Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.12.2012, 11:13   #1
Virusgeplagt
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hallo zusammen,

leider habe ich scheinbar einiges an Viren auf meinem Computer. Ich habe von Sophos die Meldung bekommen, dass der PC Performer Manager in Quarantäne verschoben wurde. Ein einfaches Entfernen mit Sophos hat nicht funktioniert, ich bekomme die Meldung immer noch.
Außerdem habe ich im Task Manager einen Prozess entdeckt, "tbhcn.exe", den ich nicht kenne.
Beide Probleme habe ich bei google eingegeben und bin auf dieses Forum aufmerksam geworden.
Ich habe jetzt einmal einen Suchlauf mit Malwarebytes gemacht und folgendes Ergebnis erhalten:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniela :: DANIELA-PC [Administrator]

17.12.2012 09:36:48
mbam-log-2012-12-17 (11-02-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 553288
Laufzeit: 1 Stunde(n), 22 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 40
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Daten: Vid-Saver -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 10
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Guest\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Guest\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Keine Aktion durchgeführt.

Infizierte Dateien: 103
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_342\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_343\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\Temp\softonic_ssk_conduit.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\Temp\VidSaver14_20120508.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\Temp\InstallShare2773\FunmoodsSetupV2.1.exe (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Daniela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Keine Aktion durchgeführt.

(Ende)
         
So wie ich das sehe sind beide Probleme darin gar nicht enthalten, aber die Meldung so viele infizierte Objekte zu haben finde ich etwas besorgniserregend. Was soll ich denn jetzt mit dem ganzen Zeug machen?

Vielen Dank und viele Grüße

Alt 17.12.2012, 11:26   #2
markusg
/// Malware-holic
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hi,
sieht erst mal nicht tragisch aus.
viel Adware
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 17.12.2012, 14:33   #3
Virusgeplagt
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hier mal der Text aus der OTL.text
Code:
ATTFilter
OTL logfile created on: 17.12.2012 14:08:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniela\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,63% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,14 Gb Total Space | 16,15 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 224,85 Gb Total Space | 154,61 Gb Free Space | 68,76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.12.17 14:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe
PRC - [2012.12.14 14:46:15 | 000,236,608 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012.12.14 14:46:07 | 000,928,832 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2012.12.14 14:43:08 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.12.14 14:42:55 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.12.14 14:42:51 | 002,878,016 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012.09.26 15:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012.06.07 09:54:31 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2007.09.06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe
PRC - [2007.08.10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 18:59:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.15 18:59:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.15 18:59:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3cdcb033f930eb60badfa4500d795edb\System.Xml.ni.dll
MOD - [2012.11.15 18:59:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.15 18:59:00 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.15 18:58:48 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe
MOD - [2007.10.08 09:59:24 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.core.dll
MOD - [2007.10.08 09:59:24 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.common.dll
MOD - [2007.10.08 09:58:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007.09.06 21:40:36 | 000,692,224 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodrs.dll
MOD - [2007.09.06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe
MOD - [2007.09.06 21:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoscw.dll
MOD - [2007.08.10 07:12:14 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007.08.10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe
MOD - [2007.06.14 21:45:05 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocnv4.dll
MOD - [2007.05.22 15:10:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocaps.dll
MOD - [2007.05.03 16:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodatr.dll
MOD - [2007.03.26 08:39:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocats.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.10.26 01:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.13 18:47:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2007.09.20 21:33:06 | 001,039,360 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdocoms.exe -- (lxdo_device)
SRV:64bit: - [2007.07.17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)
SRV - [2012.12.14 14:46:15 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.12.14 14:43:08 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.12.14 14:42:55 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.14 14:42:51 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.12.14 14:41:57 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.12.06 16:13:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.06.07 09:54:31 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.15 00:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service)
SRV - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.20 21:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdocoms.exe -- (lxdo_device)
SRV - [2007.07.17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 14:45:00 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.07.25 18:53:49 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.10.26 02:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.26 00:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.01 09:47:32 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.08.25 02:46:56 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011.01.08 00:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.05.15 05:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.04.22 01:06:42 | 000,399,936 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_usb.sys -- (NUMARK_OMNICONTROL)
DRV:64bit: - [2010.04.22 01:06:40 | 000,050,240 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_wdm.sys -- (NUMARK_OMNICONTROL_WDM)
DRV:64bit: - [2010.04.22 01:06:38 | 000,031,296 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2midi.sys -- (NUMARK_OMNICONTROL_MIDI)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE - HKLM\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE - HKLM\..\SearchScopes\{6C052F87-11C0-559B-F1AA-51BEA08DB7EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.babylon.com/?affID=109958&tt=3012_1&babsrc=HP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 26 8C 53 8A 44 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {34F18C3E-95F3-4D26-A78C-8693276A09CF}
IE - HKCU\..\SearchScopes,DefaultScope = {34F18C3E-95F3-4D26-A78C-8693276A09CF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE - HKCU\..\SearchScopes\{34F18C3E-95F3-4D26-A78C-8693276A09CF}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{6C052F87-11C0-559B-F1AA-51BEA08DB7EC}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=3012_1&babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e&tlver=1.5.29.1&instlRef=sst&babTrack&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.13 09:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 09:54:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles/4ohvftw3.default\extensions\specialsavings@superfish.com [2012.08.16 21:27:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.16 21:27:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:13:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 09:54:31 | 000,000,000 | ---D | M]
 
