| |
| |||||||
Log-Analyse und Auswertung: GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit MalwarebytesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.02.2013, 14:17
| #1 |
 |  GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Hallo liebes Trojaner Bord-Team, leider hat es in dieser Woche meinen Rechner auch erwischt. Plötzlich hatte ich den bekannten Bildschirm-Lock mit der Aufforderung zu zahlen und nichts ging mehr. Meine PC-Kenntnisse sind bescheiden, gebe mir aber alle Mühe. Über dieses Forum und botfrei.de schlauer gelesen, habe ich im abgesichterten Modus Malwarebytes laufen lassen und gefunden: Trojan.Ransom.SUGen ...\...\AX_RU.dll Malware.Packer.GenX ...\...\runctf.Ink Trojan.Ransom ...\...\RbhXVz9.exe Bitdefender Total Security 2013 fand: Trojan.Script.480412 Alles wurde in Quarantäne genommen. Alle wichtigen Dateien konnte ich extern sichern, diese sind nicht verschlüsselt. Seitdem kann ich wieder mit dem Rechner im Normal-Modus arbeiten. Anschließend (05. + 06.02.2013) durchgeführte Updates: - Win 7 - Internet Explorer - Mozilla - Google Chrome - Java - Bitdefender Total Security 2013 Heute habe ich in eurer vorgebenen Reihenfolge Defogger, OTL, Gmer laufen lassen. Ich freue mich riesig, wenn mir jemand bei diesen Problemen weiterhelfen kann, da es sich bei dem Rechner um mein wichtigstes Arbeitswerkzeug handelt. Mit größtem Dank im Voraus und besten Grüßen. |
|
07.02.2013, 14:27
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Hallo und
__________________ Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
07.02.2013, 14:54
| #3 |
| | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Hallo Cosinus,
__________________vielen Dank für die schnelle Antwort :-) @Frage 1: Win 7 Professional, ich bin Freiberufler, es ist mein Arbeits-PC. War die Empfehlung des Verkäufers, weil angeblich stabiler. @Frage 2: mit Malwarebytes gefunden: Malware.Packer.GenX C:\Program Files (x86)\Alcohol 120\Langs\AX_RU.dll Trojan.Ransom.SUGen C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.Ink Trojan.Ransom C:\Users\***\AppData\Local\Temp\RbhXVz9.exe mit Bitdefender Total Security 2013 gefunden: Trojan.Script 480412 C:\ProgramData\9zVXhbR.js Sorry für den ersten Versuch, bin ja lernwillig und hoffentlich auch noch lernfähig. Die Logdatein in Code-Tags, wie in der Anleitung beschrieben bekomme ich nicht hochgeladen. Bekomme die Meldung: Zitat: "Der Text, den Sie eingegeben haben, besteht aus 1516487 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen. Logs bitte als Archiv an den Beitrag anhängen!" Was mache ich falsch? |
|
07.02.2013, 15:11
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit MalwarebytesZitat:
 Die Verkäufer lügen auch was das Zeug hält. Natürlich ist diese Version teurer, hat man Features als zB Home Premium, aber von Kernel her ist das alles das gleiche. Warum bitte postest du Ausschnitte von Malwarebytes?  War es nicht eindeutig in der Anleitung beschrieben, dass die Logs vollständig gepostet werden sollen?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.02.2013, 15:19
| #5 |
| | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes @Verkäufer: wenn man etwas nicht im Detail kennt, ist man halt ausgeliefert... @Malwarebytes: weil ich es nicht wusste und erst mal finden musste ;-) Versuch ich aber doch jetzt glatt nachzuholen. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.14.11 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Deaktiviert 05.02.2013 20:08:38 mbam-log-2013-02-05 (20-08-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207371 Laufzeit: 2 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
07.02.2013, 15:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Bitte alle Logs von MBAM nachreichen. Anschließend MBAR ausführen: Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes |
|
07.02.2013, 15:53
| #7 |
| | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Hallo cosinus, ich bin begeistert über deine schnellen Reaktionen, vielen lieben Dank dafür. Nun versuche ich alles nachzureichen, dann MBAR durchzuführen. mbam-log-2013-02-05 (20-08-38): Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.14.11 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Deaktiviert 05.02.2013 20:08:38 mbam-log-2013-02-05 (20-08-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207371 Laufzeit: 2 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) mbam-log-2013-02-05 (20-29-40): Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.04.06 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 *** :: ***[Administrator] Schutz: Deaktiviert 05.02.2013 20:29:40 mbam-log-2013-02-05 (20-29-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212705 Laufzeit: 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) mbam-log-2013-02-05 (20-39-16): Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.04.06 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.1 *** :: ***[Administrator] Schutz: Deaktiviert 05.02.2013 20:39:16 mbam-log-2013-02-05 (20-39-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 509068 Laufzeit: 58 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) protection-log-2013-02-05: Code:
ATTFilter 2013/02/05 21:55:14 +0100 *** *** MESSAGE Starting protection
2013/02/05 21:55:14 +0100 *** *** MESSAGE Protection started successfully
2013/02/05 21:55:14 +0100 *** *** MESSAGE Starting IP protection
2013/02/05 21:55:19 +0100 *** *** MESSAGE IP Protection started successfully
2013/02/05 22:05:51 +0100 *** *** MESSAGE Executing scheduled update: Daily
2013/02/05 22:06:05 +0100 *** *** MESSAGE Starting database refresh
2013/02/05 22:06:05 +0100 *** *** MESSAGE Stopping IP protection
2013/02/05 22:06:05 +0100 *** *** MESSAGE IP Protection stopped successfully
2013/02/05 22:06:05 +0100 *** *** MESSAGE Scheduled update executed successfully: database updated from version v2013.02.04.06 to version v2013.02.05.09
2013/02/05 22:06:08 +0100 *** *** MESSAGE Database refreshed successfully
2013/02/05 22:06:08 +0100 *** *** MESSAGE Starting IP protection
2013/02/05 22:06:11 +0100 *** *** MESSAGE IP Protection started successfully
2013/02/05 22:36:11 +0100 *** (null) MESSAGE Starting protection
2013/02/05 22:36:11 +0100 *** (null) MESSAGE Protection started successfully
2013/02/05 22:36:11 +0100 *** (null) MESSAGE Starting IP protection
2013/02/05 22:36:15 +0100 *** (null) MESSAGE IP Protection started successfully
2013/02/05 22:37:45 +0100 *** (null) DETECTION C:\Users\***\AppData\Local\Temp\RbhXVz9.exe Trojan.Ransom QUARANTINE
2013/02/05 23:10:24 +0100 *** (null) MESSAGE Starting protection
2013/02/05 23:10:24 +0100 *** (null) MESSAGE Protection started successfully
2013/02/05 23:10:24 +0100 *** (null) MESSAGE Starting IP protection
2013/02/05 23:10:28 +0100 *** (null) MESSAGE IP Protection started successfully
Code:
ATTFilter 2013/02/06 08:47:24 +0100 *** (null) MESSAGE Starting protection
2013/02/06 08:47:24 +0100 *** (null) MESSAGE Protection started successfully
2013/02/06 08:47:24 +0100 *** (null) MESSAGE Starting IP protection
2013/02/06 08:47:29 +0100 *** (null) MESSAGE IP Protection started successfully
2013/02/06 11:56:08 +0100 *** (null) MESSAGE Starting protection
2013/02/06 11:56:08 +0100 *** (null) MESSAGE Protection started successfully
2013/02/06 11:56:08 +0100 *** (null) MESSAGE Starting IP protection
2013/02/06 11:56:12 +0100 *** (null) MESSAGE IP Protection started successfully
2013/02/06 18:25:52 +0100 *** *** MESSAGE Executing scheduled update: Daily
2013/02/06 18:26:08 +0100 *** *** MESSAGE Scheduled update executed successfully: database updated from version v2013.02.05.09 to version v2013.02.06.08
2013/02/06 18:26:08 +0100 *** *** MESSAGE Starting database refresh
2013/02/06 18:26:09 +0100 *** *** MESSAGE Stopping IP protection
2013/02/06 18:26:10 +0100 *** *** MESSAGE IP Protection stopped successfully
2013/02/06 18:26:11 +0100 *** *** ERROR Database refresh failed: Integrity verification failed failed with error code 2
protection-log-2013-02-07 Code:
ATTFilter 2013/02/07 10:35:49 +0100 *** (null) ERROR Integrity verification failed failed with error code 2
2013/02/07 10:35:49 +0100 *** (null) MESSAGE Protection stopped
2013/02/07 11:51:28 +0100 *** (null) MESSAGE Starting protection
2013/02/07 11:51:28 +0100 *** (null) MESSAGE Protection started successfully
2013/02/07 11:51:28 +0100 *** (null) MESSAGE Starting IP protection
2013/02/07 11:51:33 +0100 *** (null) MESSAGE IP Protection started successfully
2013/02/07 11:51:33 +0100 *** (null) MESSAGE Starting database refresh
2013/02/07 11:51:33 +0100 *** (null) MESSAGE Stopping IP protection
2013/02/07 11:51:33 +0100 *** (null) MESSAGE IP Protection stopped successfully
2013/02/07 11:51:35 +0100 *** (null) MESSAGE Database refreshed successfully
2013/02/07 11:51:35 +0100 *** (null) MESSAGE Starting IP protection
2013/02/07 11:51:39 +0100 *** (null) MESSAGE IP Protection started successfully
habe mbar.exe 2x durchlaufen lassen, beide Male keine Malware gefunden. Heisst das, alles gut oder sitzt das Problem tiefer? Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.07.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [administrator]
07.02.2013 16:49:35
mbar-log-2013-02-07 (16-49-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31514
Time elapsed: 10 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.07.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [administrator]
07.02.2013 17:10:23
mbar-log-2013-02-07 (17-10-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31512
Time elapsed: 9 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
08.02.2013, 10:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.02.2013, 17:40
| #9 |
| | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Hallo cosinus, vielen Dank für deine weiteren Aufgaben! 1) aswMBR.exe habe ich versucht auszuführen nach der Beschreibung, also mit deaktiviertem Bitdefender. Download, update, Programmstart, alles ok. Ich kam bis "aswMBR.exe funktioniert nicht mehr". Versuch des Neustarts misslang. Bitdefender hatte sich doch irgendwie dazwischen gehängt und hat aswMBR.exe nach irgendwohin verschoben. Erneuter Download von aswMBR.exe war notwendig, Speicherung auf Desktop misslang. "... Adminrechte notwendig..." - wobei es aber neben dem Gast nur ein Konto mit Adminrechten gibt. Ablage in einem neuen Ordner auf Desktop war möglich, Programmstart ebenfalls, jedoch keine erneute Aufforderung des avast!-updates. Scan lief durch, im Modus "AV scan" (none) Logfiles aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-09 15:28:05
-----------------------------
15:28:05.769 OS Version: Windows x64 6.1.7601 Service Pack 1
15:28:05.769 Number of processors: 4 586 0x2505
15:28:05.769 ComputerName: *** UserName: ***
15:28:07.236 Initialize success
15:28:13.351 AVAST engine defs: 13020900
15:28:45.255 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:28:45.255 Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
15:28:45.270 Disk 0 MBR read successfully
15:28:45.270 Disk 0 MBR scan
15:28:45.286 Disk 0 Windows 7 default MBR code
15:28:45.302 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
15:28:45.317 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459228 MB offset 616448
15:28:45.348 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 941115392
15:28:45.364 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 972572672
15:28:45.411 Disk 0 scanning C:\windows\system32\drivers
15:29:04.053 Service scanning
15:29:07.220 Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
15:29:07.282 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
15:29:34.551 Modules scanning
15:29:34.551 Disk 0 trace - called modules:
15:29:34.582 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
15:29:34.582 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80089b1060]
15:29:34.598 3 CLASSPNP.SYS[fffff8800113b43f] -> nt!IofCallDriver -> [0xfffffa8008093930]
15:29:34.598 5 hpdskflt.sys[fffff88002554189] -> nt!IofCallDriver -> [0xfffffa8007b035e0]
15:29:34.613 7 ACPI.sys[fffff88000d5b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b08050]
15:29:34.613 Scan finished successfully
15:37:55.690 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"4
15:37:55.690 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
2) TDSS-Killer download und scan wie in der Beschreibung problemlos Logfiles Code:
ATTFilter 15:43:02.0132 7392 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:43:04.0144 7392 ============================================================
15:43:04.0144 7392 Current date / time: 2013/02/09 15:43:04.0144
15:43:04.0144 7392 SystemInfo:
15:43:04.0144 7392
15:43:04.0144 7392 OS Version: 6.1.7601 ServicePack: 1.0
15:43:04.0144 7392 Product type: Workstation
15:43:04.0144 7392 ComputerName: ***
15:43:04.0144 7392 UserName: ***
15:43:04.0144 7392 Windows directory: C:\windows
15:43:04.0144 7392 System windows directory: C:\windows
15:43:04.0144 7392 Running under WOW64
15:43:04.0144 7392 Processor architecture: Intel x64
15:43:04.0144 7392 Number of processors: 4
15:43:04.0144 7392 Page size: 0x1000
15:43:04.0144 7392 Boot type: Normal boot
15:43:04.0144 7392 ============================================================
15:43:04.0456 7392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:04.0488 7392 ============================================================
15:43:04.0488 7392 \Device\Harddisk0\DR0:
15:43:04.0488 7392 MBR partitions:
15:43:04.0488 7392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
15:43:04.0488 7392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x380EE000
15:43:04.0488 7392 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38184800, BlocksNum 0x1E00000
15:43:04.0488 7392 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39F84800, BlocksNum 0x3FD800
15:43:04.0488 7392 ============================================================
15:43:04.0503 7392 C: <-> \Device\Harddisk0\DR0\Partition2
15:43:04.0519 7392 F: <-> \Device\Harddisk0\DR0\Partition4
15:43:04.0519 7392 ============================================================
15:43:04.0519 7392 Initialize success
15:43:04.0519 7392 ============================================================
15:44:00.0351 4148 ============================================================
15:44:00.0351 4148 Scan started
15:44:00.0351 4148 Mode: Manual; SigCheck; TDLFS;
15:44:00.0351 4148 ============================================================
15:44:00.0726 4148 ================ Scan system memory ========================
15:44:00.0726 4148 System memory - ok
15:44:00.0726 4148 ================ Scan services =============================
