 Windows 7 default MBR code
10:03:06.728 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:03:06.744 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
10:03:06.759 Disk 0 scanning C:\Windows\system32\drivers
10:03:12.599 Service scanning
10:03:22.309 Modules scanning
10:03:22.324 Disk 0 trace - called modules:
10:03:22.856 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
10:03:22.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004499060]
10:03:22.871 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004498780]
10:03:22.887 5 hpdskflt.sys[fffff88001de9189] -> nt!IofCallDriver -> [0xfffffa8003cf9950]
10:03:22.887 7 ACPI.sys[fffff88000f8d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800432c050]
10:03:22.887 Scan finished successfully
10:03:37.988 Disk 0 MBR has been saved successfully to "D:\Users\Thomas\Downloads\MBR.dat"
10:03:38.269 The log file has been saved successfully to "D:\Users\Thomas\Downloads\aswMBR_none.txt"
TDSSKiller - Logilfe Code:
ATTFilter 10:08:07.0810 5260 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:08:07.0966 5260 ============================================================
10:08:07.0966 5260 Current date / time: 2012/11/23 10:08:07.0966
10:08:07.0966 5260 SystemInfo:
10:08:07.0966 5260
10:08:07.0966 5260 OS Version: 6.1.7601 ServicePack: 1.0
10:08:07.0966 5260 Product type: Workstation
10:08:07.0966 5260 ComputerName: LAPTOPTHOMAS
10:08:07.0966 5260 UserName: Thomas
10:08:07.0966 5260 Windows directory: C:\Windows
10:08:07.0966 5260 System windows directory: C:\Windows
10:08:07.0966 5260 Running under WOW64
10:08:07.0966 5260 Processor architecture: Intel x64
10:08:07.0966 5260 Number of processors: 2
10:08:07.0966 5260 Page size: 0x1000
10:08:07.0966 5260 Boot type: Normal boot
10:08:07.0966 5260 ============================================================
10:08:08.0293 5260 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:08:08.0293 5260 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:08:08.0309 5260 ============================================================
10:08:08.0309 5260 \Device\Harddisk0\DR0:
10:08:08.0309 5260 MBR partitions:
10:08:08.0309 5260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:08:08.0309 5260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
10:08:08.0309 5260 \Device\Harddisk1\DR1:
10:08:08.0309 5260 MBR partitions:
10:08:08.0309 5260 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
10:08:08.0309 5260 ============================================================
10:08:08.0325 5260 C: <-> \Device\Harddisk0\DR0\Partition2
10:08:08.0356 5260 D: <-> \Device\Harddisk1\DR1\Partition1
10:08:08.0356 5260 ============================================================
10:08:08.0356 5260 Initialize success
10:08:08.0356 5260 ============================================================
10:08:40.0103 4048 ============================================================
10:08:40.0103 4048 Scan started
10:08:40.0103 4048 Mode: Manual; SigCheck; TDLFS;
10:08:40.0103 4048 ============================================================
10:08:40.0290 4048 ================ Scan system memory ========================
10:08:40.0290 4048 System memory - ok
10:08:40.0290 4048 ================ Scan services =============================
10:08:40.0337 4048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:08:40.0384 4048 1394ohci - ok
10:08:40.0399 4048 [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
10:08:40.0415 4048 ac.sharedstore - ok
10:08:40.0415 4048 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:08:40.0508 4048 Accelerometer - ok
10:08:40.0524 4048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:08:40.0555 4048 ACPI - ok
10:08:40.0571 4048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:08:40.0602 4048 AcpiPmi - ok
10:08:40.0618 4048 [ DBFF071061DECB3AF068AE449A52786E ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:08:40.0649 4048 AcrSch2Svc - ok
10:08:40.0664 4048 [ 560649E6A9C11F6124F97310EF387C45 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
10:08:40.0680 4048 ADIHdAudAddService - ok
10:08:40.0696 4048 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:08:40.0711 4048 AdobeARMservice - ok
10:08:40.0742 4048 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:08:40.0758 4048 AdobeFlashPlayerUpdateSvc - ok
10:08:40.0774 4048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:08:40.0789 4048 adp94xx - ok
10:08:40.0805 4048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:08:40.0836 4048 adpahci - ok
10:08:40.0836 4048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:08:40.0852 4048 adpu320 - ok
10:08:40.0867 4048 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
10:08:40.0883 4048 AEADIFilters - ok
10:08:40.0898 4048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:08:40.0976 4048 AeLookupSvc - ok
10:08:40.0992 4048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:08:41.0008 4048 AFD - ok
10:08:41.0023 4048 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
10:08:41.0023 4048 AgereModemAudio - ok
10:08:41.0039 4048 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
10:08:41.0070 4048 AgereSoftModem - ok
10:08:41.0070 4048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:08:41.0086 4048 agp440 - ok
10:08:41.0086 4048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:08:41.0101 4048 ALG - ok
10:08:41.0117 4048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:08:41.0117 4048 aliide - ok
10:08:41.0132 4048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:08:41.0132 4048 amdide - ok
10:08:41.0148 4048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:08:41.0164 4048 AmdK8 - ok
10:08:41.0164 4048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:08:41.0179 4048 AmdPPM - ok
10:08:41.0179 4048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:08:41.0195 4048 amdsata - ok
10:08:41.0195 4048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:08:41.0210 4048 amdsbs - ok
10:08:41.0226 4048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:08:41.0226 4048 amdxata - ok
10:08:41.0242 4048 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
10:08:41.0257 4048 androidusb - ok
10:08:41.0257 4048 [ 50AF3AD6EDE5CD341AAA2E795F6E4135 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:08:41.0273 4048 AntiVirSchedulerService - ok
10:08:41.0273 4048 [ 7AF2A53FC0CF1D8AF3C013DECFCB0099 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:08:41.0288 4048 AntiVirService - ok
10:08:41.0288 4048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:08:41.0351 4048 AppID - ok
10:08:41.0366 4048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:08:41.0398 4048 AppIDSvc - ok
10:08:41.0398 4048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:08:41.0429 4048 Appinfo - ok
10:08:41.0444 4048 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:08:41.0444 4048 Apple Mobile Device - ok
10:08:41.0460 4048 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:08:41.0476 4048 AppMgmt - ok
10:08:41.0476 4048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:08:41.0491 4048 arc - ok
10:08:41.0491 4048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:08:41.0507 4048 arcsas - ok
10:08:41.0507 4048 [ ACC23F541E1CC51E4FE9F947AC0F74EC ] ASBroker C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
10:08:41.0522 4048 ASBroker - ok
10:08:41.0538 4048 [ A33370AC33281AC2310E1364E20D4887 ] ASChannel C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsChnl.dll
10:08:41.0538 4048 ASChannel - ok
10:08:41.0538 4048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:08:41.0585 4048 AsyncMac - ok
10:08:41.0585 4048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:08:41.0600 4048 atapi - ok
10:08:41.0616 4048 [ 27BF131C3DB208A3E79961693D66D687 ] ATService C:\Program Files\Fingerprint Sensor\ATService.exe
10:08:41.0647 4048 ATService - ok
10:08:41.0663 4048 [ E10F5568D058ECF442DD74E2EA09BE97 ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
10:08:41.0678 4048 ATSwpWDF - ok
10:08:41.0694 4048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:08:41.0741 4048 AudioEndpointBuilder - ok
10:08:41.0741 4048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:08:41.0788 4048 AudioSrv - ok
10:08:41.0788 4048 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:08:41.0803 4048 avgntflt - ok
10:08:41.0803 4048 [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:08:41.0819 4048 avipbb - ok
10:08:41.0819 4048 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:08:41.0834 4048 avkmgr - ok
10:08:41.0834 4048 [ 53A05544AB5D067B56F133225DBFC21B ] avmike C:\Program Files\FRITZ!Fernzugang\avmike.exe
10:08:41.0850 4048 avmike - ok
10:08:41.0850 4048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:08:41.0881 4048 AxInstSV - ok
10:08:41.0897 4048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:08:41.0912 4048 b06bdrv - ok
10:08:41.0912 4048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:08:41.0928 4048 b57nd60a - ok
10:08:41.0944 4048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:08:41.0959 4048 BDESVC - ok
10:08:41.0959 4048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:08:41.0990 4048 Beep - ok
10:08:42.0006 4048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:08:42.0037 4048 BFE - ok
10:08:42.0053 4048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:08:42.0100 4048 BITS - ok
10:08:42.0100 4048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:08:42.0115 4048 blbdrive - ok
10:08:42.0131 4048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:08:42.0131 4048 Bonjour Service - ok
10:08:42.0146 4048 BotkindSyncService - ok
10:08:42.0146 4048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:08:42.0162 4048 bowser - ok
10:08:42.0162 4048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:08:42.0193 4048 BrFiltLo - ok
10:08:42.0193 4048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:08:42.0209 4048 BrFiltUp - ok
10:08:42.0209 4048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:08:42.0240 4048 Browser - ok
10:08:42.0240 4048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:08:42.0256 4048 Brserid - ok
10:08:42.0271 4048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:08:42.0287 4048 BrSerWdm - ok
10:08:42.0287 4048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:08:42.0302 4048 BrUsbMdm - ok
10:08:42.0302 4048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:08:42.0318 4048 BrUsbSer - ok
10:08:42.0318 4048 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:08:42.0334 4048 BthEnum - ok
10:08:42.0349 4048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:08:42.0349 4048 BTHMODEM - ok
10:08:42.0365 4048 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:08:42.0380 4048 BthPan - ok
10:08:42.0380 4048 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:08:42.0412 4048 BTHPORT - ok
10:08:42.0412 4048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:08:42.0443 4048 bthserv - ok
10:08:42.0443 4048 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:08:42.0458 4048 BTHUSB - ok
10:08:42.0474 4048 btwaudio - ok
10:08:42.0474 4048 btwavdt - ok
10:08:42.0490 4048 btwl2cap - ok
10:08:42.0490 4048 btwrchid - ok
10:08:42.0490 4048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:08:42.0536 4048 cdfs - ok
10:08:42.0536 4048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:08:42.0552 4048 cdrom - ok