[2012.04.09 15:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Extensions
[2012.12.14 14:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions
[2012.12.12 08:37:51 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.24 10:04:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.12.03 17:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2012.08.16 21:18:16 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com
[2012.12.12 08:37:50 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\crossriderapp3491@crossrider.com
[2012.07.24 19:04:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\ffxtlbr@babylon.com
[2012.08.16 21:27:09 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\specialsavings@superfish.com
[2012.12.12 08:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\crossriderapp3491@crossrider.com\chrome\content\extensionCode
[2012.12.14 14:36:26 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\toolbar@web.de.xpi
[2012.12.12 08:37:50 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.24 10:04:21 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.03 17:29:43 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.12.14 15:39:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.12.17 08:59:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.12.17 09:00:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.12.14 15:39:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.12.17 09:00:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire
[2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.12.17 09:00:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire
[2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.12.17 08:59:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.12.14 15:39:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.12.14 15:39:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.12.14 14:36:31 | 000,000,911 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\11-suche.xml
[2012.12.14 14:36:31 | 000,002,273 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\englische-ergebnisse.xml
[2012.12.14 14:36:31 | 000,010,563 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\gmx-suche.xml
[2012.12.14 14:36:31 | 000,002,432 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\lastminute.xml
[2012.08.16 21:18:17 | 000,002,792 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\Plusnetwork.xml
[2012.07.24 19:04:26 | 000,002,339 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\Search.xml
[2012.12.14 14:36:31 | 000,005,545 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\webde-suche.xml
[2012.12.06 16:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.06 16:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.06 16:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.06 16:13:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.23 10:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.24 19:02:12 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (appbario8 Toolbar) - {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [lxdoamon] C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()
O4:64bit: - HKLM..\Run: [lxdomon.exe] C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B69BBBF-BBCF-4BDF-BEA1-A64A8CA283A8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {0B74300D-9D18-4656-9F79-BBF0891365AF} - Bing Bar
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4CBF8339-9F09-4213-846D-8E1C2B921451} - Desktop Icon
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{40194995-2263-49FA-93D2-0A11E13FA518} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: Lexmark 9500 Series - hkey= - key= - C:\Program Files (x86)\Lexmark 9500 Series\fm3032.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.17 14:07:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe
[2012.12.17 09:35:25 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Malwarebytes
[2012.12.17 09:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.17 09:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.17 09:34:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.17 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.14 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.12.14 15:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.12.14 15:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.12.14 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sophos
[2012.12.14 14:45:00 | 000,154,952 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.12.14 14:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.12.13 09:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2012.12.13 09:40:47 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\PDF Architect
[2012.12.13 09:34:35 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\APP_NAME_NON_STRING
[2012.12.13 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Documents\PDF Architect Files
[2012.12.13 09:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2012.12.13 09:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2012.12.13 09:33:48 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\pdfforge
[2012.12.13 09:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.12.13 09:33:36 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.12.13 09:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.12.13 09:32:23 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Programs
[2012.12.13 09:01:17 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Blender
[2012.12.13 09:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Blender
[2012.12.13 07:36:53 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bewerbung_MAN
[2012.12.12 11:17:26 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bilders
[2012.12.06 16:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.27 21:01:14 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bewerbung Michael
[2012.11.27 21:00:13 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bilder Oma und Opa
[2012.11.22 19:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 19:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.22 19:24:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.17 14:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe
[2012.12.17 14:02:28 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2012.12.17 14:02:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.17 09:35:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 09:05:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 09:05:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 09:04:58 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.17 09:04:58 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.17 09:04:58 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.17 08:58:08 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.14 19:37:25 | 000,003,215 | ---- | M] () -- C:\Users\Daniela\Desktop\Sophos Virus Removal Tool.lnk
[2012.12.14 14:45:00 | 000,154,952 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.12.14 14:42:26 | 000,037,440 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2012.12.14 14:28:55 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.12.14 07:45:48 | 000,273,758 | ---- | M] () -- C:\Users\Daniela\Desktop\Ummeldung_Gilla.pdf
[2012.12.13 16:50:38 | 000,002,044 | -H-- | M] () -- C:\Users\Daniela\Documents\Default.rdp
[2012.12.13 14:08:58 | 000,000,000 | ---- | M] () -- C:\Users\Daniela\Documents\NEWSOFT
[2012.12.13 14:02:10 | 000,007,637 | ---- | M] () -- C:\Users\Daniela\Desktop\Abrechnung_Gehalt_MunichRe.pdf
[2012.12.13 13:55:51 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.13 09:46:23 | 001,357,837 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_DMarquart.pdf
[2012.12.13 09:43:08 | 000,648,398 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela Marquart.pdf
[2012.12.13 09:40:43 | 000,715,168 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela_Marquart.pdf
[2012.12.13 09:34:42 | 000,000,993 | ---- | M] () -- C:\Users\Daniela\Desktop\PDF Architect.lnk
[2012.12.13 09:33:48 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.12.13 09:01:17 | 000,001,038 | ---- | M] () -- C:\Users\Daniela\Desktop\PDF Blender.lnk
[2012.12.13 08:48:00 | 002,475,720 | ---- | M] () -- C:\Users\Daniela\Desktop\Praktikumszeugnis_MunichRe.PDF
[2012.12.13 08:23:29 | 000,497,162 | ---- | M] () -- C:\Users\Daniela\Desktop\ToR_WPV_Marquart_Daniela.pdf
[2012.12.07 09:56:16 | 000,291,235 | -H-- | M] () -- C:\Users\Daniela\Desktop\ZbThumbnail.info
[2012.12.07 09:54:17 | 001,354,020 | ---- | M] () -- C:\Users\Daniela\Desktop\ShannonFoto.jpg
[2012.11.22 19:24:56 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.17 09:35:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.14 19:37:25 | 000,003,215 | ---- | C] () -- C:\Users\Daniela\Desktop\Sophos Virus Removal Tool.lnk
[2012.12.13 14:02:10 | 000,007,637 | ---- | C] () -- C:\Users\Daniela\Desktop\Abrechnung_Gehalt_MunichRe.pdf
[2012.12.13 09:46:22 | 001,357,837 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_DMarquart.pdf
[2012.12.13 09:43:08 | 000,648,398 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela Marquart.pdf
[2012.12.13 09:40:42 | 000,715,168 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela_Marquart.pdf
[2012.12.13 09:34:42 | 000,000,993 | ---- | C] () -- C:\Users\Daniela\Desktop\PDF Architect.lnk
[2012.12.13 09:33:48 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.12.13 09:01:17 | 000,001,038 | ---- | C] () -- C:\Users\Daniela\Desktop\PDF Blender.lnk
[2012.12.13 08:48:00 | 002,475,720 | ---- | C] () -- C:\Users\Daniela\Desktop\Praktikumszeugnis_MunichRe.PDF
[2012.12.13 08:24:07 | 000,497,162 | ---- | C] () -- C:\Users\Daniela\Desktop\ToR_WPV_Marquart_Daniela.pdf
[2012.12.08 11:10:27 | 000,273,758 | ---- | C] () -- C:\Users\Daniela\Desktop\Ummeldung_Gilla.pdf
[2012.12.07 10:12:28 | 004,900,888 | ---- | C] () -- C:\Users\Daniela\Desktop\Michi.JPG
[2012.12.07 09:54:16 | 001,354,020 | ---- | C] () -- C:\Users\Daniela\Desktop\ShannonFoto.jpg
[2012.08.19 16:15:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.24 19:03:48 | 000,384,844 | ---- | C] () -- C:\Users\Daniela\AppData\Local\funmoods-speeddial.crx
[2012.07.24 19:03:47 | 000,031,465 | ---- | C] () -- C:\Users\Daniela\AppData\Local\funmoods.crx
[2012.07.21 13:59:00 | 011,632,640 | ---- | C] () -- C:\Users\Daniela\AppData\Roaming\Sandra.mdb
[2012.07.21 13:57:56 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.21 13:48:14 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2012.04.21 13:48:14 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2012.04.21 13:46:04 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdoinst.dll
[2012.04.21 13:46:03 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdocomx.dll
[2012.04.21 13:46:03 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoinpa.dll
[2012.04.21 13:46:03 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoiesc.dll
[2012.04.21 13:46:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdopmui.dll
[2012.04.21 13:46:00 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdousb1.dll
[2012.04.21 13:45:59 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoserv.dll
[2012.04.21 13:45:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoprox.dll
[2012.04.21 13:45:58 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdohbn3.dll
[2012.04.21 13:45:58 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdolmpm.dll
[2012.04.21 13:45:58 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoih.exe
[2012.04.21 13:45:57 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomc.dll
[2012.04.21 13:45:57 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocoms.exe
[2012.04.21 13:45:57 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomm.dll
[2012.04.21 13:45:56 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocfg.exe
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.10.26 00:38:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.10.26 00:38:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.12 21:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.22 16:15:56 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\9500 Series
[2012.04.14 11:19:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\AbiSuite
[2012.12.13 09:34:35 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\APP_NAME_NON_STRING
[2012.07.24 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Babylon
[2012.07.24 19:02:22 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BabylonToolbar
[2012.12.17 14:12:11 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion
[2012.07.24 19:17:04 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canneverbe Limited
[2012.04.23 06:09:25 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canon
[2012.12.17 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Dropbox
[2012.08.16 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DVDVideoSoft
[2012.08.16 21:18:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.23 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\GHISLER
[2012.04.21 16:50:28 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Lexmark Productivity Studio
[2012.10.16 21:48:35 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\NewSoft
[2012.12.13 09:40:49 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PDF Architect
[2012.12.13 09:33:48 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\pdfforge
[2012.04.23 07:07:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PhotoScape
[2012.08.25 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\STRATO
[2012.06.23 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.15 21:04:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.07.25 18:54:20 | 000,000,000 | ---D | M] -- C:\Intel
[2012.04.21 13:55:24 | 000,000,000 | ---D | M] -- C:\logs
[2012.04.14 16:58:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.06.23 15:49:11 | 000,000,000 | ---D | M] -- C:\numark DJ Pult Treiber
[2012.06.17 19:20:41 | 000,000,000 | ---D | M] -- C:\Patent
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.14 15:30:45 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.17 09:34:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.17 09:35:01 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.04.09 14:55:42 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.04.09 15:23:12 | 000,000,000 | ---D | M] -- C:\savw_100_sa
[2012.12.17 09:33:55 | 000,000,000 | ---D | M] -- C:\setups
[2012.12.17 14:10:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.23 14:55:56 | 000,000,000 | ---D | M] -- C:\totalcmd
[2012.06.23 16:49:56 | 000,000,000 | ---D | M] -- C:\Traktor nomml
[2012.06.23 15:49:19 | 000,000,000 | ---D | M] -- C:\Traktor Pro DJ Software
[2012.12.15 21:04:12 | 000,000,000 | R--D | M] -- C:\Users
[2012.06.23 17:52:21 | 000,000,000 | ---D | M] -- C:\VDJ2
[2012.06.23 17:53:44 | 000,000,000 | ---D | M] -- C:\VDJ3
[2012.09.01 07:58:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.13 19:13:02 | 000,000,550 | ---- | C] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.01.26 22:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2012a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.12.17 14:10:25 | 002,621,440 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat
[2012.12.17 14:10:25 | 000,262,144 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG1
[2012.04.09 14:55:52 | 000,000,000 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG2
[2012.04.09 14:58:14 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.04.09 14:58:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.04.09 14:58:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.09.01 09:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TM.blf
[2012.09.01 09:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TMContainer00000000000000000001.regtrans-ms
[2012.09.01 09:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TMContainer00000000000000000002.regtrans-ms
[2012.04.09 14:55:52 | 000,000,020 | -HS- | M] () -- C:\Users\Daniela\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
[2012.08.16 21:09:56 | 001,750,528 | ---- | M] (Yuna Software) -- C:\Users\Daniela\Local Settings\Temp\Browser_Helper_Companion_DE.exe
[2012.07.25 22:26:45 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u34-windows-i586-iftw.exe
[2012.08.29 13:07:10 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
[2012.10.01 17:44:51 | 000,912,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
[2012.08.05 08:09:04 | 025,653,936 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Daniela\Local Settings\Temp\SkypeSetup.exe
[2012.08.16 21:25:46 | 000,666,272 | ---- | M] () -- C:\Users\Daniela\Local Settings\Temp\softonic_ssk_conduit.exe
[2012.06.23 16:48:47 | 001,873,032 | ---- | M] (215 Apps) -- C:\Users\Daniela\Local Settings\Temp\VidSaver14_20120508.exe
[250 C:\Users\Daniela\Local Settings\Temp\*.tmp files -> C:\Users\Daniela\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) -- C:\Users\Daniela\Local Settings\Temp\FirewallAPI.dll
[2012.08.16 21:18:17 | 000,362,029 | ---- | M] () -- C:\Users\Daniela\Local Settings\Temp\sqlite3.dll
[250 C:\Users\Daniela\Local Settings\Temp\*.tmp files -> C:\Users\Daniela\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
Und hier der aus der Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 17.12.2012 14:08:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniela\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,63% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,14 Gb Total Space | 16,15 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 224,85 Gb Total Space | 154,61 Gb Free Space | 68,76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5226BC-E4EA-4166-AB8F-521D4645782C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1BF56D3D-5C33-4FC9-A617-421DD7373721}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{522A262B-5BE8-4C3F-AC41-62C2DDCDB6C8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5E81AC6C-A6A2-456B-A895-66F3C35A61F3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{649FB298-7795-4D7E-8D43-40687D597E98}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6A595F77-0580-462E-9444-A172D809B294}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E351B74-31BE-4ACB-A546-FB8FEBAF93A3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\rpcagentsrv.exe | 
"{76492EDB-4883-448A-97B9-F4A0AA46B752}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{767FACEA-91A9-492D-AF21-EFFEB757B43D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{771DCB17-1EE3-45E7-949F-175039E2F370}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7C6A87AC-FA87-4A1A-A921-F7E8DFC3EDE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81630A44-89EB-4749-8BD1-1FD6CCF67663}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83DE482F-D082-4334-B515-EB8EFC625059}" = lport=138 | protocol=17 | dir=in | app=system | 
"{840B4F4A-4303-48AA-BBD1-A584B80CA947}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8B617B50-FFD9-4C70-B3A0-1247DEC49B4C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\wnt500x64\rpcsandrasrv.exe | 
"{932D09B9-3F8F-4058-88E3-533E4C3A323A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{95313063-3A24-401B-A863-D05E828CA303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9B0C97BF-2256-4E52-8EBB-161EF57EE0B6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9D58C05D-0119-42E9-BD86-74C3BA9E54FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0E0EA2E-5ACE-4A45-B346-480D16B3F07B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{A8641D9F-FA8C-4440-8664-0C8837565D24}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BBCFAE4B-F6AF-4F0F-877C-C0F451053F99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DEE1C061-5384-4236-B08C-15FBD2B45DB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E90CA7B5-ADBF-48BD-ABF2-A2D361B7E938}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F4C17FE4-D039-438C-9A0D-C233FCAAC2C7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F72F8E4D-D435-4D3E-B88E-C0DF00DBE561}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F7959A64-EF2E-4F85-AA46-3703CDB00649}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0021B6DA-0AF2-4E50-B139-A3E1913977AF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{01D761E7-62FD-490E-A0C0-110BC45CC6E0}" = protocol=6 | dir=out | app=system | 
"{137AA8DB-9C7A-4639-B462-5FA11399AAC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{141380F0-D124-4DD2-8390-7B30404C50CC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe | 
"{2077D096-0209-4DD4-B341-78847BC4F2F7}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{212C070F-2285-4CC1-99BA-9ECBB514416A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocfg.exe | 
"{212C3BCA-F604-4626-803A-2337E27E92FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30657F83-BC65-43AB-A0A8-B5FB8EEFDF68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{31CF9225-D3FF-4C8E-AFF6-42A856FFF5E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{351DC4F3-21DE-4CD8-AF1F-58EEDB1AEC58}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe | 
"{450BDF62-E2F3-43D0-97D3-5FFFF0E36264}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{47418643-E062-47C7-B0C4-1ED40BF08C4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4CB1C86D-934D-4A2B-AA15-BE3E0B7DC813}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4EB2F145-0CE4-47C4-AD01-C05BF380727F}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe | 
"{5409AE5A-67C5-4F80-AB12-353FDA403BE0}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe | 
"{571F0524-76D0-4B09-AB27-4C75BF79C576}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{58A6A6E5-6A04-439B-928E-9EE5902FF18C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{599A6D7B-02C2-412A-B0D0-796A96A57362}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdocoms.exe | 
"{6548724C-F1AA-492B-88FD-82A2FBC6556E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6925CB2B-EEA8-46ED-919F-4CD89520EC56}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6F039D07-152F-44BE-87A1-9A7DE5D9CA5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6FF02524-9C51-4F26-A8E5-837FD910509F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe | 
"{7B6A70E8-895F-4ACC-99FC-A0C641610C76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7CBABE19-6F7A-4339-9227-39F347DCC95D}" = protocol=17 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7CEEA206-648C-4D53-BF0B-CE7FAC6239C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdocoms.exe | 
"{7F169A79-3EC2-426B-BFA7-8DE615F8F49A}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocfg.exe | 
"{8574990B-BCBB-4B4B-8575-4580DEB3DEB3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
"{9ED297B3-32CD-4B91-AA00-4B72D363102B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0058A6D-8099-4E2E-B83C-518A798CB086}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{A74BA43F-8FB6-45D1-9586-FE682AAB2027}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AD26D55C-5D73-4F2D-8317-F96809171620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6FFDD5B-3923-4AE1-B9C7-E45CBE3169A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B7B0CCDD-ED41-4082-A091-43EB0C07EE36}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocoms.exe | 
"{BA11B601-C57C-43AD-B222-1B9CD17DB057}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB4B2796-3A18-4C04-AF03-D1CB586D7A18}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C60F8AE1-B077-47A5-8394-B61CD6E111D3}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{C82FC724-CCB2-417A-97D7-D089A264D809}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe | 
"{CAA1A207-1B0A-4CE8-AB9C-188153E2464D}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe | 
"{D0D585EA-355B-48E4-A700-112A26DB5FF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D533F55B-06CF-441A-9FB7-2DEFA5987B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe | 
"{DB7F2D53-6D15-4202-9FE0-3A7F58AFFAD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E1DBCFDC-4829-4C85-97A8-EE1860974005}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E274C5D3-7F1D-4A1A-8A75-208919B78266}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
"{E89B9EB5-A1AA-430B-BD48-9BA5D726CC27}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E9935C7E-C64A-40DD-98BC-8CE2043A6B06}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe | 
"{F2B167AB-E071-4828-841D-8DE726F0B751}" = protocol=6 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F331EF02-EBA7-48C8-B822-6B9758CDF825}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe | 
"{F8D70D8C-2611-41EC-A766-2FA4D698319B}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{FC232706-0BD5-4B49-A1E0-38CC5DA2829F}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocoms.exe | 
"TCP Query User{11AD1681-9EE0-450B-A265-8E0A3815D992}C:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{2D8DFF63-311C-44BC-99E4-BCA116438552}C:\program files (x86)\lexmark 9500 series\lxdomon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
"TCP Query User{FDEA5079-5A15-4792-850F-15F29F400A6B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{0F7CF7A3-DB39-4153-BA7B-247B7DA1E9B5}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{24617DDD-98DC-4AEA-BF5E-861C692739FB}C:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{56679297-EED7-48FF-960A-FAECDFD8F2F6}C:\program files (x86)\lexmark 9500 series\lxdomon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Lexmark 9500 Series" = Lexmark 9500 Series
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"USB_AUDIO_DEusb-audio.deNumarkOMNICONTROL" = OMNI CONTROL USB Audio driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C42B0AD-3D32-4721-9665-AFD958AF6523}" = Remote Desktop
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.20
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.60.10
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.9.2
"appbario8 Toolbar" = appbario8 Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"BrowserCompanion" = BrowserCompanion
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"funmoods" = Funmoods Web Search
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"PDF Blender" = PDF Blender
"pdfsam" = pdfsam
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SpecialSavings" = SpecialSavings
"STRATO HiDrive" = STRATO HiDrive (remove only)
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Wondershare Vivideo_is1" = Wondershare Vivideo(Build 2.0.0.12)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.12.2012 02:17:10 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.12.2012 17:00:19 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\setups\SoftonicDownloader_fuer_windows-live-movie-maker.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 14.12.2012 17:00:19 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\setups\SoftonicDownloader_fuer_wondershare-vivideo.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 15.12.2012 15:07:01 | Computer Name = Daniela-PC | Source = Sophos Anti-Virus | ID = 2424850
Description = Adware or PUA 'BProtector' was not removed because of errors.
 
Error - 15.12.2012 15:07:01 | Computer Name = Daniela-PC | Source = Sophos Anti-Virus | ID = 2424850
Description = Adware or PUA 'BProtector' was not removed because of errors.
 
Error - 15.12.2012 15:08:00 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.12.2012 13:08:15 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 04:00:01 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 04:16:43 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: lxdocoms.exe, version: 1.232.15.0, time
 stamp: 0x46f2d8ff  Faulting module name: lxdohbn3.dll, version: 1.232.15.0, time 
stamp: 0x46f2d8d7  Exception code: 0xc0000005  Fault offset: 0x0000000000061053  Faulting
 process id: 0x514  Faulting application start time: 0x01cddc2c50f929c0  Faulting application
 path: C:\Windows\system32\lxdocoms.exe  Faulting module path: C:\Windows\system32\lxdohbn3.dll
Report
 Id: 1704df1d-4822-11e2-9cbb-00262d75d392
 
Error - 17.12.2012 09:07:46 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FRun.exe, version: 1.41.0.0, time stamp:
 0x462e566d  Faulting module name: lxdoDRS.dll_unloaded, version: 0.0.0.0, time stamp:
 0x46e065c4  Exception code: 0xc0000005  Fault offset: 0x0a2c4c97  Faulting process id:
 0x858  Faulting application start time: 0x01cddc2ecbd5a4ce  Faulting application path:
 C:\Program Files (x86)\Lexmark 9500 Series\FRun.exe  Faulting module path: lxdoDRS.dll
Report
 Id: bfdaee2e-484a-11e2-9cbb-00262d75d392
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 17.12.2012 04:16:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.  
 