15:44:00.0882 4148 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:44:00.0960 4148 1394ohci - ok
15:44:01.0007 4148 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
15:44:01.0022 4148 Accelerometer - ok
15:44:01.0038 4148 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:44:01.0053 4148 ACPI - ok
15:44:01.0069 4148 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:44:01.0116 4148 AcpiPmi - ok
15:44:01.0209 4148 AddonsHelper - ok
15:44:01.0241 4148 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\windows\system32\drivers\adfs.sys
15:44:01.0256 4148 adfs - ok
15:44:01.0365 4148 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:44:01.0381 4148 AdobeARMservice - ok
15:44:01.0490 4148 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:44:01.0506 4148 AdobeFlashPlayerUpdateSvc - ok
15:44:01.0537 4148 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
15:44:01.0553 4148 adp94xx - ok
15:44:01.0568 4148 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
15:44:01.0584 4148 adpahci - ok
15:44:01.0599 4148 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
15:44:01.0615 4148 adpu320 - ok
15:44:01.0631 4148 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:44:01.0677 4148 AeLookupSvc - ok
15:44:01.0802 4148 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
15:44:01.0833 4148 AESTFilters - ok
15:44:01.0880 4148 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:44:01.0927 4148 AFD - ok
15:44:01.0958 4148 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
15:44:02.0005 4148 AgereModemAudio - ok
15:44:02.0036 4148 [ C98356D813B581E9C425B42A5D146CE0 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
15:44:02.0099 4148 AgereSoftModem - ok
15:44:02.0130 4148 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
15:44:02.0130 4148 agp440 - ok
15:44:02.0161 4148 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:44:02.0177 4148 ALG - ok
15:44:02.0192 4148 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:44:02.0192 4148 aliide - ok
15:44:02.0208 4148 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:44:02.0208 4148 amdide - ok
15:44:02.0239 4148 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
15:44:02.0286 4148 AmdK8 - ok
15:44:02.0317 4148 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
15:44:02.0364 4148 AmdPPM - ok
15:44:02.0395 4148 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:44:02.0411 4148 amdsata - ok
15:44:02.0426 4148 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
15:44:02.0442 4148 amdsbs - ok
15:44:02.0457 4148 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:44:02.0473 4148 amdxata - ok
15:44:02.0520 4148 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:44:02.0567 4148 AppID - ok
15:44:02.0598 4148 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:44:02.0645 4148 AppIDSvc - ok
15:44:02.0676 4148 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
15:44:02.0707 4148 Appinfo - ok
15:44:02.0801 4148 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:44:02.0816 4148 Apple Mobile Device - ok
15:44:02.0847 4148 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
15:44:02.0879 4148 AppMgmt - ok
15:44:02.0910 4148 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
15:44:02.0925 4148 arc - ok
15:44:02.0925 4148 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
15:44:02.0941 4148 arcsas - ok
15:44:03.0066 4148 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:44:03.0097 4148 aspnet_state - ok
15:44:03.0113 4148 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:44:03.0175 4148 AsyncMac - ok
15:44:03.0206 4148 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:44:03.0206 4148 atapi - ok
15:44:03.0253 4148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:44:03.0331 4148 AudioEndpointBuilder - ok
15:44:03.0331 4148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:44:03.0378 4148 AudioSrv - ok
15:44:03.0409 4148 [ 84E8D636FAD30B14F279523DDFCD83BE ] avc3 C:\windows\system32\DRIVERS\avc3.sys
15:44:03.0425 4148 avc3 - ok
15:44:03.0471 4148 [ B725A236D9206A308BCA0943F6506B8E ] avckf C:\windows\system32\DRIVERS\avckf.sys
15:44:03.0487 4148 avckf - ok
15:44:03.0518 4148 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:44:03.0565 4148 AxInstSV - ok
15:44:03.0596 4148 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
15:44:03.0627 4148 b06bdrv - ok
15:44:03.0643 4148 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:44:03.0674 4148 b57nd60a - ok
15:44:03.0752 4148 [ B649EB2E95543CF1FE2FF48E9D534C69 ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
15:44:03.0752 4148 BdDesktopParental - ok
15:44:03.0783 4148 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:44:03.0815 4148 BDESVC - ok
15:44:03.0908 4148 [ 9920B815BC3B3F2D69071842DD18D422 ] BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
15:44:03.0924 4148 BdfNdisf - ok
15:44:03.0955 4148 [ 4CE4B0098FC315C237FA8867F07886C4 ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
15:44:03.0971 4148 bdfwfpf - ok
15:44:03.0986 4148 [ E311541A584A29C0D91DD73730B1DCBE ] BDSandBox C:\windows\system32\drivers\bdsandbox.sys
15:44:04.0002 4148 BDSandBox - ok
15:44:04.0033 4148 [ 50F796CB1E8C80F3D19435CB50C3DAB5 ] BDVEDISK C:\windows\system32\DRIVERS\bdvedisk.sys
15:44:04.0049 4148 BDVEDISK - ok
15:44:04.0064 4148 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:44:04.0127 4148 Beep - ok
15:44:04.0173 4148 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
15:44:04.0205 4148 BFE - ok
15:44:04.0236 4148 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
15:44:04.0298 4148 BITS - ok
15:44:04.0345 4148 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:44:04.0376 4148 blbdrive - ok
15:44:04.0407 4148 [ 8B1E76B5F86DF4396D77AB09787F6D37 ] BMLoad C:\windows\system32\drivers\BMLoad.sys
15:44:04.0439 4148 BMLoad ( UnsignedFile.Multi.Generic ) - warning
15:44:04.0439 4148 BMLoad - detected UnsignedFile.Multi.Generic (1)
15:44:04.0485 4148 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:44:04.0501 4148 Bonjour Service - ok
15:44:04.0548 4148 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:44:04.0548 4148 bowser - ok
15:44:04.0595 4148 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
15:44:04.0626 4148 BrFiltLo - ok
15:44:04.0641 4148 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
15:44:04.0657 4148 BrFiltUp - ok
15:44:04.0704 4148 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:44:04.0735 4148 Browser - ok
15:44:04.0751 4148 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:44:04.0797 4148 Brserid - ok
15:44:04.0813 4148 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:44:04.0860 4148 BrSerWdm - ok
15:44:04.0875 4148 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:44:04.0907 4148 BrUsbMdm - ok
15:44:04.0938 4148 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:44:04.0953 4148 BrUsbSer - ok
15:44:04.0969 4148 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:44:05.0016 4148 BthEnum - ok
15:44:05.0031 4148 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:44:05.0047 4148 BTHMODEM - ok
15:44:05.0094 4148 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:44:05.0109 4148 BthPan - ok
15:44:05.0141 4148 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:44:05.0187 4148 BTHPORT - ok
15:44:05.0219 4148 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:44:05.0265 4148 bthserv - ok
15:44:05.0297 4148 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:44:05.0328 4148 BTHUSB - ok
15:44:05.0343 4148 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
15:44:05.0359 4148 btwaudio - ok
15:44:05.0390 4148 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
15:44:05.0406 4148 btwavdt - ok
15:44:05.0437 4148 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:44:05.0468 4148 btwdins - ok
15:44:05.0484 4148 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
15:44:05.0484 4148 btwl2cap - ok
15:44:05.0499 4148 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
15:44:05.0515 4148 btwrchid - ok
15:44:05.0531 4148 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:44:05.0577 4148 cdfs - ok
15:44:05.0624 4148 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:44:05.0655 4148 cdrom - ok
15:44:05.0702 4148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:44:05.0749 4148 CertPropSvc - ok
15:44:05.0780 4148 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
15:44:05.0827 4148 circlass - ok
15:44:05.0858 4148 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:44:05.0874 4148 CLFS - ok
15:44:05.0936 4148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:05.0952 4148 clr_optimization_v2.0.50727_32 - ok
15:44:05.0983 4148 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:05.0999 4148 clr_optimization_v2.0.50727_64 - ok
15:44:06.0045 4148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:06.0061 4148 clr_optimization_v4.0.30319_32 - ok
15:44:06.0092 4148 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:06.0092 4148 clr_optimization_v4.0.30319_64 - ok
15:44:06.0123 4148 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:44:06.0155 4148 CmBatt - ok
15:44:06.0170 4148 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:44:06.0186 4148 cmdide - ok
15:44:06.0233 4148 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
15:44:06.0264 4148 CNG - ok
15:44:06.0326 4148 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:44:06.0342 4148 Com4QLBEx - ok
15:44:06.0342 4148 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
15:44:06.0357 4148 Compbatt - ok
15:44:06.0373 4148 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
15:44:06.0389 4148 CompositeBus - ok
15:44:06.0389 4148 COMSysApp - ok
15:44:06.0420 4148 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
15:44:06.0435 4148 crcdisk - ok
15:44:06.0467 4148 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
15:44:06.0498 4148 CryptSvc - ok
15:44:06.0545 4148 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
15:44:06.0576 4148 CSC - ok
15:44:06.0623 4148 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
15:44:06.0638 4148 CscService - ok
15:44:06.0654 4148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:44:06.0701 4148 DcomLaunch - ok
15:44:06.0779 4148 [ E6E9610D76418357A7EC725989687CB4 ] DEBridge C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
15:44:06.0810 4148 DEBridge ( UnsignedFile.Multi.Generic ) - warning
15:44:06.0810 4148 DEBridge - detected UnsignedFile.Multi.Generic (1)
15:44:06.0841 4148 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:44:06.0872 4148 defragsvc - ok
15:44:06.0919 4148 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:44:06.0966 4148 DfsC - ok
15:44:07.0013 4148 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:44:07.0044 4148 Dhcp - ok
15:44:07.0075 4148 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:44:07.0106 4148 discache - ok
15:44:07.0137 4148 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
15:44:07.0137 4148 Disk - ok
15:44:07.0231 4148 [ 6955872BED7981571D4BCBE31CA4E3F8 ] dleeCATSCustConnectService C:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe
15:44:07.0231 4148 dleeCATSCustConnectService - ok
15:44:07.0231 4148 dlee_device - ok
15:44:07.0278 4148 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:44:07.0309 4148 Dnscache - ok
15:44:07.0356 4148 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:44:07.0403 4148 dot3svc - ok
15:44:07.0465 4148 [ EF8004B4A9552C77FD0E99AB08841D13 ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
15:44:07.0481 4148 DpHost - ok
15:44:07.0496 4148 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:44:07.0559 4148 DPS - ok
15:44:07.0590 4148 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:44:07.0621 4148 drmkaud - ok
15:44:07.0668 4148 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:44:07.0683 4148 DXGKrnl - ok
15:44:07.0746 4148 [ 324FCD2DD8A4229DDEF3CC954FF12FA5 ] e1kexpress C:\windows\system32\DRIVERS\e1k62x64.sys
15:44:07.0761 4148 e1kexpress - ok
15:44:07.0777 4148 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:44:07.0839 4148 EapHost - ok
15:44:07.0902 4148 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
15:44:07.0980 4148 ebdrv - ok
15:44:08.0011 4148 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:44:08.0042 4148 EFS - ok
15:44:08.0089 4148 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:44:08.0136 4148 ehRecvr - ok
15:44:08.0167 4148 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:44:08.0198 4148 ehSched - ok
15:44:08.0229 4148 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
15:44:08.0245 4148 elxstor - ok
15:44:08.0261 4148 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
15:44:08.0307 4148 ErrDev - ok
15:44:08.0354 4148 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:44:08.0401 4148 EventSystem - ok
15:44:08.0448 4148 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:44:08.0479 4148 exfat - ok
15:44:08.0495 4148 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:44:08.0541 4148 fastfat - ok
15:44:08.0588 4148 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:44:08.0635 4148 Fax - ok
15:44:08.0666 4148 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
15:44:08.0682 4148 fdc - ok
15:44:08.0713 4148 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:44:08.0760 4148 fdPHost - ok
15:44:08.0775 4148 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:44:08.0822 4148 FDResPub - ok
15:44:08.0853 4148 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:44:08.0869 4148 FileInfo - ok
15:44:08.0885 4148 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:44:08.0931 4148 Filetrace - ok
15:44:08.0963 4148 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
15:44:08.0994 4148 flpydisk - ok
15:44:09.0041 4148 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:44:09.0041 4148 FltMgr - ok
15:44:09.0103 4148 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
15:44:09.0150 4148 FontCache - ok
15:44:09.0228 4148 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:09.0243 4148 FontCache3.0.0.0 - ok
15:44:09.0259 4148 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:44:09.0275 4148 FsDepends - ok
15:44:09.0306 4148 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:44:09.0321 4148 Fs_Rec - ok
15:44:09.0368 4148 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:44:09.0384 4148 fvevol - ok
15:44:09.0399 4148 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
15:44:09.0415 4148 gagp30kx - ok
15:44:09.0462 4148 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:44:09.0462 4148 GEARAspiWDM - ok
15:44:09.0524 4148 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:44:09.0587 4148 gpsvc - ok