10:08:42.0552 4048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:08:42.0599 4048 CertPropSvc - ok
10:08:42.0599 4048 [ DC716E2329403300B2477997581BBFD7 ] certsrv C:\Program Files\FRITZ!Fernzugang\certsrv.exe
10:08:42.0614 4048 certsrv - ok
10:08:42.0614 4048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:08:42.0630 4048 circlass - ok
10:08:42.0646 4048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:08:42.0661 4048 CLFS - ok
10:08:42.0661 4048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:42.0677 4048 clr_optimization_v2.0.50727_32 - ok
10:08:42.0692 4048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:08:42.0692 4048 clr_optimization_v2.0.50727_64 - ok
10:08:42.0708 4048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:08:42.0724 4048 clr_optimization_v4.0.30319_32 - ok
10:08:42.0724 4048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:08:42.0739 4048 clr_optimization_v4.0.30319_64 - ok
10:08:42.0739 4048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:08:42.0770 4048 CmBatt - ok
10:08:42.0770 4048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:08:42.0786 4048 cmdide - ok
10:08:42.0786 4048 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:08:42.0817 4048 CNG - ok
10:08:42.0817 4048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:08:42.0833 4048 Compbatt - ok
10:08:42.0833 4048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:08:42.0848 4048 CompositeBus - ok
10:08:42.0864 4048 COMSysApp - ok
10:08:42.0864 4048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:08:42.0880 4048 crcdisk - ok
10:08:42.0880 4048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:08:42.0895 4048 CryptSvc - ok
10:08:42.0911 4048 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:08:42.0926 4048 CSC - ok
10:08:42.0942 4048 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:08:42.0958 4048 CscService - ok
10:08:42.0973 4048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:08:43.0005 4048 DcomLaunch - ok
10:08:43.0021 4048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:08:43.0052 4048 defragsvc - ok
10:08:43.0052 4048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:08:43.0083 4048 DfsC - ok
10:08:43.0099 4048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:08:43.0115 4048 Dhcp - ok
10:08:43.0115 4048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:08:43.0146 4048 discache - ok
10:08:43.0161 4048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:08:43.0177 4048 Disk - ok
10:08:43.0177 4048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:08:43.0193 4048 Dnscache - ok
10:08:43.0193 4048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:08:43.0239 4048 dot3svc - ok
10:08:43.0239 4048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:08:43.0271 4048 DPS - ok
10:08:43.0271 4048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:08:43.0286 4048 drmkaud - ok
10:08:43.0302 4048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:08:43.0333 4048 DXGKrnl - ok
10:08:43.0333 4048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:08:43.0364 4048 EapHost - ok
10:08:43.0411 4048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:08:43.0458 4048 ebdrv - ok
10:08:43.0473 4048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:08:43.0489 4048 EFS - ok
10:08:43.0489 4048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:08:43.0520 4048 ehRecvr - ok
10:08:43.0520 4048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:08:43.0536 4048 ehSched - ok
10:08:43.0536 4048 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
10:08:43.0551 4048 ElbyCDIO - ok
10:08:43.0567 4048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:08:43.0583 4048 elxstor - ok
10:08:43.0598 4048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:08:43.0614 4048 ErrDev - ok
10:08:43.0614 4048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:08:43.0661 4048 EventSystem - ok
10:08:43.0661 4048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:08:43.0692 4048 exfat - ok
10:08:43.0707 4048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:08:43.0739 4048 fastfat - ok
10:08:43.0754 4048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:08:43.0770 4048 Fax - ok
10:08:43.0785 4048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:08:43.0785 4048 fdc - ok
10:08:43.0801 4048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:08:43.0832 4048 fdPHost - ok
10:08:43.0832 4048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:08:43.0863 4048 FDResPub - ok
10:08:43.0879 4048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:08:43.0879 4048 FileInfo - ok
10:08:43.0895 4048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:08:43.0926 4048 Filetrace - ok
10:08:43.0926 4048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:08:43.0941 4048 flpydisk - ok
10:08:43.0957 4048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:08:43.0973 4048 FltMgr - ok
10:08:43.0988 4048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:08:44.0004 4048 FontCache - ok
10:08:44.0019 4048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:08:44.0019 4048 FontCache3.0.0.0 - ok
10:08:44.0035 4048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:08:44.0035 4048 FsDepends - ok
10:08:44.0051 4048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:08:44.0051 4048 Fs_Rec - ok
10:08:44.0066 4048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:08:44.0082 4048 fvevol - ok
10:08:44.0082 4048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:08:44.0097 4048 gagp30kx - ok
10:08:44.0097 4048 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:08:44.0113 4048 GEARAspiWDM - ok
10:08:44.0129 4048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:08:44.0160 4048 gpsvc - ok
10:08:44.0175 4048 [ 93C3C66D38B0BC08A04F0B28055BC9AC ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
10:08:44.0175 4048 HBtnKey - ok
10:08:44.0191 4048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:08:44.0191 4048 hcw85cir - ok
10:08:44.0207 4048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:08:44.0222 4048 HdAudAddService - ok
10:08:44.0238 4048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:08:44.0253 4048 HDAudBus - ok
10:08:44.0253 4048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:08:44.0269 4048 HidBatt - ok
10:08:44.0269 4048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:08:44.0285 4048 HidBth - ok
10:08:44.0285 4048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:08:44.0300 4048 HidIr - ok
10:08:44.0316 4048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:08:44.0347 4048 hidserv - ok
10:08:44.0347 4048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:08:44.0363 4048 HidUsb - ok
10:08:44.0363 4048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:08:44.0394 4048 hkmsvc - ok
10:08:44.0409 4048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:08:44.0425 4048 HomeGroupListener - ok
10:08:44.0425 4048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:08:44.0441 4048 HomeGroupProvider - ok
10:08:44.0456 4048 [ 38024D5D5D9CF7C12B74AECDA968C970 ] HP ProtectTools Service C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
10:08:44.0456 4048 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
10:08:44.0456 4048 HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
10:08:44.0456 4048 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:08:44.0472 4048 hpdskflt - ok
10:08:44.0487 4048 [ 81C5E6C3AE27DCF17BE506046F00015F ] HpFkCryptService C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
10:08:44.0487 4048 HpFkCryptService - ok
10:08:44.0503 4048 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:08:44.0503 4048 HpqKbFiltr - ok
10:08:44.0519 4048 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:08:44.0519 4048 hpqwmiex - ok
10:08:44.0534 4048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:08:44.0550 4048 HpSAMD - ok
10:08:44.0550 4048 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
10:08:44.0550 4048 hpsrv - ok
10:08:44.0565 4048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:08:44.0612 4048 HTTP - ok
10:08:44.0612 4048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:08:44.0628 4048 hwpolicy - ok
10:08:44.0628 4048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:08:44.0643 4048 i8042prt - ok
10:08:44.0659 4048 [ 593EF9F904C8497F6D794DC6FCC59DCA ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:08:44.0675 4048 IAANTMON - ok
10:08:44.0675 4048 [ C50107C730C9A955F6FD7376733F2D68 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:08:44.0690 4048 iaStor - ok
10:08:44.0706 4048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:08:44.0721 4048 iaStorV - ok
10:08:44.0737 4048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:08:44.0753 4048 idsvc - ok
10:08:44.0893 4048 [ F59AC361DFE9BFD9BE81E20B04EADAA2 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:08:45.0049 4048 igfx - ok
10:08:45.0049 4048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:08:45.0065 4048 iirsp - ok
10:08:45.0080 4048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:08:45.0127 4048 IKEEXT - ok
10:08:45.0127 4048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:08:45.0143 4048 intelide - ok
10:08:45.0143 4048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:08:45.0158 4048 intelppm - ok
10:08:45.0174 4048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:08:45.0205 4048 IPBusEnum - ok
10:08:45.0205 4048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:45.0236 4048 IpFilterDriver - ok
10:08:45.0252 4048 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:08:45.0267 4048 iphlpsvc - ok
10:08:45.0267 4048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:08:45.0283 4048 IPMIDRV - ok
10:08:45.0299 4048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:08:45.0330 4048 IPNAT - ok
10:08:45.0345 4048 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:08:45.0361 4048 iPod Service - ok
10:08:45.0361 4048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:08:45.0392 4048 IRENUM - ok
10:08:45.0392 4048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:08:45.0408 4048 isapnp - ok
10:08:45.0408 4048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:08:45.0423 4048 iScsiPrt - ok
10:08:45.0439 4048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:08:45.0439 4048 kbdclass - ok
10:08:45.0455 4048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:08:45.0470 4048 kbdhid - ok
10:08:45.0470 4048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:08:45.0486 4048 KeyIso - ok
10:08:45.0486 4048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:08:45.0501 4048 KSecDD - ok
10:08:45.0501 4048 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:08:45.0517 4048 KSecPkg - ok
10:08:45.0517 4048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:08:45.0564 4048 ksthunk - ok
10:08:45.0564 4048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:08:45.0611 4048 KtmRm - ok
10:08:45.0611 4048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:08:45.0642 4048 LanmanServer - ok
10:08:45.0657 4048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:08:45.0689 4048 LanmanWorkstation - ok
10:08:45.0689 4048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:08:45.0735 4048 lltdio - ok
10:08:45.0735 4048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:08:45.0767 4048 lltdsvc - ok