Error - 17.12.2012 04:16:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 17.12.2012 04:16:37 | Computer Name = Daniela-PC | Source = acvpnui | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.  
 
Error - 17.12.2012 04:16:37 | Computer Name = Daniela-PC | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 17.12.2012 04:56:39 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
 277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP
 
Error - 17.12.2012 04:56:39 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS
 
Error - 17.12.2012 05:18:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
 277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP
 
Error - 17.12.2012 05:18:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS
 
Error - 17.12.2012 06:57:13 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
 Hibernate, etc).
 
Error - 17.12.2012 06:57:26 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
 1026 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
 cannot find the file specified.   
 
[ System Events ]
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 07.10.2012 04:08:11 | Computer Name = Daniela-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 07.10.2012 05:16:09 | Computer Name = Daniela-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >
         
Vielen Dank für eure Hilfe!!!
__________________

Alt 17.12.2012, 14:36   #4
Virusgeplagt
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hier mal der Text aus der OTL.text
Code:
ATTFilter
OTL logfile created on: 17.12.2012 14:08:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniela\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,63% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,14 Gb Total Space | 16,15 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 224,85 Gb Total Space | 154,61 Gb Free Space | 68,76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.12.17 14:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe
PRC - [2012.12.14 14:46:15 | 000,236,608 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012.12.14 14:46:07 | 000,928,832 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2012.12.14 14:43:08 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.12.14 14:42:55 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.12.14 14:42:51 | 002,878,016 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2012.09.26 15:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe
PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012.06.07 09:54:31 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2007.09.06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe
PRC - [2007.08.10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 18:59:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.15 18:59:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.15 18:59:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3cdcb033f930eb60badfa4500d795edb\System.Xml.ni.dll
MOD - [2012.11.15 18:59:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.15 18:59:00 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.15 18:58:48 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe
MOD - [2007.10.08 09:59:24 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.core.dll
MOD - [2007.10.08 09:59:24 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.common.dll
MOD - [2007.10.08 09:58:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007.09.06 21:40:36 | 000,692,224 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodrs.dll
MOD - [2007.09.06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe
MOD - [2007.09.06 21:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoscw.dll
MOD - [2007.08.10 07:12:14 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007.08.10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe
MOD - [2007.06.14 21:45:05 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocnv4.dll
MOD - [2007.05.22 15:10:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocaps.dll
MOD - [2007.05.03 16:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodatr.dll
MOD - [2007.03.26 08:39:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocats.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.10.26 01:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.13 18:47:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2007.09.20 21:33:06 | 001,039,360 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdocoms.exe -- (lxdo_device)
SRV:64bit: - [2007.07.17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)
SRV - [2012.12.14 14:46:15 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.12.14 14:43:08 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.12.14 14:42:55 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.14 14:42:51 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.12.14 14:41:57 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.12.06 16:13:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.06.07 09:54:31 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.15 00:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service)
SRV - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.20 21:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdocoms.exe -- (lxdo_device)
SRV - [2007.07.17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 14:45:00 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.07.25 18:53:49 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.10.26 02:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.26 00:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.01 09:47:32 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.08.25 02:46:56 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011.01.08 00:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.05.15 05:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.04.22 01:06:42 | 000,399,936 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_usb.sys -- (NUMARK_OMNICONTROL)
DRV:64bit: - [2010.04.22 01:06:40 | 000,050,240 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_wdm.sys -- (NUMARK_OMNICONTROL_WDM)
DRV:64bit: - [2010.04.22 01:06:38 | 000,031,296 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2midi.sys -- (NUMARK_OMNICONTROL_MIDI)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE - HKLM\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE - HKLM\..\SearchScopes\{6C052F87-11C0-559B-F1AA-51BEA08DB7EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.babylon.com/?affID=109958&tt=3012_1&babsrc=HP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 26 8C 53 8A 44 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {34F18C3E-95F3-4D26-A78C-8693276A09CF}
IE - HKCU\..\SearchScopes,DefaultScope = {34F18C3E-95F3-4D26-A78C-8693276A09CF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
IE - HKCU\..\SearchScopes\{34F18C3E-95F3-4D26-A78C-8693276A09CF}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{6C052F87-11C0-559B-F1AA-51BEA08DB7EC}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=3012_1&babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e&tlver=1.5.29.1&instlRef=sst&babTrack&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.13 09:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 09:54:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles/4ohvftw3.default\extensions\specialsavings@superfish.com [2012.08.16 21:27:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.16 21:27:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:13:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 09:54:31 | 000,000,000 | ---D | M]
 
[2012.04.09 15:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Extensions
[2012.12.14 14:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions
[2012.12.12 08:37:51 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.24 10:04:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.12.03 17:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2012.08.16 21:18:16 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com
[2012.12.12 08:37:50 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\crossriderapp3491@crossrider.com
[2012.07.24 19:04:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\ffxtlbr@babylon.com
[2012.08.16 21:27:09 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\specialsavings@superfish.com
[2012.12.12 08:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\crossriderapp3491@crossrider.com\chrome\content\extensionCode
[2012.12.14 14:36:26 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\toolbar@web.de.xpi
[2012.12.12 08:37:50 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.24 10:04:21 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.03 17:29:43 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.12.14 15:39:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.12.17 08:59:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.12.17 09:00:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.12.14 15:39:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.12.17 09:00:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire
[2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.12.17 09:00:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire
[2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.12.17 08:59:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.12.14 15:39:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.12.14 15:39:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.12.14 14:36:31 | 000,000,911 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\11-suche.xml
[2012.12.14 14:36:31 | 000,002,273 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\englische-ergebnisse.xml
[2012.12.14 14:36:31 | 000,010,563 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\gmx-suche.xml
[2012.12.14 14:36:31 | 000,002,432 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\lastminute.xml
[2012.08.16 21:18:17 | 000,002,792 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\Plusnetwork.xml
[2012.07.24 19:04:26 | 000,002,339 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\Search.xml
[2012.12.14 14:36:31 | 000,005,545 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\webde-suche.xml
[2012.12.06 16:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.06 16:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.06 16:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.06 16:13:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.23 10:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.24 19:02:12 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (appbario8 Toolbar) - {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [lxdoamon] C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ()
O4:64bit: - HKLM..\Run: [lxdomon.exe] C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe ()
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B69BBBF-BBCF-4BDF-BEA1-A64A8CA283A8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {0B74300D-9D18-4656-9F79-BBF0891365AF} - Bing Bar
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4CBF8339-9F09-4213-846D-8E1C2B921451} - Desktop Icon
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{40194995-2263-49FA-93D2-0A11E13FA518} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: Lexmark 9500 Series - hkey= - key= - C:\Program Files (x86)\Lexmark 9500 Series\fm3032.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.17 14:07:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe
[2012.12.17 09:35:25 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Malwarebytes
[2012.12.17 09:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.17 09:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.17 09:34:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.17 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.14 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.12.14 15:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.12.14 15:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.12.14 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sophos
[2012.12.14 14:45:00 | 000,154,952 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.12.14 14:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.12.13 09:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2012.12.13 09:40:47 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\PDF Architect
[2012.12.13 09:34:35 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\APP_NAME_NON_STRING
[2012.12.13 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Documents\PDF Architect Files
[2012.12.13 09:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2012.12.13 09:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2012.12.13 09:33:48 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\pdfforge
[2012.12.13 09:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.12.13 09:33:36 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.12.13 09:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.12.13 09:32:23 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Programs
[2012.12.13 09:01:17 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Blender
[2012.12.13 09:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Blender
[2012.12.13 07:36:53 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bewerbung_MAN
[2012.12.12 11:17:26 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bilders
[2012.12.06 16:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.27 21:01:14 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bewerbung Michael
[2012.11.27 21:00:13 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bilder Oma und Opa
[2012.11.22 19:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 19:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.22 19:24:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.17 14:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe
[2012.12.17 14:02:28 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job
[2012.12.17 14:02:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.17 09:35:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 09:05:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 09:05:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 09:04:58 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.17 09:04:58 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.17 09:04:58 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.17 08:58:08 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.14 19:37:25 | 000,003,215 | ---- | M] () -- C:\Users\Daniela\Desktop\Sophos Virus Removal Tool.lnk
[2012.12.14 14:45:00 | 000,154,952 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2012.12.14 14:42:26 | 000,037,440 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2012.12.14 14:28:55 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.12.14 07:45:48 | 000,273,758 | ---- | M] () -- C:\Users\Daniela\Desktop\Ummeldung_Gilla.pdf
[2012.12.13 16:50:38 | 000,002,044 | -H-- | M] () -- C:\Users\Daniela\Documents\Default.rdp
[2012.12.13 14:08:58 | 000,000,000 | ---- | M] () -- C:\Users\Daniela\Documents\NEWSOFT
[2012.12.13 14:02:10 | 000,007,637 | ---- | M] () -- C:\Users\Daniela\Desktop\Abrechnung_Gehalt_MunichRe.pdf
[2012.12.13 13:55:51 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.13 09:46:23 | 001,357,837 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_DMarquart.pdf
[2012.12.13 09:43:08 | 000,648,398 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela Marquart.pdf
[2012.12.13 09:40:43 | 000,715,168 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela_Marquart.pdf
[2012.12.13 09:34:42 | 000,000,993 | ---- | M] () -- C:\Users\Daniela\Desktop\PDF Architect.lnk
[2012.12.13 09:33:48 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.12.13 09:01:17 | 000,001,038 | ---- | M] () -- C:\Users\Daniela\Desktop\PDF Blender.lnk
[2012.12.13 08:48:00 | 002,475,720 | ---- | M] () -- C:\Users\Daniela\Desktop\Praktikumszeugnis_MunichRe.PDF
[2012.12.13 08:23:29 | 000,497,162 | ---- | M] () -- C:\Users\Daniela\Desktop\ToR_WPV_Marquart_Daniela.pdf
[2012.12.07 09:56:16 | 000,291,235 | -H-- | M] () -- C:\Users\Daniela\Desktop\ZbThumbnail.info
[2012.12.07 09:54:17 | 001,354,020 | ---- | M] () -- C:\Users\Daniela\Desktop\ShannonFoto.jpg
[2012.11.22 19:24:56 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.17 09:35:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.14 19:37:25 | 000,003,215 | ---- | C] () -- C:\Users\Daniela\Desktop\Sophos Virus Removal Tool.lnk
[2012.12.13 14:02:10 | 000,007,637 | ---- | C] () -- C:\Users\Daniela\Desktop\Abrechnung_Gehalt_MunichRe.pdf
[2012.12.13 09:46:22 | 001,357,837 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_DMarquart.pdf
[2012.12.13 09:43:08 | 000,648,398 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela Marquart.pdf
[2012.12.13 09:40:42 | 000,715,168 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela_Marquart.pdf
[2012.12.13 09:34:42 | 000,000,993 | ---- | C] () -- C:\Users\Daniela\Desktop\PDF Architect.lnk
[2012.12.13 09:33:48 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.12.13 09:01:17 | 000,001,038 | ---- | C] () -- C:\Users\Daniela\Desktop\PDF Blender.lnk
[2012.12.13 08:48:00 | 002,475,720 | ---- | C] () -- C:\Users\Daniela\Desktop\Praktikumszeugnis_MunichRe.PDF
[2012.12.13 08:24:07 | 000,497,162 | ---- | C] () -- C:\Users\Daniela\Desktop\ToR_WPV_Marquart_Daniela.pdf
[2012.12.08 11:10:27 | 000,273,758 | ---- | C] () -- C:\Users\Daniela\Desktop\Ummeldung_Gilla.pdf
[2012.12.07 10:12:28 | 004,900,888 | ---- | C] () -- C:\Users\Daniela\Desktop\Michi.JPG
[2012.12.07 09:54:16 | 001,354,020 | ---- | C] () -- C:\Users\Daniela\Desktop\ShannonFoto.jpg
[2012.08.19 16:15:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.24 19:03:48 | 000,384,844 | ---- | C] () -- C:\Users\Daniela\AppData\Local\funmoods-speeddial.crx
[2012.07.24 19:03:47 | 000,031,465 | ---- | C] () -- C:\Users\Daniela\AppData\Local\funmoods.crx
[2012.07.21 13:59:00 | 011,632,640 | ---- | C] () -- C:\Users\Daniela\AppData\Roaming\Sandra.mdb
[2012.07.21 13:57:56 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.21 13:48:14 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2012.04.21 13:48:14 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2012.04.21 13:46:04 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdoinst.dll
[2012.04.21 13:46:03 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdocomx.dll
[2012.04.21 13:46:03 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoinpa.dll
[2012.04.21 13:46:03 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoiesc.dll
[2012.04.21 13:46:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdopmui.dll
[2012.04.21 13:46:00 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdousb1.dll
[2012.04.21 13:45:59 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoserv.dll
[2012.04.21 13:45:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoprox.dll
[2012.04.21 13:45:58 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdohbn3.dll
[2012.04.21 13:45:58 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdolmpm.dll
[2012.04.21 13:45:58 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoih.exe
[2012.04.21 13:45:57 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomc.dll
[2012.04.21 13:45:57 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocoms.exe
[2012.04.21 13:45:57 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomm.dll
[2012.04.21 13:45:56 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocfg.exe
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.10.26 00:38:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.10.26 00:38:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.12 21:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.22 16:15:56 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\9500 Series
[2012.04.14 11:19:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\AbiSuite
[2012.12.13 09:34:35 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\APP_NAME_NON_STRING
[2012.07.24 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Babylon
[2012.07.24 19:02:22 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BabylonToolbar
[2012.12.17 14:12:11 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion
[2012.07.24 19:17:04 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canneverbe Limited
[2012.04.23 06:09:25 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canon
[2012.12.17 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Dropbox
[2012.08.16 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DVDVideoSoft
[2012.08.16 21:18:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.23 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\GHISLER
[2012.04.21 16:50:28 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Lexmark Productivity Studio
[2012.10.16 21:48:35 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\NewSoft
[2012.12.13 09:40:49 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PDF Architect
[2012.12.13 09:33:48 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\pdfforge
[2012.04.23 07:07:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PhotoScape
[2012.08.25 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\STRATO
[2012.06.23 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.15 21:04:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.07.25 18:54:20 | 000,000,000 | ---D | M] -- C:\Intel
[2012.04.21 13:55:24 | 000,000,000 | ---D | M] -- C:\logs
[2012.04.14 16:58:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.06.23 15:49:11 | 000,000,000 | ---D | M] -- C:\numark DJ Pult Treiber
[2012.06.17 19:20:41 | 000,000,000 | ---D | M] -- C:\Patent
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.14 15:30:45 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.17 09:34:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.17 09:35:01 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.04.09 14:55:42 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.04.09 15:23:12 | 000,000,000 | ---D | M] -- C:\savw_100_sa
[2012.12.17 09:33:55 | 000,000,000 | ---D | M] -- C:\setups
[2012.12.17 14:10:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.23 14:55:56 | 000,000,000 | ---D | M] -- C:\totalcmd
[2012.06.23 16:49:56 | 000,000,000 | ---D | M] -- C:\Traktor nomml
[2012.06.23 15:49:19 | 000,000,000 | ---D | M] -- C:\Traktor Pro DJ Software
[2012.12.15 21:04:12 | 000,000,000 | R--D | M] -- C:\Users
[2012.06.23 17:52:21 | 000,000,000 | ---D | M] -- C:\VDJ2
[2012.06.23 17:53:44 | 000,000,000 | ---D | M] -- C:\VDJ3
[2012.09.01 07:58:17 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.13 19:13:02 | 000,000,550 | ---- | C] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.01.26 22:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2012a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.12.17 14:10:25 | 002,621,440 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat
[2012.12.17 14:10:25 | 000,262,144 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG1
[2012.04.09 14:55:52 | 000,000,000 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG2
[2012.04.09 14:58:14 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.04.09 14:58:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.04.09 14:58:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.09.01 09:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TM.blf
[2012.09.01 09:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TMContainer00000000000000000001.regtrans-ms
[2012.09.01 09:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TMContainer00000000000000000002.regtrans-ms
[2012.04.09 14:55:52 | 000,000,020 | -HS- | M] () -- C:\Users\Daniela\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
[2012.08.16 21:09:56 | 001,750,528 | ---- | M] (Yuna Software) -- C:\Users\Daniela\Local Settings\Temp\Browser_Helper_Companion_DE.exe
[2012.07.25 22:26:45 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u34-windows-i586-iftw.exe
[2012.08.29 13:07:10 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
[2012.10.01 17:44:51 | 000,912,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
[2012.08.05 08:09:04 | 025,653,936 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Daniela\Local Settings\Temp\SkypeSetup.exe
[2012.08.16 21:25:46 | 000,666,272 | ---- | M] () -- C:\Users\Daniela\Local Settings\Temp\softonic_ssk_conduit.exe
[2012.06.23 16:48:47 | 001,873,032 | ---- | M] (215 Apps) -- C:\Users\Daniela\Local Settings\Temp\VidSaver14_20120508.exe
[250 C:\Users\Daniela\Local Settings\Temp\*.tmp files -> C:\Users\Daniela\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) -- C:\Users\Daniela\Local Settings\Temp\FirewallAPI.dll
[2012.08.16 21:18:17 | 000,362,029 | ---- | M] () -- C:\Users\Daniela\Local Settings\Temp\sqlite3.dll
[250 C:\Users\Daniela\Local Settings\Temp\*.tmp files -> C:\Users\Daniela\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         