15:44:09.0633 4148 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:09.0649 4148 gupdate - ok
15:44:09.0649 4148 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:09.0665 4148 gupdatem - ok
15:44:09.0680 4148 [ BF2763FEA9704B1D9AA2C7719423251A ] gzflt C:\windows\system32\DRIVERS\gzflt.sys
15:44:09.0696 4148 gzflt - ok
15:44:09.0711 4148 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:44:09.0743 4148 hcw85cir - ok
15:44:09.0774 4148 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:44:09.0805 4148 HdAudAddService - ok
15:44:09.0821 4148 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
15:44:09.0836 4148 HDAudBus - ok
15:44:09.0867 4148 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
15:44:09.0883 4148 HECIx64 - ok
15:44:09.0899 4148 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
15:44:09.0930 4148 HidBatt - ok
15:44:09.0961 4148 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
15:44:09.0992 4148 HidBth - ok
15:44:10.0039 4148 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
15:44:10.0039 4148 HidIr - ok
15:44:10.0055 4148 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
15:44:10.0101 4148 hidserv - ok
15:44:10.0117 4148 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:44:10.0133 4148 HidUsb - ok
15:44:10.0179 4148 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:44:10.0226 4148 hkmsvc - ok
15:44:10.0273 4148 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:44:10.0289 4148 HomeGroupListener - ok
15:44:10.0335 4148 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:44:10.0398 4148 HomeGroupProvider - ok
15:44:10.0460 4148 [ 44AD1D87919994161131D5FB16C5B551 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
15:44:10.0460 4148 HP Power Assistant Service - ok
15:44:10.0491 4148 [ AE2A8C80205F06BE5EDC63BE0AE9A756 ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
15:44:10.0523 4148 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
15:44:10.0523 4148 HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
15:44:10.0601 4148 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:44:10.0601 4148 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
15:44:10.0601 4148 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
15:44:10.0647 4148 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:44:10.0663 4148 HP Wireless Assistant Service - ok
15:44:10.0725 4148 [ A4A0E006A1826EA2629E59DE2008BB9D ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
15:44:10.0757 4148 HPDayStarterService ( UnsignedFile.Multi.Generic ) - warning
15:44:10.0757 4148 HPDayStarterService - detected UnsignedFile.Multi.Generic (1)
15:44:10.0788 4148 [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:44:10.0803 4148 HPDrvMntSvc.exe - ok
15:44:10.0850 4148 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
15:44:10.0850 4148 hpdskflt - ok
15:44:10.0881 4148 [ 5AFB3F9B74553BD933555E1C800D2CE1 ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
15:44:10.0897 4148 HpFkCryptService - ok
15:44:10.0913 4148 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
15:44:10.0944 4148 HpqKbFiltr - ok
15:44:10.0991 4148 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:44:11.0022 4148 hpqwmiex - ok
15:44:11.0037 4148 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:44:11.0053 4148 HpSAMD - ok
15:44:11.0100 4148 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\windows\system32\Hpservice.exe
15:44:11.0100 4148 hpsrv - ok
15:44:11.0162 4148 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:44:11.0225 4148 HTTP - ok
15:44:11.0256 4148 [ 2342E7FECCA0D4E31BEA5FF6A4E20885 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
15:44:11.0287 4148 huawei_enumerator - ok
15:44:11.0318 4148 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:44:11.0334 4148 hwpolicy - ok
15:44:11.0349 4148 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
15:44:11.0349 4148 i8042prt - ok
15:44:11.0427 4148 [ 593EF9F904C8497F6D794DC6FCC59DCA ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:44:11.0443 4148 IAANTMON - ok
15:44:11.0459 4148 [ C50107C730C9A955F6FD7376733F2D68 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:44:11.0474 4148 iaStor - ok
15:44:11.0505 4148 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:44:11.0521 4148 iaStorV - ok
15:44:11.0583 4148 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:11.0599 4148 idsvc - ok
15:44:11.0615 4148 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
15:44:11.0630 4148 iirsp - ok
15:44:11.0677 4148 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:44:11.0739 4148 IKEEXT - ok
15:44:11.0771 4148 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
15:44:11.0802 4148 Impcd - ok
15:44:11.0833 4148 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:44:11.0833 4148 intelide - ok
15:44:11.0864 4148 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:44:11.0895 4148 intelppm - ok
15:44:11.0927 4148 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:44:11.0973 4148 IPBusEnum - ok
15:44:12.0036 4148 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:44:12.0083 4148 IpFilterDriver - ok
15:44:12.0114 4148 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:44:12.0161 4148 iphlpsvc - ok
15:44:12.0192 4148 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:44:12.0192 4148 IPMIDRV - ok
15:44:12.0223 4148 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:44:12.0270 4148 IPNAT - ok
15:44:12.0317 4148 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:44:12.0332 4148 iPod Service - ok
15:44:12.0348 4148 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:44:12.0363 4148 IRENUM - ok
15:44:12.0379 4148 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:44:12.0395 4148 isapnp - ok
15:44:12.0410 4148 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:44:12.0426 4148 iScsiPrt - ok
15:44:12.0441 4148 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:44:12.0457 4148 kbdclass - ok
15:44:12.0473 4148 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
15:44:12.0504 4148 kbdhid - ok
15:44:12.0535 4148 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:44:12.0551 4148 KeyIso - ok
15:44:12.0582 4148 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:44:12.0597 4148 KSecDD - ok
15:44:12.0644 4148 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:44:12.0660 4148 KSecPkg - ok
15:44:12.0675 4148 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:44:12.0722 4148 ksthunk - ok
15:44:12.0769 4148 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:44:12.0816 4148 KtmRm - ok
15:44:12.0863 4148 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
15:44:12.0894 4148 LanmanServer - ok
15:44:12.0941 4148 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:44:12.0987 4148 LanmanWorkstation - ok
15:44:13.0019 4148 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:44:13.0065 4148 lltdio - ok
15:44:13.0112 4148 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:44:13.0159 4148 lltdsvc - ok
15:44:13.0175 4148 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:44:13.0221 4148 lmhosts - ok
15:44:13.0284 4148 [ 17A9C5FFA241AAAB275EE5CACEF77686 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:44:13.0299 4148 LMS - ok
15:44:13.0331 4148 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
15:44:13.0346 4148 LSI_FC - ok
15:44:13.0362 4148 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
15:44:13.0377 4148 LSI_SAS - ok
15:44:13.0393 4148 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
15:44:13.0393 4148 LSI_SAS2 - ok
15:44:13.0409 4148 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
15:44:13.0424 4148 LSI_SCSI - ok
15:44:13.0455 4148 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:44:13.0487 4148 luafv - ok
15:44:13.0533 4148 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys
15:44:13.0533 4148 MBAMProtector - ok
15:44:13.0611 4148 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:44:13.0627 4148 MBAMScheduler - ok
15:44:13.0674 4148 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:44:13.0689 4148 MBAMService - ok
15:44:13.0721 4148 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:44:13.0752 4148 Mcx2Svc - ok
15:44:13.0783 4148 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
15:44:13.0783 4148 megasas - ok
15:44:13.0814 4148 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
15:44:13.0830 4148 MegaSR - ok
15:44:13.0861 4148 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:44:13.0908 4148 MMCSS - ok
15:44:13.0939 4148 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:44:13.0986 4148 Modem - ok
15:44:14.0017 4148 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:44:14.0033 4148 monitor - ok
15:44:14.0064 4148 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:44:14.0079 4148 mouclass - ok
15:44:14.0079 4148 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:44:14.0111 4148 mouhid - ok
15:44:14.0157 4148 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:44:14.0157 4148 mountmgr - ok
15:44:14.0204 4148 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:44:14.0220 4148 MozillaMaintenance - ok
15:44:14.0251 4148 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
15:44:14.0251 4148 mpio - ok
15:44:14.0282 4148 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:44:14.0313 4148 mpsdrv - ok
15:44:14.0376 4148 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
15:44:14.0438 4148 MpsSvc - ok
15:44:14.0485 4148 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:44:14.0516 4148 MRxDAV - ok
15:44:14.0563 4148 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:44:14.0579 4148 mrxsmb - ok
15:44:14.0625 4148 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:44:14.0657 4148 mrxsmb10 - ok
15:44:14.0672 4148 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:44:14.0703 4148 mrxsmb20 - ok
15:44:14.0719 4148 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
15:44:14.0735 4148 msahci - ok
15:44:14.0750 4148 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:44:14.0766 4148 msdsm - ok
15:44:14.0781 4148 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:44:14.0813 4148 MSDTC - ok
15:44:14.0859 4148 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:44:14.0906 4148 Msfs - ok
15:44:14.0937 4148 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:44:15.0000 4148 mshidkmdf - ok
15:44:15.0015 4148 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:44:15.0031 4148 msisadrv - ok
15:44:15.0047 4148 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:44:15.0093 4148 MSiSCSI - ok
15:44:15.0093 4148 msiserver - ok
15:44:15.0109 4148 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:44:15.0156 4148 MSKSSRV - ok
15:44:15.0171 4148 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:44:15.0218 4148 MSPCLOCK - ok
15:44:15.0234 4148 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:44:15.0281 4148 MSPQM - ok
15:44:15.0327 4148 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:44:15.0343 4148 MsRPC - ok
15:44:15.0359 4148 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
15:44:15.0359 4148 mssmbios - ok
15:44:15.0390 4148 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:44:15.0437 4148 MSTEE - ok
15:44:15.0468 4148 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
15:44:15.0499 4148 MTConfig - ok
15:44:15.0530 4148 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:44:15.0546 4148 Mup - ok
15:44:15.0561 4148 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:44:15.0593 4148 napagent - ok
15:44:15.0608 4148 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:44:15.0655 4148 NativeWifiP - ok
15:44:15.0686 4148 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:44:15.0717 4148 NDIS - ok
15:44:15.0749 4148 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:44:15.0795 4148 NdisCap - ok
15:44:15.0827 4148 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:44:15.0873 4148 NdisTapi - ok
15:44:15.0920 4148 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:44:15.0967 4148 Ndisuio - ok
15:44:15.0998 4148 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:44:16.0045 4148 NdisWan - ok
15:44:16.0076 4148 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:44:16.0123 4148 NDProxy - ok
15:44:16.0154 4148 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:44:16.0185 4148 NetBIOS - ok
15:44:16.0232 4148 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:44:16.0279 4148 NetBT - ok
15:44:16.0295 4148 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:44:16.0310 4148 Netlogon - ok
15:44:16.0326 4148 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:44:16.0388 4148 Netman - ok
15:44:16.0419 4148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:16.0435 4148 NetMsmqActivator - ok
15:44:16.0435 4148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:16.0451 4148 NetPipeActivator - ok
15:44:16.0466 4148 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:44:16.0529 4148 netprofm - ok
15:44:16.0575 4148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:16.0575 4148 NetTcpActivator - ok
15:44:16.0591 4148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:16.0591 4148 NetTcpPortSharing - ok
15:44:16.0731 4148 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\windows\system32\DRIVERS\NETw5s64.sys
15:44:16.0856 4148 NETw5s64 - ok
15:44:16.0903 4148 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
15:44:16.0903 4148 nfrd960 - ok
15:44:16.0965 4148 [ D8ADFBEB3F7F4AE4C32E7EEDE4E59E15 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
15:44:16.0981 4148 NitroReaderDriverReadSpool2 - ok
15:44:17.0043 4148 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
15:44:17.0075 4148 NlaSvc - ok
15:44:17.0106 4148 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:44:17.0137 4148 Npfs - ok
15:44:17.0153 4148 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:44:17.0215 4148 nsi - ok
15:44:17.0231 4148 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:44:17.0277 4148 nsiproxy - ok
15:44:17.0340 4148 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:44:17.0371 4148 Ntfs - ok
15:44:17.0387 4148 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:44:17.0418 4148 Null - ok
15:44:17.0433 4148 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
15:44:17.0465 4148 nusb3hub - ok
15:44:17.0496 4148 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
15:44:17.0511 4148 nusb3xhc - ok
15:44:17.0543 4148 [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
15:44:17.0543 4148 NVHDA - ok
15:44:17.0761 4148 [ CA10F931C7C91A111E6D27762400AAD8 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
15:44:18.0057 4148 nvlddmkm - ok