10:08:45.0782 4048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:08:45.0813 4048 lmhosts - ok
10:08:45.0813 4048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:45.0829 4048 LSI_FC - ok
10:08:45.0829 4048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:45.0845 4048 LSI_SAS - ok
10:08:45.0860 4048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:45.0860 4048 LSI_SAS2 - ok
10:08:45.0876 4048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:45.0891 4048 LSI_SCSI - ok
10:08:45.0891 4048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:08:45.0923 4048 luafv - ok
10:08:45.0938 4048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:08:45.0954 4048 Mcx2Svc - ok
10:08:45.0954 4048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:08:45.0969 4048 megasas - ok
10:08:45.0969 4048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:45.0985 4048 MegaSR - ok
10:08:45.0985 4048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:08:46.0032 4048 MMCSS - ok
10:08:46.0032 4048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:08:46.0063 4048 Modem - ok
10:08:46.0063 4048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:08:46.0079 4048 monitor - ok
10:08:46.0094 4048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:08:46.0110 4048 mouclass - ok
10:08:46.0110 4048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:08:46.0125 4048 mouhid - ok
10:08:46.0125 4048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:08:46.0141 4048 mountmgr - ok
10:08:46.0141 4048 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:08:46.0157 4048 MozillaMaintenance - ok
10:08:46.0157 4048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:08:46.0172 4048 mpio - ok
10:08:46.0172 4048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:08:46.0219 4048 mpsdrv - ok
10:08:46.0235 4048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:08:46.0266 4048 MpsSvc - ok
10:08:46.0281 4048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:08:46.0297 4048 MRxDAV - ok
10:08:46.0297 4048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:46.0313 4048 mrxsmb - ok
10:08:46.0328 4048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:46.0344 4048 mrxsmb10 - ok
10:08:46.0344 4048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:46.0360 4048 mrxsmb20 - ok
10:08:46.0360 4048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:08:46.0375 4048 msahci - ok
10:08:46.0375 4048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:08:46.0391 4048 msdsm - ok
10:08:46.0391 4048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:08:46.0406 4048 MSDTC - ok
10:08:46.0422 4048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:08:46.0453 4048 Msfs - ok
10:08:46.0453 4048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:08:46.0484 4048 mshidkmdf - ok
10:08:46.0500 4048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:08:46.0500 4048 msisadrv - ok
10:08:46.0516 4048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:08:46.0547 4048 MSiSCSI - ok
10:08:46.0547 4048 msiserver - ok
10:08:46.0562 4048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:08:46.0594 4048 MSKSSRV - ok
10:08:46.0594 4048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:46.0625 4048 MSPCLOCK - ok
10:08:46.0640 4048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:08:46.0672 4048 MSPQM - ok
10:08:46.0672 4048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:08:46.0687 4048 MsRPC - ok
10:08:46.0703 4048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:08:46.0718 4048 mssmbios - ok
10:08:46.0718 4048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:08:46.0750 4048 MSTEE - ok
10:08:46.0750 4048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:46.0765 4048 MTConfig - ok
10:08:46.0765 4048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:08:46.0781 4048 Mup - ok
10:08:46.0796 4048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:08:46.0828 4048 napagent - ok
10:08:46.0843 4048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:08:46.0859 4048 NativeWifiP - ok
10:08:46.0874 4048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:08:46.0906 4048 NDIS - ok
10:08:46.0906 4048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:46.0937 4048 NdisCap - ok
10:08:46.0937 4048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:46.0968 4048 NdisTapi - ok
10:08:46.0984 4048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:47.0015 4048 Ndisuio - ok
10:08:47.0015 4048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:47.0046 4048 NdisWan - ok
10:08:47.0062 4048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:08:47.0093 4048 NDProxy - ok
10:08:47.0093 4048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:08:47.0124 4048 NetBIOS - ok
10:08:47.0140 4048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:08:47.0171 4048 NetBT - ok
10:08:47.0171 4048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:08:47.0186 4048 Netlogon - ok
10:08:47.0186 4048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:08:47.0233 4048 Netman - ok
10:08:47.0233 4048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:08:47.0280 4048 netprofm - ok
10:08:47.0280 4048 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:08:47.0296 4048 NetTcpPortSharing - ok
10:08:47.0436 4048 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
10:08:47.0576 4048 NETw5s64 - ok
10:08:47.0623 4048 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
10:08:47.0717 4048 netw5v64 - ok
10:08:47.0842 4048 [ B25FE0FA523579B6FA327311A579866E ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:08:48.0013 4048 NETwNs64 - ok
10:08:48.0029 4048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:08:48.0044 4048 nfrd960 - ok
10:08:48.0044 4048 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:08:48.0060 4048 NlaSvc - ok
10:08:48.0091 4048 NMSAccess - ok
10:08:48.0091 4048 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
10:08:48.0107 4048 NPF - ok
10:08:48.0107 4048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:08:48.0138 4048 Npfs - ok
10:08:48.0154 4048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:08:48.0185 4048 nsi - ok
10:08:48.0185 4048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:08:48.0216 4048 nsiproxy - ok
10:08:48.0247 4048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:08:48.0278 4048 Ntfs - ok
10:08:48.0294 4048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:08:48.0325 4048 Null - ok
10:08:48.0325 4048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:08:48.0341 4048 nvraid - ok
10:08:48.0341 4048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:08:48.0356 4048 nvstor - ok
10:08:48.0372 4048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:08:48.0388 4048 nv_agp - ok
10:08:48.0388 4048 [ 9ED2D6751813F5589710A8122CD227B2 ] NWIM C:\Windows\system32\DRIVERS\avmnwim.sys
10:08:48.0403 4048 NWIM - ok
10:08:48.0403 4048 [ 05965ED689DFF62ED50F3CE86B758985 ] nwtsrv C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
10:08:48.0419 4048 nwtsrv - ok
10:08:48.0419 4048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:08:48.0434 4048 ohci1394 - ok
10:08:48.0434 4048 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:08:48.0450 4048 ose - ok
10:08:48.0512 4048 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:08:48.0606 4048 osppsvc - ok
10:08:48.0622 4048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:08:48.0637 4048 p2pimsvc - ok
10:08:48.0653 4048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:08:48.0668 4048 p2psvc - ok
10:08:48.0668 4048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:08:48.0684 4048 Parport - ok
10:08:48.0684 4048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:08:48.0700 4048 partmgr - ok
10:08:48.0700 4048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:08:48.0731 4048 PcaSvc - ok
10:08:48.0731 4048 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
10:08:48.0746 4048 pccsmcfd - ok
10:08:48.0746 4048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:08:48.0762 4048 pci - ok
10:08:48.0762 4048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:08:48.0778 4048 pciide - ok
10:08:48.0793 4048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:08:48.0793 4048 pcmcia - ok
10:08:48.0809 4048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:08:48.0809 4048 pcw - ok
10:08:48.0824 4048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:08:48.0871 4048 PEAUTH - ok
10:08:48.0887 4048 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:08:48.0918 4048 PeerDistSvc - ok
10:08:48.0934 4048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:08:48.0949 4048 PerfHost - ok
10:08:48.0965 4048 [ BD24E98E6546ADF6A31A41485483EB6C ] Pharos Systems ComTaskMaster C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
10:08:48.0965 4048 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - warning
10:08:48.0965 4048 Pharos Systems ComTaskMaster - detected UnsignedFile.Multi.Generic (1)
10:08:48.0980 4048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:08:49.0043 4048 pla - ok
10:08:49.0043 4048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:08:49.0058 4048 PlugPlay - ok
10:08:49.0075 4048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:08:49.0075 4048 PNRPAutoReg - ok
10:08:49.0091 4048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:08:49.0106 4048 PNRPsvc - ok
10:08:49.0122 4048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:08:49.0153 4048 PolicyAgent - ok
10:08:49.0153 4048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:08:49.0200 4048 Power - ok
10:08:49.0200 4048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:08:49.0231 4048 PptpMiniport - ok
10:08:49.0247 4048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:08:49.0247 4048 Processor - ok
10:08:49.0262 4048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:08:49.0278 4048 ProfSvc - ok
10:08:49.0278 4048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:08:49.0293 4048 ProtectedStorage - ok
10:08:49.0293 4048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:08:49.0325 4048 Psched - ok
10:08:49.0356 4048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:08:49.0387 4048 ql2300 - ok
10:08:49.0403 4048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:08:49.0403 4048 ql40xx - ok
10:08:49.0418 4048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:08:49.0434 4048 QWAVE - ok
10:08:49.0449 4048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:08:49.0465 4048 QWAVEdrv - ok
10:08:49.0465 4048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:08:49.0496 4048 RasAcd - ok
10:08:49.0512 4048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:08:49.0543 4048 RasAgileVpn - ok
10:08:49.0543 4048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:08:49.0574 4048 RasAuto - ok
10:08:49.0590 4048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:08:49.0621 4048 Rasl2tp - ok
10:08:49.0621 4048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:08:49.0668 4048 RasMan - ok
10:08:49.0668 4048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:08:49.0699 4048 RasPppoe - ok
10:08:49.0715 4048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:08:49.0746 4048 RasSstp - ok
10:08:49.0746 4048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:08:49.0777 4048 rdbss - ok
10:08:49.0793 4048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:08:49.0808 4048 rdpbus - ok