Alt 17.12.2012, 14:37   #5
Virusgeplagt
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Und hier der aus der Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 17.12.2012 14:08:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniela\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,63% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,14 Gb Total Space | 16,15 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 224,85 Gb Total Space | 154,61 Gb Free Space | 68,76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5226BC-E4EA-4166-AB8F-521D4645782C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1BF56D3D-5C33-4FC9-A617-421DD7373721}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{522A262B-5BE8-4C3F-AC41-62C2DDCDB6C8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5E81AC6C-A6A2-456B-A895-66F3C35A61F3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{649FB298-7795-4D7E-8D43-40687D597E98}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6A595F77-0580-462E-9444-A172D809B294}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E351B74-31BE-4ACB-A546-FB8FEBAF93A3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\rpcagentsrv.exe | 
"{76492EDB-4883-448A-97B9-F4A0AA46B752}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{767FACEA-91A9-492D-AF21-EFFEB757B43D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{771DCB17-1EE3-45E7-949F-175039E2F370}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7C6A87AC-FA87-4A1A-A921-F7E8DFC3EDE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81630A44-89EB-4749-8BD1-1FD6CCF67663}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{83DE482F-D082-4334-B515-EB8EFC625059}" = lport=138 | protocol=17 | dir=in | app=system | 
"{840B4F4A-4303-48AA-BBD1-A584B80CA947}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{8B617B50-FFD9-4C70-B3A0-1247DEC49B4C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\wnt500x64\rpcsandrasrv.exe | 
"{932D09B9-3F8F-4058-88E3-533E4C3A323A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{95313063-3A24-401B-A863-D05E828CA303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9B0C97BF-2256-4E52-8EBB-161EF57EE0B6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9D58C05D-0119-42E9-BD86-74C3BA9E54FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0E0EA2E-5ACE-4A45-B346-480D16B3F07B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{A8641D9F-FA8C-4440-8664-0C8837565D24}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BBCFAE4B-F6AF-4F0F-877C-C0F451053F99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DEE1C061-5384-4236-B08C-15FBD2B45DB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E90CA7B5-ADBF-48BD-ABF2-A2D361B7E938}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F4C17FE4-D039-438C-9A0D-C233FCAAC2C7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F72F8E4D-D435-4D3E-B88E-C0DF00DBE561}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F7959A64-EF2E-4F85-AA46-3703CDB00649}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0021B6DA-0AF2-4E50-B139-A3E1913977AF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{01D761E7-62FD-490E-A0C0-110BC45CC6E0}" = protocol=6 | dir=out | app=system | 
"{137AA8DB-9C7A-4639-B462-5FA11399AAC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{141380F0-D124-4DD2-8390-7B30404C50CC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe | 
"{2077D096-0209-4DD4-B341-78847BC4F2F7}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{212C070F-2285-4CC1-99BA-9ECBB514416A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocfg.exe | 
"{212C3BCA-F604-4626-803A-2337E27E92FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30657F83-BC65-43AB-A0A8-B5FB8EEFDF68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{31CF9225-D3FF-4C8E-AFF6-42A856FFF5E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{351DC4F3-21DE-4CD8-AF1F-58EEDB1AEC58}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe | 
"{450BDF62-E2F3-43D0-97D3-5FFFF0E36264}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{47418643-E062-47C7-B0C4-1ED40BF08C4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4CB1C86D-934D-4A2B-AA15-BE3E0B7DC813}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4EB2F145-0CE4-47C4-AD01-C05BF380727F}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe | 
"{5409AE5A-67C5-4F80-AB12-353FDA403BE0}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe | 
"{571F0524-76D0-4B09-AB27-4C75BF79C576}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{58A6A6E5-6A04-439B-928E-9EE5902FF18C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{599A6D7B-02C2-412A-B0D0-796A96A57362}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdocoms.exe | 
"{6548724C-F1AA-492B-88FD-82A2FBC6556E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6925CB2B-EEA8-46ED-919F-4CD89520EC56}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6F039D07-152F-44BE-87A1-9A7DE5D9CA5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6FF02524-9C51-4F26-A8E5-837FD910509F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe | 
"{7B6A70E8-895F-4ACC-99FC-A0C641610C76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7CBABE19-6F7A-4339-9227-39F347DCC95D}" = protocol=17 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7CEEA206-648C-4D53-BF0B-CE7FAC6239C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdocoms.exe | 
"{7F169A79-3EC2-426B-BFA7-8DE615F8F49A}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocfg.exe | 
"{8574990B-BCBB-4B4B-8575-4580DEB3DEB3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
"{9ED297B3-32CD-4B91-AA00-4B72D363102B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0058A6D-8099-4E2E-B83C-518A798CB086}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{A74BA43F-8FB6-45D1-9586-FE682AAB2027}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AD26D55C-5D73-4F2D-8317-F96809171620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B6FFDD5B-3923-4AE1-B9C7-E45CBE3169A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B7B0CCDD-ED41-4082-A091-43EB0C07EE36}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocoms.exe | 
"{BA11B601-C57C-43AD-B222-1B9CD17DB057}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB4B2796-3A18-4C04-AF03-D1CB586D7A18}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C60F8AE1-B077-47A5-8394-B61CD6E111D3}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{C82FC724-CCB2-417A-97D7-D089A264D809}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe | 
"{CAA1A207-1B0A-4CE8-AB9C-188153E2464D}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe | 
"{D0D585EA-355B-48E4-A700-112A26DB5FF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D533F55B-06CF-441A-9FB7-2DEFA5987B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe | 
"{DB7F2D53-6D15-4202-9FE0-3A7F58AFFAD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E1DBCFDC-4829-4C85-97A8-EE1860974005}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E274C5D3-7F1D-4A1A-8A75-208919B78266}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
"{E89B9EB5-A1AA-430B-BD48-9BA5D726CC27}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E9935C7E-C64A-40DD-98BC-8CE2043A6B06}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe | 
"{F2B167AB-E071-4828-841D-8DE726F0B751}" = protocol=6 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F331EF02-EBA7-48C8-B822-6B9758CDF825}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe | 
"{F8D70D8C-2611-41EC-A766-2FA4D698319B}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{FC232706-0BD5-4B49-A1E0-38CC5DA2829F}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocoms.exe | 
"TCP Query User{11AD1681-9EE0-450B-A265-8E0A3815D992}C:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{2D8DFF63-311C-44BC-99E4-BCA116438552}C:\program files (x86)\lexmark 9500 series\lxdomon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
"TCP Query User{FDEA5079-5A15-4792-850F-15F29F400A6B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{0F7CF7A3-DB39-4153-BA7B-247B7DA1E9B5}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{24617DDD-98DC-4AEA-BF5E-861C692739FB}C:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{56679297-EED7-48FF-960A-FAECDFD8F2F6}C:\program files (x86)\lexmark 9500 series\lxdomon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Lexmark 9500 Series" = Lexmark 9500 Series
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"USB_AUDIO_DEusb-audio.deNumarkOMNICONTROL" = OMNI CONTROL USB Audio driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C42B0AD-3D32-4721-9665-AFD958AF6523}" = Remote Desktop
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.20
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.60.10
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.9.2
"appbario8 Toolbar" = appbario8 Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"BrowserCompanion" = BrowserCompanion
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"funmoods" = Funmoods Web Search
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"PDF Blender" = PDF Blender
"pdfsam" = pdfsam
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SpecialSavings" = SpecialSavings
"STRATO HiDrive" = STRATO HiDrive (remove only)
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Wondershare Vivideo_is1" = Wondershare Vivideo(Build 2.0.0.12)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.12.2012 02:17:10 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.12.2012 17:00:19 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\setups\SoftonicDownloader_fuer_windows-live-movie-maker.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 14.12.2012 17:00:19 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\setups\SoftonicDownloader_fuer_wondershare-vivideo.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 15.12.2012 15:07:01 | Computer Name = Daniela-PC | Source = Sophos Anti-Virus | ID = 2424850
Description = Adware or PUA 'BProtector' was not removed because of errors.
 
Error - 15.12.2012 15:07:01 | Computer Name = Daniela-PC | Source = Sophos Anti-Virus | ID = 2424850
Description = Adware or PUA 'BProtector' was not removed because of errors.
 
Error - 15.12.2012 15:08:00 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.12.2012 13:08:15 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 04:00:01 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 04:16:43 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: lxdocoms.exe, version: 1.232.15.0, time
 stamp: 0x46f2d8ff  Faulting module name: lxdohbn3.dll, version: 1.232.15.0, time 
stamp: 0x46f2d8d7  Exception code: 0xc0000005  Fault offset: 0x0000000000061053  Faulting
 process id: 0x514  Faulting application start time: 0x01cddc2c50f929c0  Faulting application
 path: C:\Windows\system32\lxdocoms.exe  Faulting module path: C:\Windows\system32\lxdohbn3.dll
Report
 Id: 1704df1d-4822-11e2-9cbb-00262d75d392
 
Error - 17.12.2012 09:07:46 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FRun.exe, version: 1.41.0.0, time stamp:
 0x462e566d  Faulting module name: lxdoDRS.dll_unloaded, version: 0.0.0.0, time stamp:
 0x46e065c4  Exception code: 0xc0000005  Fault offset: 0x0a2c4c97  Faulting process id:
 0x858  Faulting application start time: 0x01cddc2ecbd5a4ce  Faulting application path:
 C:\Program Files (x86)\Lexmark 9500 Series\FRun.exe  Faulting module path: lxdoDRS.dll
Report
 Id: bfdaee2e-484a-11e2-9cbb-00262d75d392
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 17.12.2012 04:16:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.  
 