15:44:18.0089 4148 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:44:18.0104 4148 nvraid - ok
15:44:18.0120 4148 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:44:18.0135 4148 nvstor - ok
15:44:18.0151 4148 [ 19883C9E84AAE9C9F0591B683D46CD9F ] nvsvc C:\windows\system32\nvvsvc.exe
15:44:18.0167 4148 nvsvc - ok
15:44:18.0182 4148 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:44:18.0198 4148 nv_agp - ok
15:44:18.0229 4148 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:44:18.0245 4148 ohci1394 - ok
15:44:18.0276 4148 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:18.0291 4148 ose - ok
15:44:18.0447 4148 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:44:18.0541 4148 osppsvc - ok
15:44:18.0588 4148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:44:18.0619 4148 p2pimsvc - ok
15:44:18.0650 4148 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:44:18.0697 4148 p2psvc - ok
15:44:18.0728 4148 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
15:44:18.0744 4148 Parport - ok
15:44:18.0791 4148 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:44:18.0791 4148 partmgr - ok
15:44:18.0806 4148 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:44:18.0837 4148 PcaSvc - ok
15:44:18.0884 4148 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
15:44:18.0884 4148 pci - ok
15:44:18.0900 4148 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:44:18.0915 4148 pciide - ok
15:44:18.0931 4148 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
15:44:18.0947 4148 pcmcia - ok
15:44:18.0978 4148 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:44:18.0978 4148 pcw - ok
15:44:19.0040 4148 [ BAF3216DDAA12E66EBBB31760E02BC14 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
15:44:19.0056 4148 PdiService - ok
15:44:19.0071 4148 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:44:19.0134 4148 PEAUTH - ok
15:44:19.0181 4148 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
15:44:19.0227 4148 PeerDistSvc - ok
15:44:19.0305 4148 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:44:19.0321 4148 PerfHost - ok
15:44:19.0383 4148 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:44:19.0446 4148 pla - ok
15:44:19.0493 4148 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:44:19.0524 4148 PlugPlay - ok
15:44:19.0571 4148 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:44:19.0602 4148 PNRPAutoReg - ok
15:44:19.0617 4148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:44:19.0633 4148 PNRPsvc - ok
15:44:19.0680 4148 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:44:19.0742 4148 PolicyAgent - ok
15:44:19.0789 4148 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
15:44:19.0836 4148 Power - ok
15:44:19.0883 4148 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:44:19.0914 4148 PptpMiniport - ok
15:44:19.0945 4148 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
15:44:19.0976 4148 Processor - ok
15:44:20.0007 4148 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:44:20.0039 4148 ProfSvc - ok
15:44:20.0054 4148 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:44:20.0070 4148 ProtectedStorage - ok
15:44:20.0101 4148 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:44:20.0132 4148 Psched - ok
15:44:20.0179 4148 [ 901DBA98359966A62A6548596988E931 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
15:44:20.0195 4148 PxHlpa64 - ok
15:44:20.0241 4148 [ 052031A92809B438683FDCF5B574234D ] qcfilterhp2k C:\windows\system32\DRIVERS\qcfilterhp2k.sys
15:44:20.0241 4148 qcfilterhp2k - ok
15:44:20.0257 4148 [ 9D8D8077A1B849AFEC221FDD33E9DADD ] qcombushp C:\windows\system32\DRIVERS\qcombushp.sys
15:44:20.0273 4148 qcombushp - ok
15:44:20.0304 4148 [ B7FB4EAE56062A732EC962BF980512FA ] qcusbnethp2k C:\windows\system32\DRIVERS\qcusbnethp2k.sys
15:44:20.0335 4148 qcusbnethp2k - ok
15:44:20.0351 4148 [ 4AD8CB1E096872EE7A7F6FBEAC91B54A ] qcusbserhp2k C:\windows\system32\DRIVERS\qcusbserhp2k.sys
15:44:20.0382 4148 qcusbserhp2k - ok
15:44:20.0444 4148 [ 6E780837D7A737E3AB258465158ECAFB ] QDLService2kHP C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
15:44:20.0475 4148 QDLService2kHP - ok
15:44:20.0522 4148 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
15:44:20.0553 4148 ql2300 - ok
15:44:20.0569 4148 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
15:44:20.0585 4148 ql40xx - ok
15:44:20.0616 4148 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:44:20.0631 4148 QWAVE - ok
15:44:20.0647 4148 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:44:20.0678 4148 QWAVEdrv - ok
15:44:20.0694 4148 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:44:20.0725 4148 RasAcd - ok
15:44:20.0756 4148 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:44:20.0787 4148 RasAgileVpn - ok
15:44:20.0803 4148 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:44:20.0850 4148 RasAuto - ok
15:44:20.0881 4148 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:44:20.0912 4148 Rasl2tp - ok
15:44:20.0959 4148 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:44:21.0006 4148 RasMan - ok
15:44:21.0021 4148 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:44:21.0068 4148 RasPppoe - ok
15:44:21.0115 4148 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:44:21.0162 4148 RasSstp - ok
15:44:21.0193 4148 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:44:21.0224 4148 rdbss - ok
15:44:21.0240 4148 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
15:44:21.0255 4148 rdpbus - ok
15:44:21.0287 4148 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:44:21.0318 4148 RDPCDD - ok
15:44:21.0365 4148 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
15:44:21.0380 4148 RDPDR - ok
15:44:21.0396 4148 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:44:21.0443 4148 RDPENCDD - ok
15:44:21.0474 4148 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:44:21.0521 4148 RDPREFMP - ok
15:44:21.0567 4148 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
15:44:21.0599 4148 RdpVideoMiniport - ok
15:44:21.0630 4148 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:44:21.0661 4148 RDPWD - ok
15:44:21.0692 4148 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:44:21.0708 4148 rdyboost - ok
15:44:21.0739 4148 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:44:21.0786 4148 RemoteAccess - ok
15:44:21.0833 4148 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:44:21.0864 4148 RemoteRegistry - ok
15:44:21.0879 4148 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:44:21.0926 4148 RFCOMM - ok
15:44:21.0942 4148 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\windows\system32\DRIVERS\rimmpx64.sys
15:44:21.0973 4148 rimmptsk - ok
15:44:22.0020 4148 [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci C:\windows\system32\DRIVERS\rimspe64.sys
15:44:22.0035 4148 rimspci - ok
15:44:22.0051 4148 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\windows\system32\DRIVERS\rimspx64.sys
15:44:22.0051 4148 rimsptsk - ok
15:44:22.0067 4148 [ C4581F04AA130892555B821F1FBAA151 ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
15:44:22.0082 4148 risdpcie - ok
15:44:22.0129 4148 [ D018844DC53D8428410A2FEEEEE9373E ] rismcx64 C:\windows\system32\DRIVERS\rismcx64.sys
15:44:22.0129 4148 rismcx64 - ok
15:44:22.0145 4148 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\windows\system32\DRIVERS\rixdpx64.sys
15:44:22.0160 4148 rismxdp - ok
15:44:22.0160 4148 [ BE42F817597D3049960A54CE280C2493 ] rixdpcie C:\windows\system32\DRIVERS\rixdpe64.sys
15:44:22.0176 4148 rixdpcie - ok
15:44:22.0191 4148 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:44:22.0254 4148 RpcEptMapper - ok
15:44:22.0285 4148 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:44:22.0285 4148 RpcLocator - ok
15:44:22.0347 4148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:44:22.0379 4148 RpcSs - ok
15:44:22.0410 4148 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:44:22.0457 4148 rspndr - ok
15:44:22.0488 4148 [ 26E0D15FB1835F7ED638F157CCD2E04D ] RsvLock C:\windows\system32\drivers\RsvLock.sys
15:44:22.0503 4148 RsvLock - ok
15:44:22.0519 4148 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
15:44:22.0550 4148 s3cap - ok
15:44:22.0581 4148 [ 6EF8E5E3A079C97C70915CF740E89977 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
15:44:22.0581 4148 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 6EF8E5E3A079C97C70915CF740E89977
15:44:22.0581 4148 SafeBoot ( LockedFile.Multi.Generic ) - warning
15:44:22.0581 4148 SafeBoot - detected LockedFile.Multi.Generic (1)
15:44:22.0659 4148 [ 6A28F5BB0F3CD035D12D8C105EA6ED3E ] SafeBox C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
15:44:22.0675 4148 SafeBox - ok
15:44:22.0675 4148 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:44:22.0691 4148 SamSs - ok
15:44:22.0706 4148 [ FD8714A36C4646DE22DDC7E36F6D09EF ] SbAlg C:\windows\system32\drivers\SbAlg.sys
15:44:22.0706 4148 SbAlg - ok
15:44:22.0737 4148 [ 43027F1996F3AC6BD54B8A871996B7B3 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
15:44:22.0737 4148 SbFsLock - ok
15:44:22.0753 4148 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:44:22.0769 4148 sbp2port - ok
15:44:22.0784 4148 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:44:22.0847 4148 SCardSvr - ok
15:44:22.0878 4148 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:44:22.0925 4148 scfilter - ok
15:44:22.0971 4148 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:44:23.0034 4148 Schedule - ok
15:44:23.0065 4148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:44:23.0096 4148 SCPolicySvc - ok
15:44:23.0112 4148 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
15:44:23.0143 4148 sdbus - ok
15:44:23.0174 4148 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:44:23.0205 4148 SDRSVC - ok
15:44:23.0330 4148 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
15:44:23.0346 4148 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
15:44:23.0346 4148 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
15:44:23.0377 4148 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:44:23.0439 4148 secdrv - ok
15:44:23.0471 4148 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:44:23.0517 4148 seclogon - ok
15:44:23.0549 4148 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
15:44:23.0580 4148 SENS - ok
15:44:23.0611 4148 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:44:23.0642 4148 SensrSvc - ok
15:44:23.0658 4148 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
15:44:23.0689 4148 Serenum - ok
15:44:23.0705 4148 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
15:44:23.0705 4148 Serial - ok
15:44:23.0751 4148 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
15:44:23.0751 4148 sermouse - ok
15:44:23.0814 4148 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:44:23.0861 4148 SessionEnv - ok
15:44:23.0892 4148 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:44:23.0907 4148 sffdisk - ok
15:44:23.0923 4148 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:44:23.0923 4148 sffp_mmc - ok
15:44:23.0939 4148 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:44:23.0985 4148 sffp_sd - ok
15:44:24.0001 4148 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
15:44:24.0017 4148 sfloppy - ok
15:44:24.0048 4148 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
15:44:24.0095 4148 SharedAccess - ok
15:44:24.0141 4148 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:44:24.0188 4148 ShellHWDetection - ok
15:44:24.0219 4148 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
15:44:24.0235 4148 SiSRaid2 - ok
15:44:24.0251 4148 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
15:44:24.0251 4148 SiSRaid4 - ok
15:44:24.0313 4148 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:44:24.0313 4148 SkypeUpdate - ok
15:44:24.0344 4148 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:44:24.0407 4148 Smb - ok
15:44:24.0469 4148 [ 735F96DF0B7ECC04E947E78B2D5CFC07 ] SMManager C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
15:44:24.0485 4148 SMManager - ok
15:44:24.0516 4148 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:44:24.0547 4148 SNMPTRAP - ok
15:44:24.0594 4148 [ 84E347359A28E9E544FF169FBDEA5F59 ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
15:44:24.0641 4148 SNP2UVC - ok
15:44:24.0641 4148 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:44:24.0656 4148 spldr - ok
15:44:24.0703 4148 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:44:24.0719 4148 Spooler - ok
15:44:24.0828 4148 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:44:24.0890 4148 sppsvc - ok
15:44:24.0921 4148 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:44:24.0968 4148 sppuinotify - ok
15:44:25.0015 4148 [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd C:\windows\System32\Drivers\sptd.sys
15:44:25.0046 4148 sptd - ok
15:44:25.0077 4148 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:44:25.0124 4148 srv - ok
15:44:25.0155 4148 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:44:25.0171 4148 srv2 - ok
15:44:25.0187 4148 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:44:25.0187 4148 srvnet - ok
15:44:25.0218 4148 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:44:25.0265 4148 SSDPSRV - ok
15:44:25.0296 4148 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:44:25.0327 4148 SstpSvc - ok
15:44:25.0405 4148 [ F8807AAF697E1D20C9D7716A4941E574 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
15:44:25.0421 4148 STacSV - ok
15:44:25.0483 4148 [ E8606BF6BE3B7481D95F1DD2E4F3FCBA ] StarMoney 7.0 OnlineUpdate C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
15:44:25.0499 4148 StarMoney 7.0 OnlineUpdate - ok
15:44:25.0545 4148 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
15:44:25.0577 4148 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
15:44:25.0577 4148 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
15:44:25.0608 4148 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
15:44:25.0608 4148 stexstor - ok
15:44:25.0655 4148 [ 96DF19A03D37F8568141612D31F0D035 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
15:44:25.0701 4148 STHDA - ok
15:44:25.0733 4148 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:44:25.0764 4148 stisvc - ok
15:44:25.0795 4148 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
15:44:25.0811 4148 storflt - ok
15:44:25.0826 4148 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
15:44:25.0857 4148 StorSvc - ok
15:44:25.0857 4148 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
15:44:25.0873 4148 storvsc - ok
15:44:25.0904 4148 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
15:44:25.0920 4148 swenum - ok