10:08:49.0808 4048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:08:49.0839 4048 RDPCDD - ok
10:08:49.0855 4048 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:08:49.0855 4048 RDPDR - ok
10:08:49.0871 4048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:08:49.0902 4048 RDPENCDD - ok
10:08:49.0902 4048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:08:49.0949 4048 RDPREFMP - ok
10:08:49.0949 4048 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:08:49.0964 4048 RdpVideoMiniport - ok
10:08:49.0964 4048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:08:49.0980 4048 RDPWD - ok
10:08:49.0995 4048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:08:50.0011 4048 rdyboost - ok
10:08:50.0011 4048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:08:50.0042 4048 RemoteAccess - ok
10:08:50.0058 4048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:08:50.0090 4048 RemoteRegistry - ok
10:08:50.0090 4048 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:08:50.0106 4048 RFCOMM - ok
10:08:50.0121 4048 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
10:08:50.0121 4048 rpcapd - ok
10:08:50.0137 4048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:08:50.0168 4048 RpcEptMapper - ok
10:08:50.0168 4048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:08:50.0184 4048 RpcLocator - ok
10:08:50.0199 4048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:08:50.0230 4048 RpcSs - ok
10:08:50.0246 4048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:08:50.0277 4048 rspndr - ok
10:08:50.0277 4048 [ 2881DB11541AC29A198FB98606630FDD ] RsvLock C:\Windows\system32\drivers\RsvLock.sys
10:08:50.0293 4048 RsvLock - ok
10:08:50.0293 4048 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:08:50.0308 4048 s3cap - ok
10:08:50.0308 4048 [ 64DA560AEED25BB58DA7DD511B1E9B14 ] SafeBoot C:\Windows\system32\drivers\SafeBoot.sys
10:08:50.0308 4048 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 64DA560AEED25BB58DA7DD511B1E9B14
10:08:50.0308 4048 SafeBoot ( LockedFile.Multi.Generic ) - warning
10:08:50.0308 4048 SafeBoot - detected LockedFile.Multi.Generic (1)
10:08:50.0308 4048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:08:50.0324 4048 SamSs - ok
10:08:50.0324 4048 [ 1CFC2E8659484FA6E512405A0F79A00A ] SbAlg C:\Windows\system32\drivers\SbAlg.sys
10:08:50.0340 4048 SbAlg - ok
10:08:50.0340 4048 [ C6566AAFAB3DBF61E0C77E37D345B2F5 ] SbFsLock C:\Windows\system32\drivers\SbFsLock.sys
10:08:50.0355 4048 SbFsLock - ok
10:08:50.0355 4048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:08:50.0371 4048 sbp2port - ok
10:08:50.0371 4048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:08:50.0418 4048 SCardSvr - ok
10:08:50.0418 4048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:08:50.0449 4048 scfilter - ok
10:08:50.0464 4048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:08:50.0511 4048 Schedule - ok
10:08:50.0527 4048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:08:50.0558 4048 SCPolicySvc - ok
10:08:50.0558 4048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:08:50.0574 4048 SDRSVC - ok
10:08:50.0574 4048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:08:50.0605 4048 secdrv - ok
10:08:50.0620 4048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:08:50.0652 4048 seclogon - ok
10:08:50.0652 4048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:08:50.0698 4048 SENS - ok
10:08:50.0698 4048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:08:50.0714 4048 SensrSvc - ok
10:08:50.0714 4048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:08:50.0730 4048 Serenum - ok
10:08:50.0730 4048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:08:50.0745 4048 Serial - ok
10:08:50.0745 4048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:08:50.0761 4048 sermouse - ok
10:08:50.0776 4048 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
10:08:50.0792 4048 ServiceLayer - ok
10:08:50.0808 4048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:08:50.0839 4048 SessionEnv - ok
10:08:50.0839 4048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:08:50.0854 4048 sffdisk - ok
10:08:50.0870 4048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:08:50.0870 4048 sffp_mmc - ok
10:08:50.0886 4048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:08:50.0901 4048 sffp_sd - ok
10:08:50.0901 4048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:08:50.0917 4048 sfloppy - ok
10:08:50.0917 4048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:08:50.0964 4048 SharedAccess - ok
10:08:50.0964 4048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:08:50.0995 4048 ShellHWDetection - ok
10:08:51.0010 4048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:08:51.0010 4048 SiSRaid2 - ok
10:08:51.0026 4048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:08:51.0042 4048 SiSRaid4 - ok
10:08:51.0042 4048 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:08:51.0057 4048 SkypeUpdate - ok
10:08:51.0057 4048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:08:51.0088 4048 Smb - ok
10:08:51.0104 4048 [ 20635287FAA016E4E2A07E86C02759B8 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:08:51.0120 4048 snapman - ok
10:08:51.0120 4048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:08:51.0135 4048 SNMPTRAP - ok
10:08:51.0166 4048 [ 84DE101B4FA40CD28B84637924C060CE ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
10:08:51.0198 4048 SNP2UVC - ok
10:08:51.0198 4048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:08:51.0213 4048 spldr - ok
10:08:51.0229 4048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:08:51.0244 4048 Spooler - ok
10:08:51.0276 4048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:08:51.0354 4048 sppsvc - ok
10:08:51.0369 4048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:08:51.0400 4048 sppuinotify - ok
10:08:51.0416 4048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:08:51.0432 4048 srv - ok
10:08:51.0432 4048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:08:51.0447 4048 srv2 - ok
10:08:51.0463 4048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:08:51.0478 4048 srvnet - ok
10:08:51.0478 4048 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
10:08:51.0494 4048 ssadbus - ok
10:08:51.0494 4048 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
10:08:51.0510 4048 ssadmdfl - ok
10:08:51.0510 4048 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
10:08:51.0525 4048 ssadmdm - ok
10:08:51.0541 4048 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
10:08:51.0541 4048 sscdbus - ok
10:08:51.0556 4048 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
10:08:51.0556 4048 sscdmdfl - ok
10:08:51.0572 4048 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
10:08:51.0572 4048 sscdmdm - ok
10:08:51.0588 4048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:08:51.0619 4048 SSDPSRV - ok
10:08:51.0619 4048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:08:51.0650 4048 SstpSvc - ok
10:08:51.0666 4048 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
10:08:51.0681 4048 StarMoney 8.0 OnlineUpdate - ok
10:08:51.0697 4048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:08:51.0697 4048 stexstor - ok
10:08:51.0712 4048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:08:51.0744 4048 stisvc - ok
10:08:51.0744 4048 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:08:51.0759 4048 storflt - ok
10:08:51.0759 4048 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:08:51.0775 4048 StorSvc - ok
10:08:51.0775 4048 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:08:51.0790 4048 storvsc - ok
10:08:51.0790 4048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:08:51.0806 4048 swenum - ok
10:08:51.0822 4048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:08:51.0853 4048 swprv - ok
10:08:51.0884 4048 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:08:51.0900 4048 SynTP - ok
10:08:51.0931 4048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:08:51.0962 4048 SysMain - ok
10:08:51.0978 4048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:08:51.0993 4048 TabletInputService - ok
10:08:51.0993 4048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:08:52.0040 4048 TapiSrv - ok
10:08:52.0040 4048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:08:52.0071 4048 TBS - ok
10:08:52.0102 4048 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:08:52.0149 4048 Tcpip - ok
10:08:52.0165 4048 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:08:52.0196 4048 TCPIP6 - ok
10:08:52.0212 4048 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:08:52.0227 4048 tcpipreg - ok
10:08:52.0227 4048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:08:52.0243 4048 TDPIPE - ok
10:08:52.0258 4048 [ DF9179B7BDF0C5B71F9C3D93C016BAE5 ] tdrpman251 C:\Windows\system32\DRIVERS\tdrpm251.sys
10:08:52.0290 4048 tdrpman251 - ok
10:08:52.0305 4048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:08:52.0305 4048 TDTCP - ok
10:08:52.0321 4048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:08:52.0352 4048 tdx - ok
10:08:52.0383 4048 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
10:08:52.0430 4048 TeamViewer7 - ok
10:08:52.0446 4048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:08:52.0446 4048 TermDD - ok
10:08:52.0461 4048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:08:52.0508 4048 TermService - ok
10:08:52.0508 4048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:08:52.0524 4048 Themes - ok
10:08:52.0524 4048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:08:52.0570 4048 THREADORDER - ok
10:08:52.0586 4048 [ F7546EAD58CC3000AC02CF9529B9934E ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:08:52.0602 4048 timounter - ok
10:08:52.0602 4048 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
10:08:52.0617 4048 TPM - ok
10:08:52.0633 4048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:08:52.0664 4048 TrkWks - ok
10:08:52.0664 4048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:08:52.0695 4048 TrustedInstaller - ok
10:08:52.0711 4048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:08:52.0742 4048 tssecsrv - ok
10:08:52.0742 4048 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:08:52.0758 4048 TsUsbFlt - ok
10:08:52.0758 4048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:08:52.0789 4048 tunnel - ok
10:08:52.0804 4048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:08:52.0820 4048 uagp35 - ok
10:08:52.0820 4048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:08:52.0851 4048 udfs - ok
10:08:52.0867 4048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:08:52.0882 4048 UI0Detect - ok
10:08:52.0882 4048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:08:52.0898 4048 uliagpkx - ok
10:08:52.0898 4048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:08:52.0914 4048 umbus - ok
10:08:52.0914 4048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:08:52.0929 4048 UmPass - ok
10:08:52.0945 4048 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:08:52.0960 4048 UmRdpService - ok
10:08:52.0960 4048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:08:53.0007 4048 upnphost - ok
10:08:53.0007 4048 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:08:53.0023 4048 USBAAPL64 - ok
10:08:53.0023 4048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:08:53.0038 4048 usbccgp - ok