Error - 17.12.2012 04:16:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 17.12.2012 04:16:37 | Computer Name = Daniela-PC | Source = acvpnui | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.  
 
Error - 17.12.2012 04:16:37 | Computer Name = Daniela-PC | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 17.12.2012 04:56:39 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
 277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP
 
Error - 17.12.2012 04:56:39 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS
 
Error - 17.12.2012 05:18:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
 277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP
 
Error - 17.12.2012 05:18:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
 (0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure 
gateway failed to respond to Dead Peer Detection packets. DTLS
 
Error - 17.12.2012 06:57:13 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
 Hibernate, etc).
 
Error - 17.12.2012 06:57:26 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
 1026 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
 cannot find the file specified.   
 
[ System Events ]
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 07.10.2012 04:08:11 | Computer Name = Daniela-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
 error:   %%-2140993535
 
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
 Protocol service which failed to start because of the following error:   %%-2140993535
 
Error - 07.10.2012 05:16:09 | Computer Name = Daniela-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >
         
Vielen Dank für eure Hilfe!!!


Alt 17.12.2012, 15:52   #6
markusg
/// Malware-holic
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden

Alt 17.12.2012, 16:32   #7
Virusgeplagt
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hallo hier das Ergebnis:
Code:
ATTFilter
16:21:20.0685 5784  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:21:21.0013 5784  ============================================================
16:21:21.0013 5784  Current date / time: 2012/12/17 16:21:21.0013
16:21:21.0013 5784  SystemInfo:
16:21:21.0013 5784  
16:21:21.0013 5784  OS Version: 6.1.7601 ServicePack: 1.0
16:21:21.0013 5784  Product type: Workstation
16:21:21.0013 5784  ComputerName: DANIELA-PC
16:21:21.0013 5784  UserName: Daniela
16:21:21.0013 5784  Windows directory: C:\Windows
16:21:21.0013 5784  System windows directory: C:\Windows
16:21:21.0013 5784  Running under WOW64
16:21:21.0013 5784  Processor architecture: Intel x64
16:21:21.0013 5784  Number of processors: 4
16:21:21.0013 5784  Page size: 0x1000
16:21:21.0013 5784  Boot type: Normal boot
16:21:21.0013 5784  ============================================================
16:21:22.0542 5784  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:22.0542 5784  ============================================================
16:21:22.0542 5784  \Device\Harddisk0\DR0:
16:21:22.0542 5784  MBR partitions:
16:21:22.0542 5784  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:21:22.0542 5784  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x924A000
16:21:22.0542 5784  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x927C800, BlocksNum 0x1C1B1800
16:21:22.0542 5784  ============================================================
16:21:22.0573 5784  C: <-> \Device\Harddisk0\DR0\Partition2
16:21:22.0604 5784  D: <-> \Device\Harddisk0\DR0\Partition3
16:21:22.0604 5784  ============================================================
16:21:22.0604 5784  Initialize success
16:21:22.0604 5784  ============================================================
16:22:02.0852 3776  ============================================================
16:22:02.0852 3776  Scan started
16:22:02.0852 3776  Mode: Manual; SigCheck; TDLFS; 
16:22:02.0852 3776  ============================================================
16:22:08.0983 3776  ================ Scan system memory ========================
16:22:08.0983 3776  System memory - ok
16:22:08.0983 3776  ================ Scan services =============================
16:22:09.0123 3776  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:22:09.0232 3776  1394ohci - ok
16:22:09.0264 3776  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:22:09.0295 3776  ACPI - ok
16:22:09.0326 3776  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:22:09.0435 3776  AcpiPmi - ok
16:22:09.0513 3776  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
16:22:09.0732 3776  acsock - ok
16:22:09.0778 3776  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:22:09.0810 3776  adp94xx - ok
16:22:09.0856 3776  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:22:09.0888 3776  adpahci - ok
16:22:09.0903 3776  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:22:09.0934 3776  adpu320 - ok
16:22:09.0966 3776  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:22:10.0371 3776  AeLookupSvc - ok
16:22:10.0418 3776  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:22:10.0480 3776  AFD - ok
16:22:10.0512 3776  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:22:10.0543 3776  agp440 - ok
16:22:10.0590 3776  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:22:10.0683 3776  ALG - ok
16:22:10.0714 3776  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:22:10.0730 3776  aliide - ok
16:22:10.0761 3776  [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:22:10.0886 3776  AMD External Events Utility - ok
16:22:10.0917 3776  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:22:10.0933 3776  amdide - ok
16:22:10.0980 3776  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:22:11.0011 3776  AmdK8 - ok
16:22:11.0245 3776  [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:22:11.0572 3776  amdkmdag - ok
16:22:11.0604 3776  [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:22:11.0635 3776  amdkmdap - ok
16:22:11.0666 3776  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:22:11.0713 3776  AmdPPM - ok
16:22:11.0760 3776  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:22:11.0791 3776  amdsata - ok
16:22:11.0822 3776  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:22:11.0853 3776  amdsbs - ok
16:22:11.0869 3776  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:22:11.0900 3776  amdxata - ok
16:22:11.0916 3776  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:22:12.0087 3776  AppID - ok
16:22:12.0103 3776  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:22:12.0181 3776  AppIDSvc - ok
16:22:12.0212 3776  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:22:12.0274 3776  Appinfo - ok
16:22:12.0337 3776  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:22:12.0384 3776  AppMgmt - ok
16:22:12.0399 3776  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:22:12.0430 3776  arc - ok
16:22:12.0462 3776  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:22:12.0493 3776  arcsas - ok
16:22:12.0649 3776  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:22:12.0680 3776  aspnet_state - ok
16:22:12.0727 3776  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:22:12.0789 3776  AsyncMac - ok
16:22:12.0836 3776  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:22:12.0852 3776  atapi - ok
16:22:12.0945 3776  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:22:13.0023 3776  athr - ok
16:22:13.0086 3776  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:22:13.0195 3776  AudioEndpointBuilder - ok
16:22:13.0210 3776  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:22:13.0288 3776  AudioSrv - ok
16:22:13.0320 3776  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:22:13.0413 3776  AxInstSV - ok
16:22:13.0460 3776  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:22:13.0522 3776  b06bdrv - ok
16:22:13.0554 3776  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:22:13.0585 3776  b57nd60a - ok
16:22:13.0819 3776  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:22:13.0850 3776  BBSvc - ok
16:22:13.0959 3776  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:22:13.0990 3776  BBUpdate - ok
16:22:14.0022 3776  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:22:14.0084 3776  BDESVC - ok
16:22:14.0131 3776  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:22:14.0193 3776  Beep - ok
16:22:14.0256 3776  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:22:14.0349 3776  BFE - ok
16:22:14.0396 3776  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:22:14.0505 3776  BITS - ok
16:22:14.0552 3776  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:22:14.0568 3776  blbdrive - ok
16:22:14.0599 3776  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:22:14.0646 3776  bowser - ok
16:22:14.0661 3776  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:22:14.0724 3776  BrFiltLo - ok
16:22:14.0724 3776  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:22:14.0739 3776  BrFiltUp - ok
16:22:14.0770 3776  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:22:14.0817 3776  Browser - ok
16:22:14.0833 3776  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:22:14.0895 3776  Brserid - ok
16:22:14.0895 3776  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:22:14.0926 3776  BrSerWdm - ok
16:22:14.0942 3776  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:22:14.0973 3776  BrUsbMdm - ok
16:22:14.0973 3776  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:22:15.0004 3776  BrUsbSer - ok
16:22:15.0004 3776  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:22:15.0036 3776  BTHMODEM - ok
16:22:15.0082 3776  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:22:15.0145 3776  bthserv - ok
16:22:15.0160 3776  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:22:15.0223 3776  cdfs - ok
16:22:15.0270 3776  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:22:15.0316 3776  cdrom - ok
16:22:15.0410 3776  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:22:15.0535 3776  CertPropSvc - ok
16:22:15.0582 3776  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
16:22:15.0613 3776  circlass - ok
16:22:15.0628 3776  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:22:15.0675 3776  CLFS - ok
16:22:15.0722 3776  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:22:15.0800 3776  clr_optimization_v2.0.50727_32 - ok
16:22:15.0847 3776  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:22:15.0878 3776  clr_optimization_v2.0.50727_64 - ok
16:22:15.0940 3776  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:22:16.0050 3776  clr_optimization_v4.0.30319_32 - ok
16:22:16.0050 3776  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:22:16.0081 3776  clr_optimization_v4.0.30319_64 - ok
16:22:16.0128 3776  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:22:16.0159 3776  CmBatt - ok
16:22:16.0174 3776  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:22:16.0206 3776  cmdide - ok
16:22:16.0237 3776  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:22:16.0284 3776  CNG - ok
16:22:16.0299 3776  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:22:16.0330 3776  Compbatt - ok
16:22:16.0346 3776  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:22:16.0377 3776  CompositeBus - ok
16:22:16.0393 3776  COMSysApp - ok
16:22:16.0408 3776  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:22:16.0424 3776  crcdisk - ok
16:22:16.0471 3776  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:22:16.0518 3776  CryptSvc - ok
16:22:16.0564 3776  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
16:22:16.0642 3776  CSC - ok
16:22:16.0689 3776  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
16:22:16.0736 3776  CscService - ok
16:22:16.0783 3776  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
16:22:16.0814 3776  CVirtA - ok
16:22:16.0876 3776  [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
16:22:17.0126 3776  CVPND - ok
16:22:17.0173 3776  [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
16:22:17.0188 3776  CVPNDRVA - ok
16:22:17.0251 3776  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:22:17.0313 3776  DcomLaunch - ok
16:22:17.0344 3776  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:22:17.0438 3776  defragsvc - ok
16:22:17.0469 3776  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:22:17.0532 3776  DfsC - ok
16:22:17.0563 3776  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:22:17.0625 3776  Dhcp - ok
16:22:17.0641 3776  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:22:17.0703 3776  discache - ok
16:22:17.0750 3776  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:22:17.0766 3776  Disk - ok
16:22:17.0812 3776  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
16:22:17.0859 3776  dmvsc - ok
16:22:17.0906 3776  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
16:22:17.0922 3776  DNE - ok
16:22:17.0968 3776  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:22:18.0031 3776  Dnscache - ok
16:22:18.0062 3776  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:22:18.0124 3776  dot3svc - ok
16:22:18.0140 3776  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:22:18.0218 3776  DPS - ok
16:22:18.0249 3776  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:22:18.0296 3776  drmkaud - ok
16:22:18.0327 3776  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:22:18.0405 3776  DXGKrnl - ok
16:22:18.0436 3776  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:22:18.0514 3776  EapHost - ok
16:22:18.0592 3776  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:22:18.0686 3776  ebdrv - ok
16:22:18.0717 3776  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:22:18.0780 3776  EFS - ok
16:22:18.0858 3776  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:22:18.0920 3776  ehRecvr - ok
16:22:18.0936 3776  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:22:18.0967 3776  ehSched - ok
16:22:18.0998 3776  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
16:22:19.0029 3776  ElbyCDIO - ok
16:22:19.0076 3776  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:22:19.0107 3776  elxstor - ok
16:22:19.0123 3776  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:22:19.0154 3776  ErrDev - ok
16:22:19.0201 3776  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:22:19.0263 3776  EventSystem - ok
16:22:19.0279 3776  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:22:19.0341 3776  exfat - ok
16:22:19.0372 3776  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:22:19.0435 3776  fastfat - ok
16:22:19.0466 3776  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:22:19.0528 3776  Fax - ok
16:22:19.0544 3776  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:22:19.0575 3776  fdc - ok
16:22:19.0591 3776  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:22:19.0638 3776  fdPHost - ok
16:22:19.0653 3776  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:22:19.0716 3776  FDResPub - ok
16:22:19.0747 3776  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:22:19.0778 3776  FileInfo - ok
16:22:19.0794 3776  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:22:19.0840 3776  Filetrace - ok
16:22:19.0840 3776  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:22:19.0872 3776  flpydisk - ok
16:22:19.0887 3776  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:22:19.0903 3776  FltMgr - ok
16:22:19.0950 3776  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
16:22:20.0043 3776  FontCache - ok
16:22:20.0106 3776  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:22:20.0152 3776  FontCache3.0.0.0 - ok
16:22:20.0168 3776  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:22:20.0199 3776  FsDepends - ok
16:22:20.0230 3776  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:22:20.0246 3776  Fs_Rec - ok
16:22:20.0277 3776  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:22:20.0308 3776  fvevol - ok
16:22:20.0324 3776  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:22:20.0355 3776  gagp30kx - ok
16:22:20.0386 3776  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:22:20.0464 3776  gpsvc - ok
16:22:20.0480 3776  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:22:20.0558 3776  hcw85cir - ok
16:22:20.0574 3776  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:22:20.0636 3776  HdAudAddService - ok
16:22:20.0667 3776  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:22:20.0714 3776  HDAudBus - ok
16:22:20.0776 3776  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:22:20.0792 3776  HECIx64 - ok
16:22:20.0808 3776  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:22:20.0854 3776  HidBatt - ok
16:22:20.0854 3776  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:22:20.0932 3776  HidBth - ok
16:22:20.0932 3776  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:22:20.0964 3776  HidIr - ok
16:22:20.0995 3776  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:22:21.0057 3776  hidserv - ok
16:22:21.0088 3776  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:22:21.0120 3776  HidUsb - ok
16:22:21.0151 3776  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:22:21.0260 3776  hkmsvc - ok
16:22:21.0276 3776  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:22:21.0354 3776  HomeGroupListener - ok
16:22:21.0385 3776  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:22:21.0432 3776  HomeGroupProvider - ok
16:22:21.0478 3776  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:22:21.0494 3776  HpSAMD - ok
16:22:21.0541 3776  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:22:21.0634 3776  HTTP - ok
16:22:21.0650 3776  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:22:21.0681 3776  hwpolicy - ok
16:22:21.0697 3776  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:22:21.0728 3776  i8042prt - ok
16:22:21.0775 3776  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:22:21.0806 3776  iaStorV - ok
16:22:21.0868 3776  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:22:21.0993 3776  idsvc - ok
16:22:22.0009 3776  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:22:22.0024 3776  iirsp - ok
16:22:22.0071 3776  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:22:22.0165 3776  IKEEXT - ok
16:22:22.0212 3776  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
16:22:22.0243 3776  Impcd - ok
16:22:22.0274 3776  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:22:22.0290 3776  intelide - ok
16:22:22.0321 3776  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:22:22.0352 3776  intelppm - ok
16:22:22.0383 3776  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:22:22.0446 3776  IPBusEnum - ok
16:22:22.0461 3776  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:22:22.0524 3776  IpFilterDriver - ok
16:22:22.0570 3776  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:22:22.0617 3776  iphlpsvc - ok
16:22:22.0648 3776  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:22:22.0695 3776  IPMIDRV - ok
16:22:22.0711 3776  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:22:22.0789 3776  IPNAT - ok
16:22:22.0804 3776  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:22:22.0836 3776  IRENUM - ok
16:22:22.0851 3776  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:22:22.0867 3776  isapnp - ok
16:22:22.0898 3776  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:22:22.0914 3776  iScsiPrt - ok
16:22:22.0960 3776  [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
16:22:22.0992 3776  k57nd60a - ok
16:22:23.0023 3776  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:22:23.0054 3776  kbdclass - ok
16:22:23.0070 3776  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:22:23.0101 3776  kbdhid - ok
16:22:23.0116 3776  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:22:23.0148 3776  KeyIso - ok
16:22:23.0194 3776  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:22:23.0210 3776  KSecDD - ok
16:22:23.0226 3776  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:22:23.0241 3776  KSecPkg - ok
16:22:23.0288 3776  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:22:23.0350 3776  ksthunk - ok
16:22:23.0397 3776  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:22:23.0460 3776  KtmRm - ok
16:22:23.0491 3776  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:22:23.0553 3776  LanmanServer - ok
16:22:23.0584 3776  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:22:23.0647 3776  LanmanWorkstation - ok
16:22:23.0678 3776  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:22:23.0740 3776  lltdio - ok
16:22:23.0772 3776  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:22:23.0865 3776  lltdsvc - ok
16:22:23.0881 3776  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:22:23.0928 3776  lmhosts - ok
16:22:23.0990 3776  [ DBC1136A62BD4DECC3632DF650284C2E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:22:24.0099 3776  LMS - ok
16:22:24.0146 3776  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:22:24.0177 3776  LSI_FC - ok
16:22:24.0193 3776  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:22:24.0208 3776  LSI_SAS - ok