15:44:25.0951 4148 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:44:26.0013 4148 swprv - ok
15:44:26.0091 4148 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
15:44:26.0123 4148 SynTP - ok
15:44:26.0185 4148 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:44:26.0232 4148 SysMain - ok
15:44:26.0263 4148 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:44:26.0294 4148 TabletInputService - ok
15:44:26.0341 4148 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:44:26.0403 4148 TapiSrv - ok
15:44:26.0450 4148 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:44:26.0513 4148 TBS - ok
15:44:26.0575 4148 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:44:26.0622 4148 Tcpip - ok
15:44:26.0653 4148 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:44:26.0684 4148 TCPIP6 - ok
15:44:26.0715 4148 [ FBA939B917976B2C37F1B235DFCD4876 ] tcpipBM C:\windows\system32\drivers\tcpipBM.sys
15:44:26.0731 4148 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
15:44:26.0731 4148 tcpipBM - detected UnsignedFile.Multi.Generic (1)
15:44:26.0778 4148 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:44:26.0809 4148 tcpipreg - ok
15:44:26.0840 4148 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:44:26.0871 4148 TDPIPE - ok
15:44:26.0903 4148 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:44:26.0934 4148 TDTCP - ok
15:44:26.0965 4148 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:44:27.0012 4148 tdx - ok
15:44:27.0293 4148 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
15:44:27.0355 4148 TeamViewer8 - ok
15:44:27.0386 4148 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
15:44:27.0402 4148 TermDD - ok
15:44:27.0433 4148 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:44:27.0480 4148 TermService - ok
15:44:27.0495 4148 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:44:27.0542 4148 Themes - ok
15:44:27.0573 4148 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:44:27.0605 4148 THREADORDER - ok
15:44:27.0620 4148 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
15:44:27.0651 4148 TPM - ok
15:44:27.0683 4148 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:44:27.0745 4148 TrkWks - ok
15:44:27.0776 4148 [ B66EE1D68197DFB9AA24F961E68ACDCC ] trufos C:\windows\system32\DRIVERS\trufos.sys
15:44:27.0792 4148 trufos - ok
15:44:27.0854 4148 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:44:27.0901 4148 TrustedInstaller - ok
15:44:27.0948 4148 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:44:27.0963 4148 tssecsrv - ok
15:44:28.0010 4148 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:44:28.0057 4148 TsUsbFlt - ok
15:44:28.0088 4148 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:44:28.0135 4148 tunnel - ok
15:44:28.0182 4148 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
15:44:28.0197 4148 uagp35 - ok
15:44:28.0244 4148 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:44:28.0275 4148 udfs - ok
15:44:28.0307 4148 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:44:28.0338 4148 UI0Detect - ok
15:44:28.0353 4148 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:44:28.0369 4148 uliagpkx - ok
15:44:28.0385 4148 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
15:44:28.0400 4148 umbus - ok
15:44:28.0416 4148 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
15:44:28.0463 4148 UmPass - ok
15:44:28.0494 4148 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
15:44:28.0525 4148 UmRdpService - ok
15:44:28.0650 4148 [ 7953D636309B7F505C70667A7A2437CF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:44:28.0697 4148 UNS - ok
15:44:28.0775 4148 [ 75A488DA3EA48BE97695A727185515CF ] UPDATESRV C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
15:44:28.0790 4148 UPDATESRV - ok
15:44:28.0837 4148 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:44:28.0884 4148 upnphost - ok
15:44:28.0915 4148 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
15:44:28.0931 4148 USBAAPL64 - ok
15:44:28.0962 4148 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
15:44:28.0993 4148 usbaudio - ok
15:44:29.0040 4148 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:44:29.0071 4148 usbccgp - ok
15:44:29.0102 4148 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:44:29.0118 4148 usbcir - ok
15:44:29.0149 4148 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
15:44:29.0196 4148 usbehci - ok
15:44:29.0227 4148 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:44:29.0243 4148 usbhub - ok
15:44:29.0258 4148 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:44:29.0289 4148 usbohci - ok
15:44:29.0321 4148 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:44:29.0352 4148 usbprint - ok
15:44:29.0399 4148 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
15:44:29.0430 4148 usbscan - ok
15:44:29.0461 4148 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:44:29.0492 4148 USBSTOR - ok
15:44:29.0523 4148 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:44:29.0555 4148 usbuhci - ok
15:44:29.0586 4148 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
15:44:29.0601 4148 usbvideo - ok
15:44:29.0633 4148 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:44:29.0664 4148 UxSms - ok
15:44:29.0679 4148 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:44:29.0695 4148 VaultSvc - ok
15:44:29.0742 4148 [ BBE2B5036D2FF45458C747FB2513591D ] vcsFPService C:\windows\system32\vcsFPService.exe
15:44:29.0789 4148 vcsFPService - ok
15:44:29.0804 4148 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:44:29.0820 4148 vdrvroot - ok
15:44:29.0867 4148 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:44:29.0913 4148 vds - ok
15:44:29.0945 4148 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:44:29.0960 4148 vga - ok
15:44:29.0960 4148 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:44:30.0007 4148 VgaSave - ok
15:44:30.0038 4148 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:44:30.0054 4148 vhdmp - ok
15:44:30.0069 4148 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:44:30.0085 4148 viaide - ok
15:44:30.0147 4148 [ 7E4769483D416AA04B916AAB7EF0DBAF ] VmbService C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
15:44:30.0179 4148 VmbService ( UnsignedFile.Multi.Generic ) - warning
15:44:30.0179 4148 VmbService - detected UnsignedFile.Multi.Generic (1)
15:44:30.0210 4148 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
15:44:30.0225 4148 vmbus - ok
15:44:30.0241 4148 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
15:44:30.0272 4148 VMBusHID - ok
15:44:30.0303 4148 [ 1E4D31FEC921300C5F262C52F5FCC666 ] vodafone_K3805-z_dc_enum C:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
15:44:30.0335 4148 vodafone_K3805-z_dc_enum - ok
15:44:30.0366 4148 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:44:30.0381 4148 volmgr - ok
15:44:30.0428 4148 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:44:30.0444 4148 volmgrx - ok
15:44:30.0491 4148 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
15:44:30.0491 4148 volsnap - ok
15:44:30.0506 4148 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
15:44:30.0522 4148 vsmraid - ok
15:44:30.0600 4148 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:44:30.0678 4148 VSS - ok
15:44:30.0725 4148 [ 3AF5136088BDB56B9889EE8A3D98FBF1 ] VSSERV C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
15:44:30.0756 4148 VSSERV - ok
15:44:30.0787 4148 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:44:30.0787 4148 vwifibus - ok
15:44:30.0818 4148 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:44:30.0818 4148 vwififlt - ok
15:44:30.0834 4148 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
15:44:30.0849 4148 vwifimp - ok
15:44:30.0896 4148 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:44:30.0959 4148 W32Time - ok
15:44:30.0990 4148 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
15:44:31.0021 4148 WacomPen - ok
15:44:31.0052 4148 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:44:31.0099 4148 WANARP - ok
15:44:31.0115 4148 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:44:31.0146 4148 Wanarpv6 - ok
15:44:31.0193 4148 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
15:44:31.0224 4148 WatAdminSvc - ok
15:44:31.0317 4148 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:44:31.0364 4148 wbengine - ok
15:44:31.0411 4148 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:44:31.0442 4148 WbioSrvc - ok
15:44:31.0489 4148 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:44:31.0536 4148 wcncsvc - ok
15:44:31.0551 4148 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:44:31.0583 4148 WcsPlugInService - ok
15:44:31.0614 4148 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
15:44:31.0629 4148 Wd - ok
15:44:31.0676 4148 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:44:31.0707 4148 Wdf01000 - ok
15:44:31.0723 4148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:44:31.0739 4148 WdiServiceHost - ok
15:44:31.0739 4148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:44:31.0770 4148 WdiSystemHost - ok
15:44:31.0785 4148 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:44:31.0817 4148 WebClient - ok
15:44:31.0863 4148 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:44:31.0910 4148 Wecsvc - ok
15:44:31.0941 4148 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:44:31.0988 4148 wercplsupport - ok
15:44:32.0004 4148 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:44:32.0051 4148 WerSvc - ok
15:44:32.0082 4148 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:44:32.0113 4148 WfpLwf - ok
15:44:32.0129 4148 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:44:32.0129 4148 WIMMount - ok
15:44:32.0160 4148 WinDefend - ok
15:44:32.0175 4148 WinHttpAutoProxySvc - ok
15:44:32.0222 4148 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:44:32.0253 4148 Winmgmt - ok
15:44:32.0331 4148 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:44:32.0394 4148 WinRM - ok
15:44:32.0441 4148 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
15:44:32.0472 4148 WinUSB - ok
15:44:32.0565 4148 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:44:32.0597 4148 Wlansvc - ok
15:44:32.0721 4148 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:32.0768 4148 wlidsvc - ok
15:44:32.0799 4148 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
15:44:32.0815 4148 WmiAcpi - ok
15:44:32.0831 4148 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:44:32.0877 4148 wmiApSrv - ok
15:44:32.0893 4148 WMPNetworkSvc - ok
15:44:32.0909 4148 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:44:32.0940 4148 WPCSvc - ok
15:44:32.0971 4148 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:44:32.0987 4148 WPDBusEnum - ok
15:44:33.0018 4148 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:44:33.0065 4148 ws2ifsl - ok
15:44:33.0096 4148 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
15:44:33.0127 4148 wscsvc - ok
15:44:33.0127 4148 WSearch - ok
15:44:33.0205 4148 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
15:44:33.0267 4148 wuauserv - ok
15:44:33.0299 4148 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:44:33.0330 4148 WudfPf - ok
15:44:33.0361 4148 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:44:33.0392 4148 WUDFRd - ok
15:44:33.0439 4148 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:44:33.0470 4148 wudfsvc - ok
15:44:33.0501 4148 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\windows\System32\wwansvc.dll
15:44:33.0548 4148 WwanSvc - ok
15:44:33.0548 4148 ================ Scan global ===============================
15:44:33.0595 4148 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:44:33.0626 4148 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
15:44:33.0642 4148 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
15:44:33.0673 4148 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:44:33.0704 4148 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:44:33.0704 4148 [Global] - ok
15:44:33.0704 4148 ================ Scan MBR ==================================
15:44:33.0720 4148 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:44:34.0359 4148 \Device\Harddisk0\DR0 - ok
15:44:34.0359 4148 ================ Scan VBR ==================================
15:44:34.0359 4148 [ 6E95FBFB59D29677C6876305A6D1CDF6 ] \Device\Harddisk0\DR0\Partition1
15:44:34.0359 4148 \Device\Harddisk0\DR0\Partition1 - ok
15:44:34.0375 4148 [ 2AE8AC2E7E0E3F6246D52865DCB26CC4 ] \Device\Harddisk0\DR0\Partition2
15:44:34.0375 4148 \Device\Harddisk0\DR0\Partition2 - ok
15:44:34.0422 4148 [ B208B2A283A3B8009FAF3407BCE4AE9E ] \Device\Harddisk0\DR0\Partition3
15:44:34.0422 4148 \Device\Harddisk0\DR0\Partition3 - ok
15:44:34.0422 4148 [ 3B485F3327BC9F29D337FB13937C816A ] \Device\Harddisk0\DR0\Partition4
15:44:34.0422 4148 \Device\Harddisk0\DR0\Partition4 - ok
15:44:34.0437 4148 ============================================================
15:44:34.0437 4148 Scan finished
15:44:34.0437 4148 ============================================================
15:44:34.0437 7888 Detected object count: 10
15:44:34.0437 7888 Actual detected object count: 10
15:45:30.0301 7888 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0301 7888 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0301 7888 DEBridge ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0301 7888 DEBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0301 7888 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0301 7888 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888 HPDayStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888 HPDayStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:45:30.0317 7888 VmbService ( UnsignedFile.Multi.Generic ) - skipped by user
15:45:30.0317 7888 VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.02.2013, 08:55
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.02.2013, 10:54
| #11 |
| | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Hallo cosinus, habe ComboFix nach Anleitung installiert und durchlaufen lassen. Logfiles ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 13-02-07.02 - *** 11.02.2013 10:22:55.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8047.5498 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1321692119.bdinstall.bin
c:\programdata\1353484169.bdinstall.bin
c:\programdata\1353486335.bdinstall.bin
c:\programdata\9zVXhbR.bat
c:\programdata\9zVXhbR.pad
c:\programdata\l_u0_0.pad
C:\Thumbs.db
c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\Vodafone Videothek.url
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-11 bis 2013-02-11 ))))))))))))))))))))))))))))))
.
.