10:08:53.0038 4048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:08:53.0054 4048 usbcir - ok
10:08:53.0070 4048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:08:53.0070 4048 usbehci - ok
10:08:53.0085 4048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:08:53.0101 4048 usbhub - ok
10:08:53.0101 4048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:08:53.0116 4048 usbohci - ok
10:08:53.0116 4048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:08:53.0132 4048 usbprint - ok
10:08:53.0148 4048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:08:53.0163 4048 USBSTOR - ok
10:08:53.0163 4048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:08:53.0179 4048 usbuhci - ok
10:08:53.0179 4048 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:08:53.0194 4048 usbvideo - ok
10:08:53.0210 4048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:08:53.0241 4048 UxSms - ok
10:08:53.0241 4048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:08:53.0257 4048 VaultSvc - ok
10:08:53.0257 4048 [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
10:08:53.0272 4048 VBoxDrv - ok
10:08:53.0288 4048 [ A2FE818D7F930C51ADA37C04DBCB015D ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:08:53.0288 4048 VBoxNetAdp - ok
10:08:53.0304 4048 [ CD37A9264C404E48BCE162D37B117B45 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
10:08:53.0319 4048 VBoxNetFlt - ok
10:08:53.0319 4048 [ F649B3D30C6F40B04BDCCD0D11A43481 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
10:08:53.0335 4048 VBoxUSBMon - ok
10:08:53.0335 4048 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
10:08:53.0350 4048 VClone - ok
10:08:53.0350 4048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:08:53.0366 4048 vdrvroot - ok
10:08:53.0382 4048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:08:53.0413 4048 vds - ok
10:08:53.0413 4048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:08:53.0428 4048 vga - ok
10:08:53.0444 4048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:08:53.0475 4048 VgaSave - ok
10:08:53.0475 4048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:08:53.0491 4048 vhdmp - ok
10:08:53.0491 4048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:08:53.0506 4048 viaide - ok
10:08:53.0522 4048 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:08:53.0522 4048 vmbus - ok
10:08:53.0538 4048 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:08:53.0553 4048 VMBusHID - ok
10:08:53.0553 4048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:08:53.0569 4048 volmgr - ok
10:08:53.0569 4048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:08:53.0584 4048 volmgrx - ok
10:08:53.0600 4048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:08:53.0616 4048 volsnap - ok
10:08:53.0616 4048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:08:53.0631 4048 vsmraid - ok
10:08:53.0662 4048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:08:53.0709 4048 VSS - ok
10:08:53.0709 4048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:08:53.0725 4048 vwifibus - ok
10:08:53.0740 4048 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:08:53.0756 4048 vwififlt - ok
10:08:53.0756 4048 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:08:53.0772 4048 vwifimp - ok
10:08:53.0772 4048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:08:53.0818 4048 W32Time - ok
10:08:53.0818 4048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:08:53.0834 4048 WacomPen - ok
10:08:53.0850 4048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:08:53.0881 4048 WANARP - ok
10:08:53.0881 4048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:08:53.0912 4048 Wanarpv6 - ok
10:08:53.0928 4048 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:08:53.0959 4048 WatAdminSvc - ok
10:08:53.0974 4048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:08:54.0006 4048 wbengine - ok
10:08:54.0021 4048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:08:54.0037 4048 WbioSrvc - ok
10:08:54.0037 4048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:08:54.0068 4048 wcncsvc - ok
10:08:54.0068 4048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:08:54.0084 4048 WcsPlugInService - ok
10:08:54.0084 4048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:08:54.0099 4048 Wd - ok
10:08:54.0115 4048 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:08:54.0146 4048 Wdf01000 - ok
10:08:54.0146 4048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:08:54.0177 4048 WdiServiceHost - ok
10:08:54.0177 4048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:08:54.0193 4048 WdiSystemHost - ok
10:08:54.0208 4048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:08:54.0224 4048 WebClient - ok
10:08:54.0240 4048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:08:54.0271 4048 Wecsvc - ok
10:08:54.0271 4048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:08:54.0318 4048 wercplsupport - ok
10:08:54.0318 4048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:08:54.0349 4048 WerSvc - ok
10:08:54.0364 4048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:08:54.0396 4048 WfpLwf - ok
10:08:54.0396 4048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:08:54.0411 4048 WIMMount - ok
10:08:54.0411 4048 WinDefend - ok
10:08:54.0411 4048 WinHttpAutoProxySvc - ok
10:08:54.0427 4048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:08:54.0458 4048 Winmgmt - ok
10:08:54.0489 4048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:08:54.0552 4048 WinRM - ok
10:08:54.0567 4048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:08:54.0583 4048 WinUsb - ok
10:08:54.0598 4048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:08:54.0614 4048 Wlansvc - ok
10:08:54.0630 4048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:08:54.0645 4048 WmiAcpi - ok
10:08:54.0645 4048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:08:54.0661 4048 wmiApSrv - ok
10:08:54.0661 4048 WMPNetworkSvc - ok
10:08:54.0676 4048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:08:54.0692 4048 WPCSvc - ok
10:08:54.0692 4048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:08:54.0708 4048 WPDBusEnum - ok
10:08:54.0708 4048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:08:54.0739 4048 ws2ifsl - ok
10:08:54.0754 4048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:08:54.0770 4048 wscsvc - ok
10:08:54.0770 4048 WSearch - ok
10:08:54.0801 4048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:08:54.0864 4048 wuauserv - ok
10:08:54.0864 4048 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:08:54.0879 4048 WudfPf - ok
10:08:54.0879 4048 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:08:54.0895 4048 WUDFRd - ok
10:08:54.0895 4048 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:08:54.0910 4048 wudfsvc - ok
10:08:54.0926 4048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:08:54.0942 4048 WwanSvc - ok
10:08:54.0957 4048 ================ Scan global ===============================
10:08:54.0957 4048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:08:54.0973 4048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:08:54.0988 4048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:08:54.0988 4048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:08:54.0988 4048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:08:55.0004 4048 [Global] - ok
10:08:55.0004 4048 ================ Scan MBR ==================================
10:08:55.0004 4048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:08:55.0160 4048 \Device\Harddisk0\DR0 - ok
10:08:55.0160 4048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:08:55.0534 4048 \Device\Harddisk1\DR1 - ok
10:08:55.0534 4048 ================ Scan VBR ==================================
10:08:55.0534 4048 [ B0669249AF03FF8D3A79C3FA4FDBB84D ] \Device\Harddisk0\DR0\Partition1
10:08:55.0550 4048 \Device\Harddisk0\DR0\Partition1 - ok
10:08:55.0550 4048 [ C9D525C240B5A95D7DE7225A462A12E9 ] \Device\Harddisk0\DR0\Partition2
10:08:55.0566 4048 \Device\Harddisk0\DR0\Partition2 - ok
10:08:55.0566 4048 [ CAA2E328B68A656044DD6AF659FD39BE ] \Device\Harddisk1\DR1\Partition1
10:08:55.0566 4048 \Device\Harddisk1\DR1\Partition1 - ok
10:08:55.0581 4048 ============================================================
10:08:55.0581 4048 Scan finished
10:08:55.0581 4048 ============================================================
10:08:55.0597 2616 Detected object count: 3
10:08:55.0597 2616 Actual detected object count: 3
10:11:20.0739 2616 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:11:20.0739 2616 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:11:20.0739 2616 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - skipped by user
10:11:20.0739 2616 Pharos Systems ComTaskMaster ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:11:20.0739 2616 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
10:11:20.0739 2616 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
- Ich habe einen HP Laptop und die Software von ProtectTools ist intalliert. - Pharos Systems ComTaskMaster ist glaube ich der 'Druckertreiber' von meiner Uni, damit ich über Netzwerk drucken kann. - und keine Ahnung was SafeBoot ist. Ich habe mal gegoogelt. Vlt. hängt es damit zusammen, dass ich Dateien auf meiner HDD mit den Windows Boardmitteln verschlüsselt habe. Geändert von thomasasdf (23.11.2012 um 11:24 Uhr) |
|
23.11.2012, 14:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vodafone PDF Trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.11.2012, 14:44
| #5 |
| | Vodafone PDF Trojaner Danke für die schnelle Antwort! Code:
ATTFilter # AdwCleaner v2.008 - Datei am 23/11/2012 um 13:43:56 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thomas - LAPTOPTHOMAS
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Thomas\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files (x86)\SweetIM
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\o2h4a6uk.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\5wzg5e1l.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4551 octets] - [23/11/2012 13:43:56]
########## EOF - C:\AdwCleaner[R1].txt - [4611 octets] ##########
|
|
23.11.2012, 15:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vodafone PDF Trojaner adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ --> Vodafone PDF Trojaner |
|
23.11.2012, 15:26
| #7 |
| | Vodafone PDF Trojaner adwCleaner Code:
ATTFilter # AdwCleaner v2.008 - Datei am 23/11/2012 um 14:09:30 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Thomas - LAPTOPTHOMAS
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Thomas\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\o2h4a6uk.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\5wzg5e1l.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4668 octets] - [23/11/2012 13:43:56]
AdwCleaner[S1].txt - [1855 octets] - [23/11/2012 14:09:30]
########## EOF - C:\AdwCleaner[S1].txt - [1915 octets] ##########
OTL Code:
ATTFilter OTL logfile created on: 23.11.2012 14:14:56 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Thomas\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,39% Memory free 7,80 Gb Paging File | 5,94 Gb Available in Paging File | 76,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 48,16 Gb Free Space | 40,42% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 369,04 Gb Free Space | 79,23% Space Free | Partition Type: NTFS Computer Name: LAPTOPTHOMAS | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Users\Thomas\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe () PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsGHost.exe (Bioscrypt Inc.) PRC - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (BotkindSyncService) -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (avmike) -- C:\Programme\FRITZ!Fernzugang\avmike.exe (AVM Berlin) SRV - (nwtsrv) -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) SRV - (certsrv) -- C:\Programme\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HpFkCryptService) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV - (ASBroker) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsChnl.dll (Bioscrypt Inc.) SRV - (Pharos Systems ComTaskMaster) -- C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\ATService.exe (AuthenTec, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ac.sharedstore) -- C:\Programme\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (tdrpman251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (NWIM) -- C:\Windows\SysNative\drivers\avmnwim.sys (AVM Berlin) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\SbFsLock.sys (SafeBoot International) DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\RsvLock.sys (SafeBoot International) DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\SafeBoot.sys () DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (SbAlg) -- C:\Windows\SysNative\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 FB A2 41 81 C9 CD 01 [binary data] IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "PONS.eu : Englisch » Deutsch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: contextMenuExtension%40leo.org:0.3.1 FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.1 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7 FF - prefs.js..extensions.enabledAddons: %7Bc666c018-6409-4479-afa3-68e4129e7eff%7D:1.1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2012.08.30 14:51:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.23 13:58:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.23 13:58:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.28 13:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2012.11.23 13:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\o2h4a6uk.default\extensions [2012.09.16 18:04:09 | 000,018,789 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\contextMenuExtension@leo.org.xpi [2012.09.19 13:00:23 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012.08.23 07:51:55 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.11.22 13:55:36 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.09.16 18:03:30 | 000,013,268 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{c666c018-6409-4479-afa3-68e4129e7eff}.xpi [2012.11.23 13:55:39 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.05.22 19:53:15 | 000,000,983 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\ponseu--englisch--deutsch.xml [2012.05.09 14:39:32 | 000,002,057 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\o2h4a6uk.default\searchplugins\youtube-videosuche.xml [2012.11.23 13:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.23 13:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.11.23 13:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.23 13:58:50 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 01:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 22:06:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 01:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 01:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 01:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 01:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\bin\ItIEAddIn64.dll (Bioscrypt Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule File not found O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [] File not found O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-4124944356-3311762617-3564609179-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.252.1.37 147.252.1.192 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CDC35AB-A692-4D64-884D-23F4B7A925A0}: DhcpNameServer = 147.252.1.37 147.252.1.192 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL (Bioscrypt Inc.) O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll) - C:\PROGRA~2\HEWLET~1\IAM\bin\APSHook.dll (Bioscrypt Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 13:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.22 22:37:47 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Download Manager [2012.11.20 23:40:15 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\e-academy Inc [2012.11.20 00:47:15 | 000,000,000 | ---D | C] -- C:\Users\Thomas\.VirtualBox [2012.11.20 00:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.11.20 00:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.11.19 15:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.11.19 15:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.11.18 17:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.18 17:42:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.18 17:42:20 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.18 17:42:20 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.18 17:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.11.18 17:30:00 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.11.18 17:30:00 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.11.18 17:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.11.16 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Clipboarder [2012.11.16 03:06:33 | 000,032,768 | ---- | C] (Analog Devices) -- C:\Windows\SysWow64\adidrm.dll [2012.11.16 03:06:32 | 000,060,928 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysWow64\SFFXComm.dll [2012.11.16 03:06:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX [2012.11.16 03:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus [2012.11.15 23:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.11.14 21:32:19 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.14 21:32:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.14 21:32:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.14 21:32:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.11.14 21:32:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.11.14 21:32:01 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.11.14 21:32:00 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.11.14 21:32:00 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.11.14 21:32:00 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.11.14 21:32:00 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.11.14 21:32:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.11.14 21:32:00 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.11.14 21:32:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.11.14 21:32:00 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.11.14 21:32:00 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.11.14 21:32:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.11.14 21:32:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.11.14 21:32:00 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.11.14 21:32:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.11.14 21:32:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.11.14 21:32:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.11.14 21:32:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.11.14 21:32:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.11.14 21:31:59 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.11.14 21:31:59 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.11.14 21:26:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.14 21:26:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.14 21:26:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.14 21:26:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.14 21:26:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.14 21:26:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.14 21:26:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.14 21:26:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.14 21:26:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.14 21:26:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.14 21:26:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.14 21:26:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.14 21:26:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.14 21:26:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.14 21:26:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.14 21:22:04 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.14 21:22:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.14 21:22:03 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.14 21:22:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.14 21:21:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.11.14 21:21:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.11.14 20:08:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.14 20:08:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.14 20:08:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.14 20:08:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.14 20:08:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.14 20:08:03 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.14 20:08:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.14 20:08:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.14 20:07:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.14 20:07:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.11 01:41:53 | 000,000,000 | ---D | C] -- d:\Users\Thomas\Documents\Frisuren [2012.11.10 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Niki [2012.11.10 15:36:29 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\S [2012.11.09 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Gigaset_Communications_Gm [2012.11.05 14:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.26 19:00:50 | 000,131,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys [2012.10.26 18:59:44 | 000,203,608 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll [2012.10.24 21:02:19 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Avira [2012.10.24 20:57:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.24 20:57:00 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.24 20:57:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.24 20:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira ========== Files - Modified Within 30 Days ========== [2012.11.23 14:17:47 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.23 14:17:47 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.23 14:16:08 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.23 14:16:08 | 000,657,850 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.23 14:16:08 | 000,619,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.23 14:16:08 | 000,131,190 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.23 14:16:08 | 000,107,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.23 14:10:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.23 14:10:26 | 3142,791,168 | -HS- | M] () -- C:\hiberfil.sys [2012.11.23 13:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.22 23:09:44 | 000,002,236 | -H-- | M] () -- d:\Users\Thomas\Documents\Default.rdp [2012.11.22 22:38:16 | 000,000,635 | ---- | M] () -- C:\Users\Thomas\Desktop\Start Download Manager.html [2012.11.21 19:26:52 | 000,007,608 | ---- | M] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg [2012.11.21 15:56:27 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.11.21 15:56:27 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.11.20 23:40:16 | 000,003,147 | ---- | M] () -- C:\Users\Thomas\Desktop\Secure Download Manager.lnk [2012.11.18 17:42:15 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.11.18 17:42:15 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.11.18 17:42:15 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.11.18 17:42:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.11.18 17:42:15 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.11.18 17:29:52 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.11.18 17:29:52 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.11.17 20:55:13 | 474,311,708 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.15 22:50:23 | 000,001,035 | ---- | M] () -- C:\Users\Thomas\Desktop\PhonerLite.lnk [2012.11.14 21:38:36 | 000,420,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.14 19:13:38 | 000,113,967 | ---- | M] () -- C:\Users\Thomas\Desktop\Edignburgh - Tour.pdf [2012.11.14 11:32:20 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.14 11:32:20 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.08 00:11:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.08 00:11:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.05 15:56:24 | 000,000,962 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.10.26 23:03:33 | 000,020,428 | ---- | M] () -- d:\Users\Thomas\Documents\KeePass_Database.kdb [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys [2012.10.26 18:59:44 | 000,203,608 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll ========== Files Created - No Company Name ========== [2012.11.22 22:38:10 | 000,000,635 | ---- | C] () -- C:\Users\Thomas\Desktop\Start Download Manager.html [2012.11.20 23:40:16 | 000,003,147 | ---- | C] () -- C:\Users\Thomas\Desktop\Secure Download Manager.lnk [2012.11.19 15:33:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.11.14 21:32:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 21:22:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 19:13:38 | 000,113,967 | ---- | C] () -- C:\Users\Thomas\Desktop\Edignburgh - Tour.pdf [2012.11.07 21:16:17 | 474,311,708 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.22 14:54:25 | 000,000,600 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\winscp.rnd [2012.08.06 11:37:50 | 000,000,028 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\PhonerLitesettings.ini [2012.04.29 06:21:29 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.28 15:02:49 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2012.04.28 13:32:30 | 000,186,928 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2012.04.28 13:32:30 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.04.27 18:22:42 | 000,007,608 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg [2012.03.28 20:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 20:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 20:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 20:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 20:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.03 11:32:40 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.06.03 11:32:40 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.06.03 11:32:40 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin ========== ZeroAccess Check ========== [2009.07.14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.11.2012 14:14:56 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Thomas\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,39% Memory free
7,80 Gb Paging File | 5,94 Gb Available in Paging File | 76,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 48,16 Gb Free Space | 40,42% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 369,04 Gb Free Space | 79,23% Space Free | Partition Type: NTFS
Computer Name: LAPTOPTHOMAS | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D29E0D-0B94-4B41-96B1-46BBEC88AA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{035F7AC4-7EE6-4C0B-8D78-B4897DBC0869}" = lport=2869 | protocol=6 | dir=in | app=system |
"{050E517F-C680-47CD-91E5-8283DEBB45AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{195680FC-DBC1-4F8B-985B-72B774A53469}" = rport=10243 | protocol=6 | dir=out | app=system |
"{21C853BE-BB3E-475A-81EA-D962637C2D17}" = lport=137 | protocol=17 | dir=in | app=system |
"{31C0D989-A651-4A74-B5A7-8BDDD4321139}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4998C3FE-F183-4E54-9D01-93F0CEC435E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{51D3A7A9-C5BC-418C-B83A-4D925E27F156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EA511FA-1665-47BF-8DD9-DF7277609F3A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7632894A-62EB-4B9A-AFC4-AD3CAE83BA1D}" = rport=137 | protocol=17 | dir=out | app=system |
"{A47B18BC-6772-4B0B-8531-54CC7885A482}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACC34A52-8027-45AA-B0BA-FA747492EA4D}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF73A3A4-7F05-46F9-BF8F-71A373CF45CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4DAD413-6611-42F0-849E-83D1F5F2A3E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0460A0C-9C66-4F48-BC55-6F91C8EE4E20}" = rport=139 | protocol=6 | dir=out | app=system |
"{DCFACAF6-4014-478F-AC69-7DBA45E24B22}" = rport=138 | protocol=17 | dir=out | app=system |
"{E4CE2EBE-3E1C-41A0-8379-9205555C4982}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E73D6544-5A83-4E0E-8F06-8DE03C949A70}" = lport=138 | protocol=17 | dir=in | app=system |
"{EEA6E78D-CBB6-402E-8001-BC73660E6E1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1709317-B649-42F7-BCCF-1A8469F9D4A4}" = lport=445 | protocol=6 | dir=in | app=system |
"{F99F54E9-4894-43F4-BC33-E37FF35247DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD521A32-FC86-495B-ADFE-5C29ECD415C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AEC287-0789-4F98-998D-A1BD61F31027}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{0C02FE3E-08C5-4825-AAD6-F4298DBB12B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C285DE7-7D42-4F66-9EBC-8F0F49E5A515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CE0C961-DCDE-4937-B070-F8A0F8F3AEC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CE4A34C-906C-45CA-B0E3-1F8911F55382}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{129DD792-F3EE-43B9-90AD-E7D68D3C3788}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13571462-6382-4F29-BDC4-BBC2F8216A99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{268B472B-A64E-4C2B-96F3-FCEF43D59247}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{349BD310-DA94-4067-8DAF-9268B526A23C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{38C52AF9-70F6-4723-B01C-5254A3632FC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3973EA6E-FBFE-463C-83F3-61936F25B4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{3CF6F281-4AA9-477F-8625-8B7B985FF0B5}" = protocol=6 | dir=out | app=system |
"{429B5194-261E-4ABA-A783-C30B4EEC5CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{491979D5-E812-4CC3-9269-13AE221DE83E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{549BBECB-0FA5-4EA6-A031-AD36AFA84554}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{56E7C27F-30A6-47CD-AAFC-E13F9BE8A653}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{5C8003E2-DF61-4234-98BF-5EC6D2F122A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65DF79F5-9A54-4F6B-AE43-4426F3E25AC9}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{7A1AD692-E7AE-468A-861A-60AA05E6BAB7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7A3B631A-6243-4B06-8C70-1B1B2EE33296}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C14087B-74D3-4536-92F3-F2A5EA61C0DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80EF4E06-B378-4F64-A565-578FE4CDA3AF}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{819F5B25-2842-42A6-BFC0-3F3E7246882E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CF28B38-B9E7-4B27-B422-9867CCA34EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EAD63D9-731C-4DE0-A532-FCD4F8DFF13A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9120543E-92A5-4364-8029-E84A774F54CD}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{9B2CAF00-5E50-4D11-88A1-7E8CDE6ED45D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{AB2A318C-59A7-4D73-A209-D05507CB9E1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD46FF1E-3711-427A-B282-0B20948A5A81}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B24DDF93-B4A0-4598-9A0A-4FA06EDC9060}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{B3518DAC-BB34-4557-BBC3-2672533A5591}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B789E219-FC23-4814-A311-EC6466D8961E}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B8A7022A-46B3-4CFE-9A78-843732F905C9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9BF1853-481E-445A-822D-03A3F035F29B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CD6EC559-2F02-48B8-91FC-2BF6F80842F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D41B96C5-6DE5-4C8F-ABB7-9F88D1F20BA9}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{D4626446-E530-40B3-83FF-9D7C98C8BB68}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{D4C47CDE-9758-4231-80B7-1FB59388305D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D737E85B-97E2-4DE7-B485-2DFBE3FC34CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB68F748-BF84-4570-B091-7D136F266688}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE43636E-6F8D-4B9F-AF88-9B6BD907ACB6}" = dir=in | app=c:\program files (x86)\pharossystems\core\ctskmstr.exe |
"{E099641B-7132-409A-A461-312AE8C26EFC}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E1B069B0-C4D1-41E5-94F5-C23171C8BC49}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E2F975B0-5DA4-4DBD-85EB-9D1A85E53BC5}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E49776C7-FA3C-4DBE-ABC3-1C80C80DFE33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E55A711D-E578-47E4-8743-8E213AB68F70}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{F491FBB5-EB66-4946-BCB6-93BCCF50C620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7C8526A-C751-416C-955B-3F0F449BE1B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F8A3EA9B-0E93-4879-A64E-E385D70EEFBE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FE80FF01-24B8-4966-B823-783FD9818C0B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF9333E4-2DFD-4C0B-82DF-B20D3C0A28C0}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{00F78F78-D498-42AC-B17B-86C954F88FD5}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{41F7B54E-41CC-4D10-B9CD-C809B3D56346}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"TCP Query User{53471F84-7EB0-4920-8824-21EA6BB8ECCD}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
"TCP Query User{5AE4C19A-472D-427E-AC00-D53CB4AC52BA}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{73E5DE99-4A9B-4B77-AE53-E6564C351E10}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