16:22:24.0224 3776  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:22:24.0255 3776  LSI_SAS2 - ok
16:22:24.0271 3776  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:22:24.0286 3776  LSI_SCSI - ok
16:22:24.0302 3776  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:22:24.0364 3776  luafv - ok
16:22:24.0505 3776  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
16:22:24.0645 3776  LVUVC64 - ok
16:22:24.0692 3776  [ 741083526BA1C6217D7E664BB86CFA62 ] lxdoCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe
16:22:24.0754 3776  lxdoCATSCustConnectService - ok
16:22:24.0801 3776  lxdo_device - ok
16:22:24.0817 3776  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:22:24.0864 3776  Mcx2Svc - ok
16:22:24.0895 3776  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:22:24.0910 3776  megasas - ok
16:22:24.0942 3776  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:22:24.0973 3776  MegaSR - ok
16:22:25.0066 3776  Microsoft SharePoint Workspace Audit Service - ok
16:22:25.0098 3776  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:22:25.0160 3776  MMCSS - ok
16:22:25.0191 3776  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:22:25.0238 3776  Modem - ok
16:22:25.0285 3776  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:22:25.0316 3776  monitor - ok
16:22:25.0347 3776  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:22:25.0363 3776  mouclass - ok
16:22:25.0378 3776  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:22:25.0410 3776  mouhid - ok
16:22:25.0425 3776  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:22:25.0456 3776  mountmgr - ok
16:22:25.0519 3776  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:22:25.0581 3776  MozillaMaintenance - ok
16:22:25.0628 3776  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:22:25.0659 3776  mpio - ok
16:22:25.0706 3776  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:22:25.0753 3776  mpsdrv - ok
16:22:26.0002 3776  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:22:26.0065 3776  MpsSvc - ok
16:22:26.0096 3776  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:22:26.0127 3776  MRxDAV - ok
16:22:26.0158 3776  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:22:26.0221 3776  mrxsmb - ok
16:22:26.0252 3776  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:22:26.0268 3776  mrxsmb10 - ok
16:22:26.0283 3776  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:22:26.0314 3776  mrxsmb20 - ok
16:22:26.0330 3776  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:22:26.0361 3776  msahci - ok
16:22:26.0377 3776  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:22:26.0408 3776  msdsm - ok
16:22:26.0424 3776  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:22:26.0470 3776  MSDTC - ok
16:22:26.0486 3776  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:22:26.0533 3776  Msfs - ok
16:22:26.0564 3776  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:22:26.0626 3776  mshidkmdf - ok
16:22:26.0642 3776  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:22:26.0673 3776  msisadrv - ok
16:22:26.0689 3776  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:22:26.0782 3776  MSiSCSI - ok
16:22:26.0782 3776  msiserver - ok
16:22:26.0814 3776  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:22:26.0876 3776  MSKSSRV - ok
16:22:26.0907 3776  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:22:26.0970 3776  MSPCLOCK - ok
16:22:26.0985 3776  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:22:27.0048 3776  MSPQM - ok
16:22:27.0063 3776  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:22:27.0094 3776  MsRPC - ok
16:22:27.0126 3776  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:22:27.0141 3776  mssmbios - ok
16:22:27.0172 3776  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:22:27.0250 3776  MSTEE - ok
16:22:27.0250 3776  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:22:27.0282 3776  MTConfig - ok
16:22:27.0297 3776  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:22:27.0328 3776  Mup - ok
16:22:27.0360 3776  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:22:27.0438 3776  napagent - ok
16:22:27.0469 3776  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:22:27.0516 3776  NativeWifiP - ok
16:22:27.0578 3776  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:22:27.0640 3776  NDIS - ok
16:22:27.0672 3776  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:22:27.0718 3776  NdisCap - ok
16:22:27.0750 3776  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:22:27.0796 3776  NdisTapi - ok
16:22:27.0828 3776  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:22:27.0890 3776  Ndisuio - ok
16:22:27.0921 3776  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:27.0968 3776  NdisWan - ok
16:22:27.0999 3776  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:22:28.0046 3776  NDProxy - ok
16:22:28.0062 3776  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:22:28.0124 3776  NetBIOS - ok
16:22:28.0140 3776  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:22:28.0202 3776  NetBT - ok
16:22:28.0233 3776  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:22:28.0249 3776  Netlogon - ok
16:22:28.0296 3776  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:22:28.0374 3776  Netman - ok
16:22:28.0421 3776  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:28.0499 3776  NetMsmqActivator - ok
16:22:28.0499 3776  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:28.0577 3776  NetPipeActivator - ok
16:22:28.0608 3776  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:22:28.0701 3776  netprofm - ok
16:22:28.0701 3776  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:28.0779 3776  NetTcpActivator - ok
16:22:28.0795 3776  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:28.0873 3776  NetTcpPortSharing - ok
16:22:28.0904 3776  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:22:28.0935 3776  nfrd960 - ok
16:22:28.0967 3776  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:22:29.0013 3776  NlaSvc - ok
16:22:29.0029 3776  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:22:29.0091 3776  Npfs - ok
16:22:29.0107 3776  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:22:29.0169 3776  nsi - ok
16:22:29.0185 3776  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:22:29.0263 3776  nsiproxy - ok
16:22:29.0325 3776  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:22:29.0419 3776  Ntfs - ok
16:22:29.0435 3776  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:22:29.0497 3776  Null - ok
16:22:29.0559 3776  [ AF01555FCE33E082620FBCAD1FE94659 ] NUMARK_OMNICONTROL C:\Windows\system32\Drivers\nkc2_usb.sys
16:22:29.0591 3776  NUMARK_OMNICONTROL - ok
16:22:29.0622 3776  [ 971EFC2F6B5B0211B6A72DE9B8FA592C ] NUMARK_OMNICONTROL_MIDI C:\Windows\system32\drivers\nkc2midi.sys
16:22:29.0653 3776  NUMARK_OMNICONTROL_MIDI - ok
16:22:29.0700 3776  [ 32AE97717A9876390FFC1632A6E5D93C ] NUMARK_OMNICONTROL_WDM C:\Windows\system32\drivers\nkc2_wdm.sys
16:22:29.0715 3776  NUMARK_OMNICONTROL_WDM - ok
16:22:29.0762 3776  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:22:29.0778 3776  nvraid - ok
16:22:29.0809 3776  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:22:29.0825 3776  nvstor - ok
16:22:29.0840 3776  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:22:29.0871 3776  nv_agp - ok
16:22:29.0887 3776  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:22:29.0903 3776  ohci1394 - ok
16:22:29.0981 3776  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:22:30.0012 3776  ose64 - ok
16:22:30.0168 3776  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:22:30.0683 3776  osppsvc - ok
16:22:30.0792 3776  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:22:30.0854 3776  p2pimsvc - ok
16:22:30.0885 3776  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:22:30.0917 3776  p2psvc - ok
16:22:30.0932 3776  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
16:22:30.0963 3776  Parport - ok
16:22:31.0026 3776  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:22:31.0057 3776  partmgr - ok
16:22:31.0073 3776  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:22:31.0119 3776  PcaSvc - ok
16:22:31.0135 3776  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:22:31.0166 3776  pci - ok
16:22:31.0182 3776  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:22:31.0213 3776  pciide - ok
16:22:31.0229 3776  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:22:31.0260 3776  pcmcia - ok
16:22:31.0275 3776  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:22:31.0291 3776  pcw - ok
16:22:31.0400 3776  [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
16:22:31.0931 3776  PDF Architect Helper Service - ok
16:22:32.0040 3776  [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
16:22:32.0102 3776  PDF Architect Service - ok
16:22:32.0133 3776  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:22:32.0180 3776  PEAUTH - ok
16:22:32.0227 3776  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:22:32.0321 3776  PeerDistSvc - ok
16:22:32.0430 3776  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:22:32.0461 3776  PerfHost - ok
16:22:32.0523 3776  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:22:32.0617 3776  pla - ok
16:22:32.0648 3776  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:22:32.0711 3776  PlugPlay - ok
16:22:32.0742 3776  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:22:32.0773 3776  PNRPAutoReg - ok
16:22:32.0851 3776  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:22:32.0867 3776  PNRPsvc - ok
16:22:32.0913 3776  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:22:32.0991 3776  PolicyAgent - ok
16:22:33.0023 3776  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:22:33.0085 3776  Power - ok
16:22:33.0116 3776  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:22:33.0194 3776  PptpMiniport - ok
16:22:33.0210 3776  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:22:33.0257 3776  Processor - ok
16:22:33.0288 3776  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:22:33.0350 3776  ProfSvc - ok
16:22:33.0350 3776  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:22:33.0381 3776  ProtectedStorage - ok
16:22:33.0397 3776  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:22:33.0459 3776  Psched - ok
16:22:33.0522 3776  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:22:33.0584 3776  ql2300 - ok
16:22:33.0600 3776  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:22:33.0615 3776  ql40xx - ok
16:22:33.0647 3776  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:22:33.0678 3776  QWAVE - ok
16:22:33.0693 3776  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:22:33.0740 3776  QWAVEdrv - ok
16:22:33.0756 3776  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:22:33.0803 3776  RasAcd - ok
16:22:33.0849 3776  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:22:33.0896 3776  RasAgileVpn - ok
16:22:33.0912 3776  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:22:34.0005 3776  RasAuto - ok
16:22:34.0021 3776  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:22:34.0099 3776  Rasl2tp - ok
16:22:34.0130 3776  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:22:34.0193 3776  RasMan - ok
16:22:34.0208 3776  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:22:34.0271 3776  RasPppoe - ok
16:22:34.0286 3776  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:22:34.0349 3776  RasSstp - ok
16:22:34.0364 3776  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:22:34.0442 3776  rdbss - ok
16:22:34.0473 3776  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:22:34.0505 3776  rdpbus - ok
16:22:34.0520 3776  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:22:34.0583 3776  RDPCDD - ok
16:22:34.0629 3776  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:22:34.0661 3776  RDPDR - ok
16:22:34.0676 3776  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:22:34.0739 3776  RDPENCDD - ok
16:22:34.0785 3776  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:22:34.0832 3776  RDPREFMP - ok
16:22:34.0863 3776  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:22:34.0895 3776  RDPWD - ok
16:22:34.0926 3776  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:22:34.0957 3776  rdyboost - ok
16:22:34.0973 3776  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:22:35.0035 3776  RemoteAccess - ok
16:22:35.0066 3776  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:22:35.0113 3776  RemoteRegistry - ok
16:22:35.0129 3776  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:22:35.0191 3776  RpcEptMapper - ok
16:22:35.0207 3776  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:22:35.0238 3776  RpcLocator - ok
16:22:35.0253 3776  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:22:35.0300 3776  RpcSs - ok
16:22:35.0347 3776  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:22:35.0394 3776  rspndr - ok
16:22:35.0425 3776  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
16:22:35.0456 3776  s3cap - ok
16:22:35.0472 3776  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:22:35.0503 3776  SamSs - ok
16:22:35.0597 3776  [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\Sandra.sys
16:22:35.0628 3776  SANDRA - ok
16:22:35.0659 3776  [ 6858620E6EF1DF704366ACD45A317AD2 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe
16:22:35.0721 3776  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
16:22:35.0721 3776  SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
16:22:35.0799 3776  [ 4DCFF3FC0FB89384D22AE35144B44D8A ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
16:22:35.0831 3776  SAVAdminService - ok
16:22:35.0862 3776  [ C3999EF390EB460A636E9FFBA040BF8A ] SAVOnAccess     C:\Windows\system32\DRIVERS\savonaccess.sys
16:22:35.0893 3776  SAVOnAccess - ok
16:22:35.0909 3776  [ D31E18B53B0E52C234568BB61EEC7940 ] SAVService      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
16:22:35.0940 3776  SAVService - ok
16:22:35.0955 3776  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:22:35.0987 3776  sbp2port - ok
16:22:36.0018 3776  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:22:36.0065 3776  SCardSvr - ok
16:22:36.0096 3776  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:22:36.0158 3776  scfilter - ok
16:22:36.0189 3776  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:22:36.0299 3776  Schedule - ok
16:22:36.0330 3776  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:22:36.0377 3776  SCPolicySvc - ok
16:22:36.0408 3776  [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter       C:\Windows\system32\DRIVERS\sdcfilter.sys
16:22:36.0423 3776  sdcfilter - ok
16:22:36.0455 3776  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:22:36.0517 3776  SDRSVC - ok
16:22:36.0548 3776  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:22:36.0611 3776  secdrv - ok
16:22:36.0626 3776  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:22:36.0673 3776  seclogon - ok
16:22:36.0689 3776  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:22:36.0751 3776  SENS - ok
16:22:36.0767 3776  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:22:36.0829 3776  SensrSvc - ok
16:22:36.0829 3776  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:22:36.0876 3776  Serenum - ok
16:22:36.0907 3776  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
16:22:36.0938 3776  Serial - ok
16:22:36.0954 3776  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:22:36.0969 3776  sermouse - ok
16:22:37.0001 3776  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:22:37.0063 3776  SessionEnv - ok
16:22:37.0063 3776  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:22:37.0094 3776  sffdisk - ok
16:22:37.0110 3776  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:22:37.0141 3776  sffp_mmc - ok
16:22:37.0141 3776  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:22:37.0172 3776  sffp_sd - ok
16:22:37.0172 3776  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:22:37.0203 3776  sfloppy - ok
16:22:37.0235 3776  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:22:37.0578 3776  SharedAccess - ok
16:22:37.0749 3776  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:22:37.0812 3776  ShellHWDetection - ok
16:22:37.0859 3776  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:22:37.0890 3776  SiSRaid2 - ok
16:22:37.0905 3776  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:22:37.0937 3776  SiSRaid4 - ok
16:22:37.0999 3776  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:22:38.0202 3776  SkypeUpdate - ok
16:22:38.0217 3776  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:22:38.0264 3776  Smb - ok
16:22:38.0311 3776  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:22:38.0358 3776  SNMPTRAP - ok
16:22:38.0420 3776  [ 3F04E2F60FEAAF96D144C9462575FD24 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
16:22:38.0451 3776  Sophos AutoUpdate Service - ok
16:22:38.0498 3776  [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
16:22:38.0576 3776  Sophos Web Control Service - ok
16:22:38.0607 3776  [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
16:22:38.0623 3776  SophosBootDriver - ok
16:22:38.0639 3776  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:22:38.0670 3776  spldr - ok
16:22:38.0717 3776  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:22:38.0763 3776  Spooler - ok
16:22:38.0873 3776  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:22:39.0153 3776  sppsvc - ok
16:22:39.0216 3776  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:22:39.0341 3776  sppuinotify - ok
16:22:39.0512 3776  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:22:39.0575 3776  srv - ok
16:22:39.0590 3776  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:22:39.0637 3776  srv2 - ok
16:22:39.0684 3776  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:22:39.0699 3776  srvnet - ok
16:22:39.0746 3776  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:22:39.0809 3776  SSDPSRV - ok
16:22:39.0824 3776  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:22:39.0871 3776  SstpSvc - ok
16:22:39.0902 3776  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:22:39.0933 3776  stexstor - ok
16:22:39.0965 3776  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:22:39.0996 3776  stisvc - ok
16:22:40.0027 3776  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:22:40.0043 3776  storflt - ok
16:22:40.0074 3776  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
16:22:40.0121 3776  StorSvc - ok
16:22:40.0167 3776  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:22:40.0183 3776  storvsc - ok
16:22:40.0261 3776  [ DD7F11E64E90043B895724DBDC668CD7 ] STRATO HiDrive Service C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
16:22:40.0277 3776  STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - warning
16:22:40.0277 3776  STRATO HiDrive Service - detected UnsignedFile.Multi.Generic (1)
16:22:40.0308 3776  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:22:40.0323 3776  swenum - ok
16:22:40.0433 3776  [ 4402D541DA0413CB128D0455E9753B60 ] swi_service     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
16:22:40.0854 3776  swi_service - ok
16:22:40.0947 3776  [ 79FF2406BB7EB7DACB12EE3DBF8F91AE ] swi_update_64   C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
16:22:41.0072 3776  swi_update_64 - ok
16:22:41.0088 3776  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:22:41.0166 3776  swprv - ok
16:22:41.0213 3776  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:22:41.0337 3776  SysMain - ok
16:22:41.0369 3776  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:22:41.0400 3776  TabletInputService - ok
16:22:41.0431 3776  [ BCD6A90D6FD757CE9C29DDC850F7F231 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
16:22:41.0478 3776  tap0901 - ok
16:22:41.0509 3776  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:22:41.0571 3776  TapiSrv - ok
16:22:41.0587 3776  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:22:41.0634 3776  TBS - ok
16:22:41.0712 3776  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:22:41.0821 3776  Tcpip - ok
16:22:41.0868 3776  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:22:41.0930 3776  TCPIP6 - ok
16:22:41.0977 3776  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:22:42.0008 3776  tcpipreg - ok
16:22:42.0024 3776  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:22:42.0086 3776  TDPIPE - ok
16:22:42.0117 3776  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:22:42.0149 3776  TDTCP - ok
16:22:42.0164 3776  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:22:42.0211 3776  tdx - ok
16:22:42.0227 3776  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:22:42.0258 3776  TermDD - ok
16:22:42.0289 3776  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:22:42.0383 3776  TermService - ok
16:22:42.0398 3776  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:22:42.0414 3776  Themes - ok
16:22:42.0429 3776  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:22:42.0492 3776  THREADORDER - ok