2013-02-11 09:30 . 2013-02-11 09:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-09 16:37 . 2013-02-09 16:37 -------- d-----w- c:\users\***\AppData\Local\***.***
2013-02-07 20:11 . 2011-05-13 12:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2013-02-07 20:11 . 2011-03-25 20:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2013-02-07 20:11 . 2013-02-07 20:11 -------- d-----w- c:\users\***\AppData\Roaming\DesktopIconForAmazon
2013-02-07 20:11 . 2013-02-07 20:11 -------- d-----w- c:\programdata\DNSErrorHelper
2013-02-07 20:11 . 2013-02-07 20:11 -------- d-----w- c:\users\***\AppData\Roaming\OCS
2013-02-07 09:42 . 2013-02-07 09:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-05 22:21 . 2013-02-05 22:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-05 22:21 . 2013-02-05 22:20 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 19:07 . 2013-02-05 19:07 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-02-05 19:07 . 2013-02-05 19:07 -------- d-----w- c:\programdata\Malwarebytes
2013-02-05 19:06 . 2013-02-05 19:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-05 19:06 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-05 19:05 . 2013-02-05 19:05 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-02-05 09:16 . 2013-02-05 09:16 153 ----a-w- c:\programdata\9zVXhbR.reg
2013-01-22 13:05 . 2013-01-22 13:06 -------- d-----w- c:\users\***\AppData\Roaming\webex
2013-01-13 09:57 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-13 09:56 . 2013-01-13 09:56 -------- d-----w- c:\program files\iPod
2013-01-13 09:56 . 2013-01-13 09:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-13 09:56 . 2013-01-13 09:57 -------- d-----w- c:\program files\iTunes
2013-01-13 09:56 . 2013-01-13 09:57 -------- d-----w- c:\program files (x86)\iTunes
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 01:05 . 2012-05-20 10:06 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 01:05 . 2012-05-20 10:06 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-05 22:20 . 2012-07-07 16:54 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-05 22:20 . 2011-03-22 18:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-30 16:11 . 2012-11-21 08:39 82384 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-01-30 16:11 . 2012-11-21 08:39 707528 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-01-30 16:10 . 2012-11-21 08:39 589000 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-01-10 05:36 . 2011-03-23 07:46 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-19 12:52 . 2012-12-19 12:52 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-12-16 17:11 . 2012-12-22 08:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 08:38 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:38 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 18:45 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 18:45 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 18:45 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 18:45 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 18:45 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 18:45 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 18:45 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 18:45 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 18:45 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 18:45 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 18:45 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 18:45 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 18:45 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 18:45 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 18:45 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 18:45 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 18:45 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 18:45 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:45 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 18:45 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 18:45 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 18:45 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 18:45 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 18:45 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 18:45 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 18:45 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 18:45 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 18:45 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 18:45 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 18:45 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 18:45 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 18:45 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 18:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 18:44 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 18:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 18:44 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 18:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 18:44 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 18:44 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 18:44 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 18:44 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 18:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}]
2013-02-07 20:11 138752 ----a-w- c:\programdata\DNSErrorHelper\bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HP Connection Manager.exe"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe" [2010-06-08 1120072]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-0000-0000000FF1CE}"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AddonsHelper;AddonsHelper;c:\users\***\AppData\Local\Temp\OCS\Downloads\d340164aef134ca45f5d3a3a8b8d1b79\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-02-07 40960]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-01-30 589000]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-01-30 82384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-01-30 68880]
R4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-10-25 341288]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-11 868848]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-01-30 707528]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-03-10 16512]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-23 89600]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [2011-04-29 1687360]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-11-29 95184]
S2 SMManager;HP Connection Manager Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [2010-06-08 84808]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-12-19 68416]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-01 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-12-30 85504]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2011-04-29 6400]
S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\DRIVERS\qcombushp.sys [2011-04-29 160328]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2011-04-29 444416]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2011-04-29 230784]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 01:05]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 07:50]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 07:50]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-02 19:12]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-02 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-11-29 17:08 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-11-29 17:08 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-11-29 17:08 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-11-29 17:08 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2010-08-18 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2010-08-18 139944]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-23 489472]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-01-30 1573632]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1875048]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EE1CE425-7F04-4A53-A7D6-9321D8185387}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-02-05 23:35; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-07 21:15; twitter.address.bar.search@firefox.twitter; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\extensions\twitter.address.bar.search@firefox.twitter.xpi
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-11 10:32:43
ComboFix-quarantined-files.txt 2013-02-11 09:32
.
Vor Suchlauf: 12 Verzeichnis(se), 204.864.692.224 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 204.708.753.408 Bytes frei
.
- - End Of File - - 5AFF7AC5FF6292D00548D03CDD8DE49A
Hallo cosinus, habe ComboFix problemlos nach der Anleitung durchlaufen lassen. Hier die Logfiles [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-02-07.02 - *** 11.02.2013 10:22:55.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8047.5498 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Spyware-Schutz *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1321692119.bdinstall.bin
c:\programdata\1353484169.bdinstall.bin
c:\programdata\1353486335.bdinstall.bin
c:\programdata\9zVXhbR.bat
c:\programdata\9zVXhbR.pad
c:\programdata\l_u0_0.pad
C:\Thumbs.db
c:\users\***\AppData\Roaming\Microsoft\Windows\Recent\Vodafone Videothek.url
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-11 bis 2013-02-11 ))))))))))))))))))))))))))))))
.
.
2013-02-11 09:30 . 2013-02-11 09:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-09 16:37 . 2013-02-09 16:37 -------- d-----w- c:\users\***\AppData\Local\***.***
2013-02-07 20:11 . 2011-05-13 12:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2013-02-07 20:11 . 2011-03-25 20:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2013-02-07 20:11 . 2013-02-07 20:11 -------- d-----w- c:\users\***\AppData\Roaming\DesktopIconForAmazon
2013-02-07 20:11 . 2013-02-07 20:11 -------- d-----w- c:\programdata\DNSErrorHelper
2013-02-07 20:11 . 2013-02-07 20:11 -------- d-----w- c:\users\***\AppData\Roaming\OCS
2013-02-07 09:42 . 2013-02-07 09:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-05 22:21 . 2013-02-05 22:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-05 22:21 . 2013-02-05 22:20 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 19:07 . 2013-02-05 19:07 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-02-05 19:07 . 2013-02-05 19:07 -------- d-----w- c:\programdata\Malwarebytes
2013-02-05 19:06 . 2013-02-05 19:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-05 19:06 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-05 19:05 . 2013-02-05 19:05 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-02-05 09:16 . 2013-02-05 09:16 153 ----a-w- c:\programdata\9zVXhbR.reg
2013-01-22 13:05 . 2013-01-22 13:06 -------- d-----w- c:\users\***\AppData\Roaming\webex
2013-01-13 09:57 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-13 09:56 . 2013-01-13 09:56 -------- d-----w- c:\program files\iPod
2013-01-13 09:56 . 2013-01-13 09:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-13 09:56 . 2013-01-13 09:57 -------- d-----w- c:\program files\iTunes
2013-01-13 09:56 . 2013-01-13 09:57 -------- d-----w- c:\program files (x86)\iTunes
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-13 09:48 . 2013-01-13 09:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 01:05 . 2012-05-20 10:06 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 01:05 . 2012-05-20 10:06 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-05 22:20 . 2012-07-07 16:54 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-05 22:20 . 2011-03-22 18:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-30 16:11 . 2012-11-21 08:39 82384 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-01-30 16:11 . 2012-11-21 08:39 707528 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-01-30 16:10 . 2012-11-21 08:39 589000 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-01-10 05:36 . 2011-03-23 07:46 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-19 12:52 . 2012-12-19 12:52 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-12-16 17:11 . 2012-12-22 08:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 08:38 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:38 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 08:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 18:45 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 18:45 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 18:45 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 18:45 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 18:45 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 18:45 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 18:45 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 18:45 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 18:45 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 18:45 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 18:45 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 18:45 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 18:45 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 18:45 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 18:45 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 18:45 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 18:45 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 18:45 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:45 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 18:45 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 18:45 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 18:45 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 18:45 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 18:45 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 18:45 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 18:45 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 18:45 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 18:45 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 18:45 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 18:45 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 18:45 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 18:45 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 18:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 18:44 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 18:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 18:44 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 18:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 18:44 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 18:44 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 18:44 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 18:44 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 18:44 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:44 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}]
2013-02-07 20:11 138752 ----a-w- c:\programdata\DNSErrorHelper\bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HP Connection Manager.exe"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe" [2010-06-08 1120072]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-12-31 398848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-0000-0000000FF1CE}"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AddonsHelper;AddonsHelper;c:\users\***\AppData\Local\Temp\OCS\Downloads\d340164aef134ca45f5d3a3a8b8d1b79\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleeCATSCustConnectService;dleeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe [2010-05-21 45224]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-28 55808]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-02-07 40960]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-01-30 589000]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-01-30 82384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1255736]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-01-30 68880]
R4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-10-25 341288]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-11 868848]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-01-30 707528]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2011-03-10 16512]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 76944]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-23 89600]
S2 dlee_device;dlee_device;c:\windows\system32\dleecoms.exe [2010-05-21 1052328]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [2011-04-29 1687360]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-11-29 95184]
S2 SMManager;HP Connection Manager Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [2010-06-08 84808]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-12-19 68416]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-12-31 9216]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-01 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2012-02-02 509104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-12-30 85504]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
S3 qcfilterhp2k;HP un2420 Mobile Broadband Module USB Device Filter;c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2011-04-29 6400]
S3 qcombushp;Gobi 2000 USB Composite Device Driver(03F0-251D);c:\windows\system32\DRIVERS\qcombushp.sys [2011-04-29 160328]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2011-04-29 444416]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2011-04-29 230784]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 01:05]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 07:50]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 07:50]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-02 19:12]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-02 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-11-29 17:08 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-11-29 17:08 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-11-29 17:08 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-11-29 17:08 268760 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"dleemon.exe"="c:\program files (x86)\Dell V715w\dleemon.exe" [2010-08-18 770728]
"EzPrint"="c:\program files (x86)\Dell V715w\ezprint.exe" [2010-08-18 139944]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-23 489472]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-01-30 1573632]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1875048]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EE1CE425-7F04-4A53-A7D6-9321D8185387}: NameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-02-05 23:35; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-07 21:15; twitter.address.bar.search@firefox.twitter; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\extensions\twitter.address.bar.search@firefox.twitter.xpi
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-11 10:32:43
ComboFix-quarantined-files.txt 2013-02-11 09:32
.
Vor Suchlauf: 12 Verzeichnis(se), 204.864.692.224 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 204.708.753.408 Bytes frei
.