"TCP Query User{A0E0DC51-0FBD-40C5-8D35-246749A00C1A}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe |
"TCP Query User{ABC9FB14-91F3-41CC-901B-A0B0A4547956}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{AE38CFAE-EF4A-4FF8-9AAF-945C6B2CE652}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F212A9F4-6224-4F28-BD08-C83E5B78B20A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{F6662ECA-9282-4DE0-81DC-931A27308A53}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{13B0DCA3-B24D-4761-A3C3-BD3E3922B41F}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{1C40AF3B-8035-4DFA-AEFA-55D0F656B4A2}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
"UDP Query User{4FC2880A-B50F-4794-849B-870F4FEC3845}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{64CB9D8F-6F58-45B6-814F-1DA419B81763}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{76FE5F44-585C-4BDD-9608-8BA71ECAB45D}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{78D29BB1-4CF2-4628-8871-5543846785C6}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{A977C4DC-F94D-4891-B4C8-3FF1837C7B9C}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C6E771D9-756D-42C4-BF13-49DC4B7E654C}C:\program files (x86)\z-dbackup\zftpcopy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\z-dbackup\zftpcopy.exe |
"UDP Query User{C786944C-9CA2-4CB3-B419-8FACAF405F49}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{FF794A00-B962-4786-B754-437ECD288D15}C:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\1&1 softphone\ipphoneui.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{31a52f2e-32e8-4c8f-9d99-6fd0c37c99ef}" = Gigaset QuickSync
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}" = FRITZ!Fernzugang
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94198F92-0C11-40FB-ADAD-D033C85D4D74}" = Drive Encryption for HP ProtectTools
"{991A4895-3346-4980-990F-A1041B73C6F7}" = HP 3D DriveGuard
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PDF-XChange 3_is1" = PDF-XChange 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}" = Mindjet MindManager 9
"{0F3A02CF-09B1-4B49-BE02-A70790F18B56}" = StarMoney
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{22B76906-5831-4052-9463-E13C5B7A5B40}" = HP ESU for Microsoft Windows 7
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{66D6C49D-B4F4-423A-85EA-3AF843115A91}" = StarMoney
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8DF067D5-EAFB-4B93-AFF6-A6E33D9697C7}" = HP ProtectTools Security Manager
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4814B84-AEEC-4647-90A4-67E2DF637544}" = StarMoney 8.0 S-Edition
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{D1C42E76-0165-4542-95FD-5A9F75023573}" = Credential Manager for HP ProtectTools
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis*True*Image*Home
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.6.0.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeePass Password Safe_is1" = KeePass Password Safe 1.22
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Personal Backup 5_is1" = Personal Backup 5.3
"Pharos" = Pharos
"PhonerLite_is1" = PhonerLite 2.04
"TeamViewer 7" = TeamViewer 7
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 5.1
"Wireshark" = Wireshark 1.6.7 (64-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4124944356-3311762617-3564609179-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.11.2012 16:54:26 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.11.2012 17:52:00 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 23.11.2012 05:50:16 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 23.11.2012 05:50:29 | Computer Name = LaptopThomas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ATService.exe, Version: 8.0.202.0,
Zeitstempel: 0x4a707c25 Name des fehlerhaften Moduls: ATService.exe, Version: 8.0.202.0,
Zeitstempel: 0x4a707c25 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e8539
ID
des fehlerhaften Prozesses: 0x2dc Startzeit der fehlerhaften Anwendung: 0x01cdc95fef0747a0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Fingerprint Sensor\ATService.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Fingerprint Sensor\ATService.exe Berichtskennung:
366702f0-3553-11e2-a243-00247e766500
Error - 23.11.2012 06:02:07 | Computer Name = LaptopThomas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0x01cdc96140ed3a38 Pfad der
fehlerhaften Anwendung: D:\Users\Thomas\Downloads\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d672f9dd-3554-11e2-a243-00247e766500
Error - 23.11.2012 06:05:07 | Computer Name = LaptopThomas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0xeac Startzeit der fehlerhaften Anwendung: 0x01cdc961d6757a39 Pfad der
fehlerhaften Anwendung: D:\Users\Thomas\Downloads\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 41b59ea1-3555-11e2-a243-00247e766500
Error - 23.11.2012 06:06:58 | Computer Name = LaptopThomas | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0x1524 Startzeit der fehlerhaften Anwendung: 0x01cdc96216a35a88 Pfad der
fehlerhaften Anwendung: D:\Users\Thomas\Downloads\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 83cf76a2-3555-11e2-a243-00247e766500
Error - 23.11.2012 06:30:02 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 23.11.2012 08:41:52 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
Error - 23.11.2012 10:10:37 | Computer Name = LaptopThomas | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Hewlett-Packard\HP
ProtectTools Security Manager\PTChangeFilterService.exe.Config" in Zeile 0. Ungültige
XML-Syntax.
[ Credential Manager Events ]
Error - 30.10.2012 00:42:54 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Thomas@LAPTOPTHOMAS Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 30.10.2012 00:42:54 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 01.11.2012 15:57:24 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Thomas@LAPTOPTHOMAS Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 01.11.2012 15:57:24 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 01.11.2012 15:57:27 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Thomas@LAPTOPTHOMAS Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 01.11.2012 15:57:27 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 10.11.2012 18:23:20 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Thomas@LAPTOPTHOMAS Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 10.11.2012 18:23:20 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 14.11.2012 08:55:38 | Computer Name = LaptopThomas | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Thomas@LAPTOPTHOMAS Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 14.11.2012 08:55:38 | Computer Name = LaptopThomas | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Thomas@LAPTOPTHOMAS
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
[ System Events ]
Error - 28.07.2012 21:46:12 | Computer Name = LaptopThomas | Source = DCOM | ID = 10010
Description =
Error - 29.07.2012 08:30:18 | Computer Name = LaptopThomas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 31.07.2012 10:26:39 | Computer Name = LaptopThomas | Source = DCOM | ID = 10010
Description =
Error - 31.07.2012 17:48:52 | Computer Name = LaptopThomas | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
Error - 31.07.2012 19:01:32 | Computer Name = LaptopThomas | Source = DCOM | ID = 10010
Description =
Error - 01.08.2012 04:47:29 | Computer Name = LaptopThomas | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
Error - 01.08.2012 14:10:44 | Computer Name = LaptopThomas | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
und einem Gerät mit Bluetooth-Adapteradresse (38:ec:e4:69:e1:26) ist fehlgeschlagen.
Error - 02.08.2012 19:58:55 | Computer Name = LaptopThomas | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 03.08.2012 05:09:52 | Computer Name = LaptopThomas | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 04.08.2012 06:06:16 | Computer Name = LaptopThomas | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
23.11.2012, 16:46
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vodafone PDF Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.11.2012, 18:24
| #9 |
| | Vodafone PDF TrojanerCode:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.23.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Thomas :: LAPTOPTHOMAS [Administrator] 23.11.2012 15:51:37 mbam-log-2012-11-23 (15-51-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 251308 Laufzeit: 1 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5157060ee5b47044bc906549cecd3471
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-23 05:14:53
# local_time=2012-11-23 05:14:53 (+0000, Westeuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2574139 2574139 0 0
# compatibility_mode=5893 16776574 100 94 2655446 106151408 0 0
# compatibility_mode=8192 67108863 100 0 3902 3902 0 0
# scanned=160366
# found=0
# cleaned=0
# scan_time=4535
Mit was für einer sicherheit kannst du das sagen? Ich habe noch immer ein mumliges Gefühl, wenn es um dinge wie Online-Banking, Kreditkarteninformationen, etc. geht. Ich ärgere mich so darüber, dass ich dieses doofe pdf-file geöffnet habe. |
|
23.11.2012, 20:27
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vodafone PDF Trojaner Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 02:34
| #11 |
| | Vodafone PDF Trojaner Bis jetzt verhält sich das System normal und es gibt auch keine weiteren Probleme. Vielen Dank für deine Hilfe!!! Das System verhält sich weitestgehend normal und bis jetzt gibt es auch keine weiteren Probleme. Vielen Dank für deine Hilfe!!!! |
|
26.11.2012, 10:42
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vodafone PDF Trojaner Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => http://filepony.de/1-browsers-and-plugins Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 10:42
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vodafone PDF Trojaner Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => http://filepony.de/1-browsers-and-plugins Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 16:05
| #14 |
| | Vodafone PDF Trojaner yeah cool *high five* ^^ Danke für die vielen zusätzlichen Infos. Eigentlich halte ich mein System auch immer auf dem neuesten Stand. Ich dachte auch, dass Adobe Reader sich automatisch aktuallisiert. Aber das macht er nur Versionsintern. Kommt eine neue Version (also z.B. 10 auf 11) raus, updated er sich nicht. Ich hab von der Firma Adobe langsam echt die Schn*** gestrichen voll. Hab Foxit-Reader jetzt installiert und der Adobe Reader ist geflogen.  Eine frage hab ich noch. Ist Avira AntiVir (Free-Version) "gut" oder empfielst du etwas anderes? z.B. die Premium-Version oder eine andere AV-Lösung. Ich weiß, dass es nicht DIE Lösung gibt. Bin aber trotzdem offen für neues bzw. würde auf deine empfehlungen hören  |
|
26.11.2012, 17:16
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vodafone PDF TrojanerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Vodafone PDF Trojaner |
| 7-zip, antivir, avira, bho, bonjour, converter, desktop, e-mail, ebanking, error, excel, failed, flash player, focus, google, install.exe, kunde, launch, log file, logfile, mp3, msiexec.exe, myphoneexplorer, plug-in, richtlinie, scan, senden, software, starmoney, svchost.exe, system, taskhost.exe, trojaner, updates, windows, windows updates, wlansvc, wörter |
Linear-Darstellung