16:22:42.0492 3776  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:22:42.0570 3776  TrkWks - ok
16:22:42.0617 3776  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:22:42.0679 3776  TrustedInstaller - ok
16:22:42.0710 3776  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:22:42.0773 3776  tssecsrv - ok
16:22:42.0788 3776  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:22:42.0819 3776  TsUsbFlt - ok
16:22:42.0835 3776  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:22:42.0866 3776  TsUsbGD - ok
16:22:42.0897 3776  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:22:42.0960 3776  tunnel - ok
16:22:42.0975 3776  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:22:42.0991 3776  uagp35 - ok
16:22:43.0007 3776  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:22:43.0069 3776  udfs - ok
16:22:43.0116 3776  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:22:43.0131 3776  UI0Detect - ok
16:22:43.0147 3776  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:22:43.0163 3776  uliagpkx - ok
16:22:43.0194 3776  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:22:43.0225 3776  umbus - ok
16:22:43.0241 3776  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:22:43.0272 3776  UmPass - ok
16:22:43.0303 3776  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
16:22:43.0350 3776  UmRdpService - ok
16:22:43.0412 3776  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:22:43.0459 3776  UMVPFSrv - ok
16:22:43.0584 3776  [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:22:43.0943 3776  UNS - ok
16:22:43.0974 3776  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:22:44.0021 3776  upnphost - ok
16:22:44.0083 3776  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:22:44.0114 3776  usbaudio - ok
16:22:44.0145 3776  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:22:44.0177 3776  usbccgp - ok
16:22:44.0223 3776  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:22:44.0255 3776  usbcir - ok
16:22:44.0255 3776  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:22:44.0301 3776  usbehci - ok
16:22:44.0333 3776  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:22:44.0379 3776  usbhub - ok
16:22:44.0411 3776  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:22:44.0442 3776  usbohci - ok
16:22:44.0473 3776  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:22:44.0520 3776  usbprint - ok
16:22:44.0551 3776  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:22:44.0567 3776  usbscan - ok
16:22:44.0613 3776  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:22:44.0676 3776  USBSTOR - ok
16:22:44.0707 3776  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:22:44.0754 3776  usbuhci - ok
16:22:44.0785 3776  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:22:44.0816 3776  usbvideo - ok
16:22:44.0847 3776  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:22:44.0910 3776  UxSms - ok
16:22:44.0925 3776  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:22:44.0941 3776  VaultSvc - ok
16:22:44.0972 3776  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
16:22:45.0019 3776  VClone - ok
16:22:45.0050 3776  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:22:45.0081 3776  vdrvroot - ok
16:22:45.0113 3776  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:22:45.0191 3776  vds - ok
16:22:45.0206 3776  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:22:45.0237 3776  vga - ok
16:22:45.0253 3776  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:22:45.0315 3776  VgaSave - ok
16:22:45.0347 3776  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:22:45.0362 3776  vhdmp - ok
16:22:45.0378 3776  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:22:45.0409 3776  viaide - ok
16:22:45.0440 3776  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:22:45.0471 3776  vmbus - ok
16:22:45.0487 3776  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:22:45.0518 3776  VMBusHID - ok
16:22:45.0534 3776  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:22:45.0549 3776  volmgr - ok
16:22:45.0581 3776  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:22:45.0612 3776  volmgrx - ok
16:22:45.0627 3776  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:22:45.0659 3776  volsnap - ok
16:22:45.0721 3776  [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
16:22:45.0768 3776  vpnagent - ok
16:22:45.0799 3776  [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
16:22:45.0815 3776  vpnva - ok
16:22:45.0908 3776  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:22:45.0939 3776  vsmraid - ok
16:22:46.0002 3776  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:22:46.0111 3776  VSS - ok
16:22:46.0127 3776  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:22:46.0173 3776  vwifibus - ok
16:22:46.0189 3776  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:22:46.0236 3776  vwififlt - ok
16:22:46.0267 3776  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:22:46.0329 3776  W32Time - ok
16:22:46.0345 3776  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:22:46.0392 3776  WacomPen - ok
16:22:46.0423 3776  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:22:46.0485 3776  WANARP - ok
16:22:46.0485 3776  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:22:46.0548 3776  Wanarpv6 - ok
16:22:46.0626 3776  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:22:46.0860 3776  WatAdminSvc - ok
16:22:46.0922 3776  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:22:47.0000 3776  wbengine - ok
16:22:47.0016 3776  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:22:47.0047 3776  WbioSrvc - ok
16:22:47.0063 3776  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:22:47.0109 3776  wcncsvc - ok
16:22:47.0141 3776  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:22:47.0172 3776  WcsPlugInService - ok
16:22:47.0203 3776  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:22:47.0219 3776  Wd - ok
16:22:47.0265 3776  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:22:47.0328 3776  Wdf01000 - ok
16:22:47.0359 3776  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:22:47.0453 3776  WdiServiceHost - ok
16:22:47.0453 3776  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:22:47.0468 3776  WdiSystemHost - ok
16:22:47.0499 3776  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:22:47.0531 3776  WebClient - ok
16:22:47.0546 3776  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:22:47.0624 3776  Wecsvc - ok
16:22:47.0640 3776  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:22:47.0733 3776  wercplsupport - ok
16:22:47.0749 3776  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:22:47.0796 3776  WerSvc - ok
16:22:47.0827 3776  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:22:47.0874 3776  WfpLwf - ok
16:22:47.0889 3776  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:22:47.0921 3776  WIMMount - ok
16:22:47.0921 3776  WinDefend - ok
16:22:47.0936 3776  WinHttpAutoProxySvc - ok
16:22:47.0983 3776  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:22:48.0045 3776  Winmgmt - ok
16:22:48.0092 3776  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:22:48.0217 3776  WinRM - ok
16:22:48.0295 3776  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:22:48.0311 3776  WinUsb - ok
16:22:48.0357 3776  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:22:48.0435 3776  Wlansvc - ok
16:22:48.0560 3776  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:22:48.0685 3776  wlidsvc - ok
16:22:48.0732 3776  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:22:48.0763 3776  WmiAcpi - ok
16:22:48.0794 3776  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:22:48.0841 3776  wmiApSrv - ok
16:22:48.0872 3776  WMPNetworkSvc - ok
16:22:48.0888 3776  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:22:48.0935 3776  WPCSvc - ok
16:22:48.0950 3776  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:22:48.0966 3776  WPDBusEnum - ok
16:22:48.0997 3776  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:22:49.0044 3776  ws2ifsl - ok
16:22:49.0059 3776  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:22:49.0106 3776  wscsvc - ok
16:22:49.0106 3776  WSearch - ok
16:22:49.0184 3776  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:22:49.0262 3776  wuauserv - ok
16:22:49.0309 3776  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:22:49.0356 3776  WudfPf - ok
16:22:49.0403 3776  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:22:49.0434 3776  WUDFRd - ok
16:22:49.0449 3776  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:22:49.0496 3776  wudfsvc - ok
16:22:49.0527 3776  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:22:49.0574 3776  WwanSvc - ok
16:22:49.0590 3776  ================ Scan global ===============================
16:22:49.0621 3776  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:22:49.0652 3776  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:22:49.0668 3776  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:22:49.0699 3776  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:22:49.0715 3776  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:22:49.0730 3776  [Global] - ok
16:22:49.0730 3776  ================ Scan MBR ==================================
16:22:49.0730 3776  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:22:50.0042 3776  \Device\Harddisk0\DR0 - ok
16:22:50.0042 3776  ================ Scan VBR ==================================
16:22:50.0042 3776  [ 735BB88FCCDA8BAD577C2EA8634FEA12 ] \Device\Harddisk0\DR0\Partition1
16:22:50.0042 3776  \Device\Harddisk0\DR0\Partition1 - ok
16:22:50.0073 3776  [ 1CF061B5F50898AB2EF5F4C56B1429D1 ] \Device\Harddisk0\DR0\Partition2
16:22:50.0073 3776  \Device\Harddisk0\DR0\Partition2 - ok
16:22:50.0089 3776  [ C386196624BF0EAECD0DA9BCF79B3CCC ] \Device\Harddisk0\DR0\Partition3
16:22:50.0105 3776  \Device\Harddisk0\DR0\Partition3 - ok
16:22:50.0105 3776  ============================================================
16:22:50.0105 3776  Scan finished
16:22:50.0105 3776  ============================================================
16:22:50.0105 2004  Detected object count: 2
16:22:50.0105 2004  Actual detected object count: 2
16:23:01.0976 2004  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:01.0976 2004  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:23:01.0992 2004  STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:01.0992 2004  STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 17.12.2012, 17:53   #8
markusg
/// Malware-holic
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.12.2012, 09:21   #9
Virusgeplagt
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hier die Meldung:
Code:
ATTFilter
ComboFix 12-12-17.02 - Daniela 18.12.2012   8:56.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.3956.1441 [GMT 1:00]
ausgeführt von:: c:\users\Daniela\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\Funmoods
c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Uninstall.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.dll
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Daniela\AppData\Local\Vid-Saver
c:\users\Daniela\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-18 bis 2012-12-18  ))))))))))))))))))))))))))))))
.
.
2012-12-18 08:02 . 2012-12-18 08:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-18 07:53 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{24676217-802E-4D4A-A5D7-42DC1A13FA78}\mpengine.dll
2012-12-17 08:35 . 2012-12-17 08:35	--------	d-----w-	c:\users\Daniela\AppData\Roaming\Malwarebytes
2012-12-17 08:35 . 2012-12-17 08:35	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-17 08:34 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-17 08:34 . 2012-12-17 08:35	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-16 00:22 . 2012-12-16 00:22	8281168	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-12-15 20:04 . 2012-12-15 20:04	--------	d-----w-	c:\users\Guest
2012-12-14 18:37 . 2012-12-14 18:37	73728	----a-r-	c:\users\Daniela\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-14 18:37 . 2012-12-14 18:37	73728	----a-r-	c:\users\Daniela\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-14 18:37 . 2012-12-14 18:37	73728	----a-r-	c:\users\Daniela\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-12-14 14:30 . 2012-12-14 14:30	--------	d-----w-	c:\program files\7-Zip
2012-12-14 13:47 . 2012-12-14 13:47	--------	d-----w-	c:\program files (x86)\Common Files\Sophos
2012-12-14 13:45 . 2012-12-14 13:45	154952	----a-w-	c:\windows\system32\drivers\savonaccess.sys
2012-12-13 08:44 . 2012-12-13 08:44	--------	d-----w-	c:\programdata\PDF Architect
2012-12-13 08:40 . 2012-12-13 08:40	--------	d-----w-	c:\users\Daniela\AppData\Roaming\PDF Architect
2012-12-13 08:34 . 2012-12-13 08:34	--------	d-----w-	c:\users\Daniela\AppData\Roaming\APP_NAME_NON_STRING
2012-12-13 08:34 . 2012-12-13 08:34	--------	d-----w-	c:\program files (x86)\PDF Architect
2012-12-13 08:33 . 2012-12-13 08:33	--------	d-----w-	c:\users\Daniela\AppData\Roaming\pdfforge
2012-12-13 08:33 . 2012-05-05 09:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2012-12-13 08:33 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-12-13 08:33 . 2012-05-05 09:54	1071088	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2012-12-13 08:33 . 2012-10-28 17:32	103936	----a-w-	c:\windows\system32\pdfcmon.dll
2012-12-13 08:33 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-12-13 08:33 . 1998-07-06 16:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2012-12-13 08:33 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-12-13 08:33 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-12-13 08:33 . 2012-12-13 08:34	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-12-13 08:32 . 2012-12-13 08:32	--------	d-----w-	c:\users\Daniela\AppData\Local\Programs
2012-12-13 08:01 . 2012-12-13 08:01	--------	d-----w-	c:\program files (x86)\PDF Blender
2012-12-13 06:26 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-13 06:26 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-13 06:26 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-13 06:26 . 2012-11-05 21:35	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-13 06:26 . 2012-11-05 20:41	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-13 06:26 . 2012-11-05 20:32	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-13 06:26 . 2012-11-05 20:32	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-13 06:26 . 2012-10-04 17:41	424960	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-22 18:24 . 2012-11-22 18:24	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-11-22 18:24 . 2012-11-22 18:24	--------	d-----r-	c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 13:42 . 2012-04-09 14:26	37440	----a-w-	c:\windows\system32\SophosBootTasks.exe
2012-10-16 08:38 . 2012-11-28 20:42	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 20:42	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 20:42	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 07:25	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 07:25	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 07:25	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 07:25	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 06:25	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 07:24	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 07:24	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 07:24	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 07:24	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 07:24	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 07:24	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 07:24	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 07:24	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 07:24	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 07:24	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 07:24	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-26 14:56 . 2012-09-26 14:56	10744	----a-w-	c:\windows\SysWow64\vpncategories.dll
2012-09-26 14:56 . 2012-09-26 14:56	33272	----a-w-	c:\windows\SysWow64\vpnevents.dll
2012-09-26 14:45 . 2012-09-26 14:45	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-09-25 22:47 . 2012-11-15 07:24	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 07:24	95744	----a-w-	c:\windows\system32\synceng.dll
2012-09-24 14:32 . 2012-09-18 05:52	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 14:32 . 2012-04-13 16:49	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\appbario8\prxtbappb.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-11-22 16:05	91784	----a-w-	c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-11-22 731784]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-12-14 928832]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-09-26 522232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
c:\users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
tbhcn.lnk - c:\users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe [2012-7-2 695448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe [2007-09-20 1039360]
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe [2007-07-17 28672]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-12-14 2010688]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 NUMARK_OMNICONTROL;Numark OMNI CONTROL USB driver;c:\windows\system32\Drivers\nkc2_usb.sys [2010-04-22 399936]
R3 NUMARK_OMNICONTROL_MIDI;Numark OMNI CONTROL WDM MIDI Device;c:\windows\system32\drivers\nkc2midi.sys [2010-04-22 31296]
R3 NUMARK_OMNICONTROL_WDM;Numark OMNI CONTROL WDM;c:\windows\system32\drivers\nkc2_wdm.sys [2010-04-22 50240]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe [2009-06-13 68760]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-10-01 36640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-03 1255736]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-08-25 25608]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-12-14 154952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-12-14 216640]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-12-14 159296]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-06-07 357400]
S2 STRATO HiDrive Service;STRATO HiDrive Service;c:\program files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [2011-11-14 32768]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-12-14 2878016]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-09-26 479224]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-09-26 107432]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2012-07-25 151936]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 67909608
*NewlyCreated* - ACSOCK
*Deregistered* - 67909608
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-17 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2012-04-13 01:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files (x86)\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files (x86)\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
mStart Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SpecialSavings\SpecialSavingsSinged.dll
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.178.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - 
FF - ProfilePath - c:\users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e&tlver=1.5.29.1&instlRef=sst&babTrack&q=
FF - ExtSQL: 2012-12-06 16:13; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-06 16:13; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-13 09:34; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2012-12-14 14:36; toolbar@web.de; c:\users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\toolbar@web.de.xpi
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=3012_1
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - aea5bcf1000000000000701a04b1ba1e
FF - user.js: extensions.BabylonToolbar.instlDay - 15545
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.120:02
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583&q=
FF - user.js: extensions.funmoods.id - 701A04B1BA1EBCF1
FF - user.js: extensions.funmoods.instlDay - 15545
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:3:43
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - sware
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - sware
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
BHO-{11111111-1111-1111-1111-110011341191} - c:\program files (x86)\Vid-Saver\Vid-Saver.dll
WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-funmoods - c:\progra~2\Funmoods\1.5.23.22\uninstall.exe
AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe
AddRemove-WinLiveSuite - c:\program files (x86)\Windows Live\Installer\wlarp.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-18  09:05:23
ComboFix-quarantined-files.txt  2012-12-18 08:05
.
Vor Suchlauf: 17.154.818.048 bytes free
Nach Suchlauf: 18.602.905.600 bytes free
.
- - End Of File - - 23B56FCBB1B8275D59A873CC844AD85A
         