- - End Of File - - 5AFF7AC5FF6292D00548D03CDD8DE49A
ich habe hier Probleme mit dem Login, der betroffene Rechner spinnt etwas. Ich werde als offline angezeigt, obwohl ich drin bin, oder ich komme garnicht erst rein. Daher habe ich ein + dasselbe Log versehentlich zweimal gepostet |
|
11.02.2013, 12:13
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.02.2013, 13:13
| #13 |
| | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Hallo cosinus, vielen Dank für deine weitere Hilfe und deine Zeit :-) Hat alles geklappt. Logfiles adwcleaner.exe: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 11/02/2013 um 12:42:00 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\***\Documents\Software
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\x5odo20k.default\prefs.js
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1435 octets] - [11/02/2013 12:42:00]
########## EOF - C:\AdwCleaner[S1].txt - [1495 octets] ##########
OTL Logfiles: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.02.2013 12:53:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,93% Memory free 15,72 Gb Paging File | 12,64 Gb Available in Paging File | 80,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,46 Gb Total Space | 200,58 Gb Free Space | 44,73% Space Free | Partition Type: NTFS Drive F: | 1,99 Gb Total Space | 0,00 Gb Free Space | 0,07% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc) PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) PRC - C:\Program Files (x86)\Dell V715w\ezprint.exe () PRC - C:\Program Files (x86)\Dell V715w\dleemon.exe () PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe (Smith Micro Software, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe (Smith Micro Software, Inc) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\bmctl.exe (Bytemobile, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Conn#\380408b02e889be39353124954ab0bae\Vodafone.Model.Connection.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Model.Shor#\7f69986f2f266961c51cae510014b002\Vodafone.Model.Shortcut.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Shared\7aa6820dc1a68487dd8d4b075072a355\Vodafone.View.Shared.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Manag#\b558758b4ac0f6bfd750e00a387075b8\Vodafone.View.ManagedToolTip.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.BusinessLo#\7bc90a3c13d858a2abcdc0dc5dd1b22b\Vodafone.BusinessLogic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.View.Secon#\87af5a01e0050812a7038eb4e2ead71d\Vodafone.View.SecondaryWindows.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LanWlanMan#\c5bec04e3e8b3134fd01258474dd376e\Vodafone.LanWlanManager.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Vpn\d692d5918d525d2146f52b0f95bc8b99\Vodafone.Vpn.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Inter#\730e7c376c8448fc9fb71e7a5c8e055b\Vodafone.Core.Interfaces.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.CoreI#\277c57b9cb05317a94784d26087a0576\Vodafone.Core.CoreInstanceProvider.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\e73ed9369fac62759c280521fa0f283b\Vodafone.ConnectionServices.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.WwanWrapper\f111962f92abb2b8ed12406e83ca2c1b\Vodafone.WwanWrapper.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\d65e3892ff3bfd90b6b37f7ef0c8761c\Interop.Shell32.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.TrafficOpt#\f5089eb477babd58830ba3ae3f6b5aeb\Vodafone.TrafficOptimiser.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MbbManagem#\3c3423dc197a02a048917025e41017e9\Vodafone.MbbManagement.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\9bea9aa03e6e7263e475004f6c94d824\Vodafone.DeviceAccess.Interfaces.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\5ec9197d2e5de6168cfdbfa64f01b569\Vodafone.DeviceAccess.Internals.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Remot#\17a00561f3a80914f35ff822fe6af7f5\Vodafone.Core.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Common.Logging\0c5008375abad2d7074f91953acd7158\Common.Logging.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\eb89fdd84e558ea153acfe524632a624\Vodafone.DeviceAccess.Factory.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Spring.Core\4a69d3bfa1111bcd9328e15165ee78ad\Spring.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\1f888ef7735ac0b26850e263154532d6\Vodafone.Contracts.Adapter.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.InstancePr#\9eeda4ddf4e53101f9c07780e799ad3a\Vodafone.InstanceProvider.Impl.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\57e626e2ed44f317d68df1078ddf61a9\Infragistics2.Win.UltraWinEditors.v9.2.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\f477bb16d7dc2ee37b259d96cb4a88b5\Infragistics2.Win.Misc.v9.2.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\fc8d018577f1972f52b63e503a1e84df\Infragistics2.Win.v9.2.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\754a5294a4b2eaab04ab9cf0d9516192\Infragistics2.Shared.v9.2.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.U#\30cf850ed078c5d9a4f6493b5e013c73\Infragistics2.Win.UltraWinToolbars.v9.2.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\44e1d1c29d6868d549fe0b8dc7e7befe\Vodafone.Contracts.View.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DeviceAcce#\39d101b56e00b3ea846a8c258ddbe73c\Vodafone.DeviceAccess.Contracts.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\399ce794b60b7caa4b764cf24d398a9b\Interop.FNCClient11Lib.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\6666e786dbce9c7923f2a5633fca5ec2\Vodafone.Contracts.Model.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Core.Contr#\8c2160cad92cb1a69cd491ec27ef673a\Vodafone.Core.Contracts.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Inter#\f618a85001aa57f9cc00cc5861ba363d\Vodafone.Base.Internals.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.UpdateMana#\d6a8b0d952547a4c99ce35307f813a42\Vodafone.UpdateManager.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Facto#\2ecca2e40a375a33ff457ed593c56f74\Vodafone.Base.Factory.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.ReportingM#\c43f4656da8cba686a04b53ae2573e5d\Vodafone.ReportingManager.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Connection#\01a3c693f3f72d9e1f8171ae3efdfb6c\Vodafone.ConnectionManagement.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\7ce5215b875cebe9312bd00fe3e47abb\Vodafone.Contracts.Common.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Contracts.#\a65222e97275088409988fe1ca9aea06\Vodafone.Contracts.Presenter.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.OutlookCon#\2f0ac749fee4889623b8e4c8b8664a9f\Vodafone.OutlookConnector.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Applicatio#\63cdeb2cff87f04f9abb933bc59e7b21\Vodafone.ApplicationHost.Impl.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.CommonDial#\8b0b3fa8e9090315931caac97a92e719\Vodafone.CommonDialogs.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsContact#\db28109a51536e65198d1cd80c91f2ff\Vodafone.SmsContactManager.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.DataAccess#\84b67f4032ef33762164f25e6d2850f7\Vodafone.DataAccessor.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SmsProfile#\2180a360c28430ede7b36d03c03ecb3d\Vodafone.SmsProfileManager.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.SettingsMa#\b3351b69b51a6618151db261c6d09078\Vodafone.SettingsManager.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadbandReso#\123bdd64be6f60112378097b5db9f688\MobileBroadbandResources.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Win32\6f94a9468db9f5da960d05a6883c1010\Vodafone.Base.Win32.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.NtServiceM#\3721c93dab8e3e51f6c9aaf02df2b25d\Vodafone.NtServiceMessaging.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.MobileBroa#\40637db240e1d276f9aeb9df4d442cb9\Vodafone.MobileBroadband.CallbackHandler.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Common\a93ae1f47d2f6d7cea0097dbc1bfed63\Vodafone.Common.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Data\6f72df05f24272c124c3cbf67b2c8a14\Vodafone.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Base.Contr#\e2c656e12b5a46e4741d2762f6404351\Vodafone.Base.Contracts.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.Platform\ae32fc26bf78d00513a39543126e1635\Vodafone.Platform.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\MobileBroadband\996ad37cab5870103648322a1d2f27f6\MobileBroadband.ni.exe () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Vodafone.LogEngine\5b23dd5e04bf1b515d9f0299d6c5d323\Vodafone.LogEngine.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll () MOD - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll () MOD - C:\Program Files (x86)\Dell V715w\ezprint.exe () MOD - C:\Program Files (x86)\Dell V715w\dleemon.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.SharedUI.WPF.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.SharedUI.WPF.resources.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.WwanDiagnostics.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.UI.ViewModel.resources.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.ViewModel.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.UI.Models.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.XmlSerializers.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Application.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Application.resources.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\de\SmithMicro.Resources.WPF.resources.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\SmithMicro.Resources.WPF.resources.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Resources.WPF.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\en-US\HP.ShinyNoire.UI.resources.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP.ShinyNoire.UI.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SmithMicro.Message.XmlSerializers.dll () MOD - C:\Program Files (x86)\Dell V715w\dleeDRS.dll () MOD - C:\Program Files (x86)\Dell V715w\dleescw.dll () MOD - C:\Program Files (x86)\Dell V715w\dleecfg.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\Program Files (x86)\Dell V715w\EPOEMDll.dll () MOD - C:\Program Files (x86)\Dell V715w\epstring.dll () MOD - C:\Program Files (x86)\Dell V715w\EPWizRes.dll () MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Program Files (x86)\Dell V715w\dleedatr.dll () MOD - C:\Windows\SysWOW64\DLEEsmr.dll () MOD - C:\Program Files (x86)\Dell V715w\iptk.dll () MOD - C:\Program Files (x86)\Dell V715w\Epwizard.DLL () MOD - C:\Program Files (x86)\Dell V715w\customui.dll () MOD - C:\Program Files (x86)\Dell V715w\Epfunct.DLL () MOD - C:\Program Files (x86)\Dell V715w\Eputil.DLL () MOD - C:\Program Files (x86)\Dell V715w\Imagutil.DLL () MOD - C:\Program Files (x86)\Dell V715w\dleecaps.dll () MOD - C:\Program Files (x86)\Dell V715w\dleecnv4.dll () MOD - C:\Program Files (x86)\Dell V715w\dleeptp.dll () MOD - C:\Windows\SysWOW64\DLEEsm.dll () ========== Services (SafeList) ========== SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender) SRV:64bit: - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender) SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender) SRV:64bit: - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe (Bitdefender) SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company) SRV:64bit: - (dlee_device) -- C:\Windows\SysNative\dleecoms.exe ( ) SRV:64bit: - (dleeCATSCustConnectService) -- C:\windows\SysNative\spool\DRIVERS\x64\3\\dleeserv.exe () SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.) SRV:64bit: - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.) SRV:64bit: - (DEBridge) -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.) SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SearchAnonymizer) -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (QDLService2kHP) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe (QUALCOMM, Inc.) SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) SRV - (SMManager) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (dleeCATSCustConnectService) -- C:\windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe () SRV - (dlee_device) -- C:\Windows\SysWOW64\dleecoms.exe ( ) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.) SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL) DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender) DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (BdfNdisf) -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys (BitDefender LLC) DRV:64bit: - (BDVEDISK) -- C:\Windows\SysNative\drivers\bdvedisk.sys (BitDefender) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (qcusbnethp2k) -- C:\Windows\SysNative\drivers\qcusbnethp2k.sys (QUALCOMM Incorporated) DRV:64bit: - (qcusbserhp2k) -- C:\Windows\SysNative\drivers\qcusbserhp2k.sys (QUALCOMM Incorporated) DRV:64bit: - (qcombushp) -- C:\Windows\SysNative\drivers\qcombushp.sys (MCCI) DRV:64bit: - (qcfilterhp2k) -- C:\Windows\SysNative\drivers\qcfilterhp2k.sys (QUALCOMM Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (vodafone_K3805-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.) DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.) DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys () DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (adfs) -- C:\windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.) DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.) DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.) DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse IE - HKLM\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{0186DDB1-69EE-4B2E-A1BB-53C7D17AEB6B}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0 IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{1D2BC020-E7D9-4E39-9E23-F533A778DCF5}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0 IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{3BA9E3D7-6190-4454-8C3A-B640449E90D2}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0 IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{3D6E8087-AC2F-4293-B6CE-9D5F06D1058B}: "URL" = [String data over 1000 bytes] IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{D509D060-9149-4588-BD37-8904865FD017}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0 IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{D6711850-1F2B-46BF-94C2-37035561D6FF}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0 IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{E8E96765-A1D3-44EA-9102-639084622E71}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D434D4E5444462670633D434D4E544446267372633D49452D536561726368426F78&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&k=0 IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\..\SearchScopes\{F9BA701B-BBB5-4BA8-9C34-88FC6D65BCEC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=a0a1cfd1-f3a9-4b10-a64a-24589addf085&pid=ccleanerde&mode=bounce&k=0 IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: plugin%40seitwert.de:1.0.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2 FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4189 FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012.11.21 09:39:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010.09.10 23:53:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2011.03.10 12:59:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 10:42:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 10:42:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012.11.21 09:39:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 10:42:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 10:42:16 | 000,000,000 | ---D | M] [2011.03.02 20:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.02.07 21:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\x5odo20k.default\extensions [2013.01.11 07:17:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\x5odo20k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.15 19:08:22 | 000,077,310 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\extensions\plugin@seitwert.de.xpi [2013.02.07 21:15:40 | 000,014,949 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\extensions\twitter.address.bar.search@firefox.twitter.xpi [2013.02.05 23:35:29 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.07 21:16:07 | 000,002,101 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\searchplugins\googlede.xml [2013.02.07 21:11:06 | 000,001,555 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\searchplugins\ixquick-https---deutsch.xml [2013.02.07 21:11:06 | 000,005,431 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\searchplugins\startpage-https---deutsch.xml [2013.02.07 21:15:40 | 000,002,973 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\x5odo20k.default\searchplugins\twitter-.xml [2013.02.06 10:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 10:42:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.02.06 10:42:19 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.07 21:11:06 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.07 21:11:06 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.07 21:11:06 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.07 21:11:06 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.07 21:11:06 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.07 21:11:06 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Pr\u00E4sentationen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.6_0\ CHR - Extension: SEOprofiler = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\anflggobmhfgfdfjfgnihbnfohehopcc\0.2.0.1_0\ CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Lucidchart \u2013 Gemeinsam visualisieren = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn\16_0\ CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: SocialBro = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagknoiagpifjfbempgignagkejmkljm\0.4.0.14_0\ CHR - Extension: Sexy Undo Close Tab = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg\7.2.8_0\ CHR - Extension: MindMeister = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SEO SERP Workbench = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl\1.0_0\ CHR - Extension: MailChimp = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe\1.1_0\ CHR - Extension: Gmail offline = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\ CHR - Extension: Box - 5 GB freier Speicher = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\ CHR - Extension: Seitwert.de SEO Plugin = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcafcehljeapcbpemommidnpcimhhhoe\1.0_0\ CHR - Extension: Google Tabellen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\0.6_0\ CHR - Extension: Wunderlist = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\2.0_0\ CHR - Extension: Click&Clean = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\ CHR - Extension: SEOzio = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghlinldjknincdnifcelhiemjahifcjb\3.0_0\ CHR - Extension: Gantter = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo\3.5.7_0\ CHR - Extension: 1concept = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf\0.2.9.3_0\ CHR - Extension: mysms - SMS anywhere = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb\2.6.2_0\ CHR - Extension: Google Share Button = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\idaeealfhcijmeigljaopafdapgijdcb\1.1.0.12_0\ CHR - Extension: Dropbox = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.3_0\ CHR - Extension: Kostenloser Online-PDF Tools = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn\1.0.1.2_0\ CHR - Extension: Disconnect = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.2.0_0\ CHR - Extension: Google Formulare = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg\0.5_0\ CHR - Extension: Yoono - Twitter, Facebook, LinkedIn, YouTube\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli\0.2.7.22_0\ CHR - Extension: HootSuite = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\ CHR - Extension: Evernote Web = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\ CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: MODevel SEO Ranking (Backend) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhlfjfpdmdcaeplloceibdadoclbkbm\3.1.9_0\ CHR - Extension: Google Zeichnungen = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme\0.6_0\ CHR - Extension: Crowdbooster = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocmfheajhbmicdlmoggadcehdgibfdfc\0.0.1_0\ CHR - Extension: Cacoo - Diagramming & Real-Time Collaboration = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcflmbddgcmomcfngehfhlajjapabojh\1.2.0_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.02.11 10:30:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll () O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll () O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [dleemon.exe] C:\Program Files (x86)\Dell V715w\dleemon.exe () O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V715w\ezprint.exe () O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP Connection Manager.exe] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe (Smith Micro Software, Inc) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\.DEFAULT..