Alt 18.12.2012, 15:34   #10
markusg
/// Malware-holic
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hi,
jetzt bitte Malwarebytes, über die Registerkarte aktualisieren, updaten.
Dann vollständiger Scan, log posten, Funde vorher löschen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.12.2012, 00:10   #11
Virusgeplagt
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniela :: DANIELA-PC [Administrator]

18.12.2012 20:08:48
mbam-log-2012-12-18 (20-08-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 546125
Laufzeit: 1 Stunde(n), 13 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 24
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Daten: Vid-Saver -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 6
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Guest\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Guest\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 85
C:\Program Files (x86)\Uninstall Information\ib_uninst_342\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_343\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Daniela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Program Files (x86)\Vid-Saver\Uninstall.exe.vir (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 19.12.2012, 00:27   #12
markusg
/// Malware-holic
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Hi
Hast du die Funde gelöscht? Falls nein, musst du es tun.
Dann neustarten bitte.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.12.2012, 10:21   #13
Virusgeplagt
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Löschen im Sinne von "Logdatein löschen" oder die gefundenen Datein anklicken und "Entfernen"?
Danke!!!

Alt 19.12.2012, 13:58   #14
markusg
/// Malware-holic
 
C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Standard

C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden



Na, das löschen der Logs bringts wohl nicht :-)
Bitte alles gefundene anklicken, und entfernen :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden
administrator, anti-malware, appdata, autostart, browser, code, dateien, entfernen, ergebnis, explorer, fix, folge, forum, funktioniert, google, helper, ibupdaterservice, infizierte, install.exe, jquery, malwarebytes, microsoft, pc performer, performer, probleme, prozess, software, sophos, temp, viren




Ähnliche Themen: C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden


  1. 75 Infizierte Objekte in Malwarebytes gefunden
    Log-Analyse und Auswertung - 22.03.2014 (21)
  2. Run/Appdata/Roaming/newnext.me/nengine.dll das angebene Modul wurde nicht gefunden 15 infizierte Objekte
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (5)
  3. Windows 8.1: Diverse Infizierte Objekte wurden gefunden
    Log-Analyse und Auswertung - 17.02.2014 (5)
  4. 4 infizierte Objekte gefunden mit Malware Bytes
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (19)
  5. Malwarebytes Anti-Malware hat mehrere infizierte Objekte gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.01.2014 (6)
  6. Win8: Browser langsam, reagiert zeitverzögert oder stürzt ab!Über 500 infizierte Objekte gefunden.
    Log-Analyse und Auswertung - 22.12.2013 (6)
  7. Malwarebytes hat über 150 infizierte Objekte gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (8)
  8. Windows Vista: MBAM hat 15 infizierte Objekte gefunden u.a. Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 02.11.2013 (9)
  9. mehre infizierte objekte gefunden mit malewarebytes
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (3)
  10. XP Firewall lässt sich nicht mehr aktivieren und infizierte Objekte gefunden
    Log-Analyse und Auswertung - 18.08.2013 (19)
  11. PC Performer Manager eingefangen und dann versucht ihn mit Spyhunter zu beseitigen
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (23)
  12. Bundespolizei Virus, Delta-search toolbar und 13 weitere infizierte Objekte
    Log-Analyse und Auswertung - 16.06.2013 (9)
  13. PC Performer Manager
    Plagegeister aller Art und deren Bekämpfung - 12.05.2013 (25)
  14. Sämtliche Browser funktionier nicht mehr 26 Infizierte Objekte gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (24)
  15. PC Performer Manager und Claro Search
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (15)
  16. Ich habe 17 infizierte Objekte mit Malwarebytes' Anti-Malware gefunden
    Log-Analyse und Auswertung - 02.07.2012 (4)
  17. 129 Infizierte Objekte
    Log-Analyse und Auswertung - 25.06.2008 (29)

Zum Thema C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden - Hallo zusammen, leider habe ich scheinbar einiges an Viren auf meinem Computer. Ich habe von Sophos die Meldung bekommen, dass der PC Performer Manager in Quarantäne verschoben wurde. Ein einfaches - C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden...
Archiv
Du betrachtest: C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.