\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3442603491-3579072867-3194603140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{870925AB-8270-4C20-9A66-331B278C7CC5}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE1CE425-7F04-4A53-A7D6-9321D8185387}: NameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.11 12:47:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.11 10:21:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.02.11 10:21:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.02.11 10:21:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.02.11 10:18:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.11 10:18:21 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.02.11 10:17:55 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.02.09 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\markus.schulte [2013.02.09 15:42:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.02.09 15:27:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2013.02.07 21:11:24 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\SysWow64\dhRichClient3.dll [2013.02.07 21:11:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2013.02.07 21:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper [2013.02.07 21:11:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS [2013.02.07 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.02.07 10:44:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.07 10:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.07 10:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.06 10:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.05 23:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.05 23:21:17 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.02.05 23:21:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.02.05 23:21:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.02.05 23:21:09 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.05 20:07:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.02.05 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.05 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.05 20:06:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.02.05 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.05 20:05:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.02.04 20:44:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_Recherche [2013.02.04 20:44:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_System [2013.02.04 20:15:01 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_Seminare [2013.02.04 18:37:46 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Keksbox [2013.02.04 18:03:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_PR [2013.02.04 15:11:45 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\_SM [2013.01.29 12:26:35 | 000,000,000 | ---D | C] -- C:\Users\***\Application Data [2013.01.22 14:06:05 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\cache [2013.01.22 14:05:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\webex [2013.01.18 11:33:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Aufräumen [2013.01.13 10:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013.01.13 10:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.13 10:57:18 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys [2013.01.13 10:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.13 10:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.13 10:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.01.13 10:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.01.13 10:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.11 12:52:45 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.11 12:52:45 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.11 12:51:20 | 001,622,172 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.02.11 12:51:20 | 000,700,646 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.02.11 12:51:20 | 000,655,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.02.11 12:51:20 | 000,149,410 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.02.11 12:51:20 | 000,122,190 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.02.11 12:48:01 | 000,001,122 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.11 12:47:57 | 000,000,204 | ---- | M] () -- C:\Users\***\Desktop\Vodafone Videothek.url [2013.02.11 12:44:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.11 12:44:26 | 2033,745,919 | -HS- | M] () -- C:\hiberfil.sys [2013.02.11 12:41:04 | 000,587,659 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.02.11 12:20:01 | 000,001,126 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.11 12:20:00 | 000,001,156 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001UA.job [2013.02.11 12:04:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.02.11 10:30:35 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013.02.11 09:35:58 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.02.10 18:20:02 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3442603491-3579072867-3194603140-1001Core.job [2013.02.10 02:05:47 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.02.10 02:05:47 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.09 15:42:25 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.02.09 15:37:55 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.02.07 16:27:38 | 013,562,257 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.01.0.1017(1).zip [2013.02.07 14:12:59 | 000,120,794 | ---- | M] () -- C:\Users\***\Desktop\Logfiles.zip [2013.02.07 11:41:23 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe [2013.02.07 10:44:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.07 10:33:36 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.02.06 17:26:14 | 000,000,575 | ---- | M] () -- C:\windows\SysNative\checkdnsid.xml [2013.02.06 12:38:07 | 003,100,167 | ---- | M] () -- C:\Users\***\Desktop\Manuel_Software2.png [2013.02.06 12:37:35 | 003,471,942 | ---- | M] () -- C:\Users\***\Desktop\Manuel_Software.png [2013.02.06 12:02:53 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.02.06 11:55:11 | 003,020,368 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.02.05 23:20:33 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.05 23:20:32 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2013.02.05 23:20:32 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2013.02.05 23:20:32 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.02.05 23:20:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.02.05 23:20:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.02.05 22:24:57 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.02.05 21:57:11 | 000,019,767 | ---- | M] () -- C:\Users\***\Desktop\gvu-trojaner-1212_k.png [2013.02.05 20:35:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 19:00:52 | 000,262,641 | ---- | M] () -- C:\Users\***\Desktop\Bitdefnder_Scan_01.xml [2013.02.05 13:24:09 | 001,641,646 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.02.05 10:16:22 | 000,000,153 | ---- | M] () -- C:\ProgramData\9zVXhbR.reg [2013.02.04 20:55:10 | 000,037,272 | ---- | M] () -- C:\Users\***\Documents\cc_20130204_205459.reg [2013.01.30 17:11:22 | 000,082,384 | ---- | M] (BitDefender SRL) -- C:\windows\SysNative\drivers\bdsandbox.sys [2013.01.30 17:11:04 | 000,707,528 | ---- | M] (BitDefender) -- C:\windows\SysNative\drivers\avc3.sys [2013.01.30 17:10:40 | 000,589,000 | ---- | M] (BitDefender) -- C:\windows\SysNative\drivers\avckf.sys [2013.01.13 10:57:29 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.13 10:48:16 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.11 12:41:04 | 000,587,659 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.02.11 10:21:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.02.11 10:21:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.02.11 10:21:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.02.11 10:21:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.02.11 10:21:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.02.09 15:37:55 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.02.07 21:11:24 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll [2013.02.07 16:27:03 | 013,562,257 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.01.0.1017(1).zip [2013.02.07 14:12:59 | 000,120,794 | ---- | C] () -- C:\Users\***\Desktop\Logfiles.zip [2013.02.07 11:41:23 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.0.18454.exe [2013.02.07 10:33:36 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.02.06 12:38:06 | 003,100,167 | ---- | C] () -- C:\Users\***\Desktop\Manuel_Software2.png [2013.02.06 12:37:34 | 003,471,942 | ---- | C] () -- C:\Users\***\Desktop\Manuel_Software.png [2013.02.06 11:36:34 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.02.06 11:36:34 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.02.05 22:24:57 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.02.05 21:57:10 | 000,019,767 | ---- | C] () -- C:\Users\***\Desktop\gvu-trojaner-1212_k.png [2013.02.05 20:07:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 19:02:44 | 000,262,641 | ---- | C] () -- C:\Users\***\Desktop\Bitdefnder_Scan_01.xml [2013.02.05 10:16:22 | 000,000,153 | ---- | C] () -- C:\ProgramData\9zVXhbR.reg [2013.02.04 20:55:05 | 000,037,272 | ---- | C] () -- C:\Users\***\Documents\cc_20130204_205459.reg [2013.01.13 10:57:29 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.13 10:48:16 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.07.06 10:55:42 | 001,641,646 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.07.05 17:15:00 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.04.11 17:09:24 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.22 19:21:34 | 005,981,484 | ---- | C] () -- C:\Users\***\seniorenwegweiser2011_2012.pdf [2011.07.15 12:51:19 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\dleeusb1.dll [2011.07.15 12:51:19 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\dleepmui.dll [2011.07.15 12:51:19 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\dleeinpa.dll [2011.07.15 12:51:19 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\dleecomx.dll [2011.07.15 12:51:19 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\dleeiesc.dll [2011.07.15 12:51:19 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\DLEEinst.dll [2011.07.15 12:51:19 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\dleeins.dll [2011.07.15 12:51:19 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\dleeinsb.dll [2011.07.15 12:51:19 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\dleecu.dll [2011.07.15 12:51:19 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\dleeinsr.dll [2011.07.15 12:51:19 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\dleecub.dll [2011.07.15 12:51:19 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\dleejswr.dll [2011.07.15 12:51:19 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\dleecur.dll [2011.07.15 12:51:18 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\dleeserv.dll [2011.07.15 12:51:18 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\dleecomc.dll [2011.07.15 12:51:18 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\dleehbn3.dll [2011.07.15 12:51:18 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\dleecoms.exe [2011.07.15 12:51:18 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\dleelmpm.dll [2011.07.15 12:51:18 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\dleecfg.exe [2011.07.15 12:51:18 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\dleecomm.dll [2011.07.15 12:51:18 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\dleeih.exe [2011.07.15 12:51:18 | 000,086,183 | ---- | C] () -- C:\windows\SysWow64\DLEEcfg.dll [2011.07.15 12:51:09 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\DLEEsm.dll [2011.07.15 12:51:09 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\DLEEsmr.dll [2011.06.20 14:06:15 | 000,000,000 | ---- | C] () -- C:\Users\***\iphone.sqlite [2011.06.06 09:37:11 | 000,001,854 | ---- | C] () -- C:\Users\***\AppData\Roaming\GhostObjGAFix.xml [2011.05.30 15:27:47 | 000,003,464 | ---- | C] () -- C:\Users\***\.ganttproject [2011.05.10 15:24:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.06 14:19:34 | 000,000,199 | ---- | C] () -- C:\windows\hbcikrnl.ini [2011.03.05 21:00:04 | 000,772,572 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.03.03 01:47:29 | 000,033,134 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2011.02.20 00:11:28 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll [2011.02.20 00:11:28 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2011.02.20 00:11:28 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2010.12.31 12:48:56 | 000,208,552 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2011.03.05 21:16:50 | 000,000,000 | ---- | M] ()(C:\windows\SysNative\?????) -- C:\windows\SysNative\獷楬汢捯污 [2011.03.05 21:16:50 | 000,000,000 | ---- | C] ()(C:\windows\SysNative\?????) -- C:\windows\SysNative\獷楬汢捯污 < End of report > |
|
11.02.2013, 13:16
| #14 |
| | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes Sorry, hier die zweiten Logfiles, OTL-Extra: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.02.2013 12:53:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,86 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,93% Memory free
15,72 Gb Paging File | 12,64 Gb Available in Paging File | 80,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,46 Gb Total Space | 200,58 Gb Free Space | 44,73% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 0,00 Gb Free Space | 0,07% Space Free | Partition Type: FAT32
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3442603491-3579072867-3194603140-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBEFE10-52E4-4E2D-9700-96A800D46DAA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{158E2188-CCCA-44D8-AD0A-CC2FA277DBCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18C4BB15-F557-4999-B51D-2D0F0000A096}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D58810D-E570-44CB-9F84-D7C362D8AC98}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2164CE1B-8446-4684-BCFD-505888C2CC0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27087606-CEEE-4E54-9946-33658C3F43FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C8C9BF6-11B5-437C-9ECF-10969B6C389F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{310EFAAC-DBD2-44E5-B34D-BE58D8058546}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3AA3B4AF-A93E-4CC5-8E15-3F6012F8F700}" = rport=445 | protocol=6 | dir=out | app=system |
"{3ABFCE8B-A597-4C40-81D2-053A3BC6CB48}" = rport=137 | protocol=17 | dir=out | app=system |
"{4C671B3F-84B9-4331-828A-90316FAA8881}" = lport=138 | protocol=17 | dir=in | app=system |
"{5148437F-7266-46E5-8C44-9F13CAF20667}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53CE32C4-0491-4690-99F3-916CCE811995}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7340CD4E-61AD-41E6-85BB-E983529EA03E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74ED2982-8F18-4357-B126-B6258FF01DA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EAE05DC-6B84-4A1C-8745-CAACF4BAA6D2}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6471AC0-B134-464E-B8F6-B64BB8498E67}" = rport=139 | protocol=6 | dir=out | app=system |
"{B1C96D5B-3766-4289-BC70-214F8F99BC99}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CC3612BB-B3FD-49C9-B893-279F4733BD94}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CE93DD49-4F22-4434-8E86-30890666C538}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1ED2DBA-2509-4C32-BA59-5DA61AC3A6E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9FF0FCB-90C6-4A1E-BBFE-AA2770842086}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E91ED1DC-9DBA-4F4C-B0A4-354179100929}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECC1B01F-A0F1-4578-A8A8-2AC09A83DAE2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EDE4EC94-7CD4-40B2-9F04-3EFFCBA3DC74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F5DE75E1-8498-49B7-A91D-B07DD51A4B41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D8A32A-624A-47A3-AE04-F572CD763FF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05F686D6-0EB1-4706-B141-41BDD188792A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0EF74CF5-5ECA-41E2-ABD4-8A2D6F4AA4BB}" = protocol=6 | dir=out | app=system |
"{1082F02E-6181-4029-A3D5-BA9DF2FF1633}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1425F41D-17FE-420D-B665-F0D2C2AE2459}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19CD990E-66B7-43B6-A066-86D916B9BAC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{201CECBF-888C-4056-B442-3BBE746F6813}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2115F257-C904-4A59-A7D9-3ABDDBAD166F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{228AB016-CED5-41A2-ADFF-19D0F7279AFD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{232E9E74-CD9F-4D23-A9E2-78916B39BD72}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{24374955-28DB-48B0-BECD-2571B41554D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2CF14AE0-B6AC-40E6-A2F9-7F2928A449F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2DF698CD-9C98-486D-A5C8-DE4C6B599876}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{466A0515-BBD0-4856-B8B9-F2C0F11DAADE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{4C698689-98F7-4FE6-8D61-E775747A3CC4}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{503897ED-448E-4580-9F8C-FBE0D53FE66F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{576AD9D2-F83D-4065-990B-C3C0B9A46592}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{59057659-08C9-4117-BAAD-DF81BDCB3230}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{61D3F4CA-FBCF-4063-AB08-BDCFC2AE4AE8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{62B486F7-3AD7-4846-B4C4-59B410ABC4C3}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{62C0B310-2B06-4F92-A290-24B57B96368D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{6760C2DB-BCE6-46D7-8A95-E3359921C1CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69485B82-B8F8-4C9F-B39F-BFD1896DBC63}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6C0970C0-35E6-425D-AFE0-ED1439E3150D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6F5CE975-307E-487E-897A-FBDD335246B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{782F59FF-A9D2-4C27-8F41-FF4BEB58BE9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78B53672-F087-472D-A98A-A53EFABA531A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CB847B7-3FCE-439C-9250-8701E86AC149}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{8F15E6D2-8C00-42E5-AFD4-CEACFFB5FC1B}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{96191A60-8A69-4605-A29B-CED6733EA735}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B348065-5DEA-4FC6-AF5F-9912066CF5E3}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{9C7A2F4D-4D4A-4C03-867E-1AE412C5655C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9D96D764-5E43-4ECF-9887-20E91FC32343}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A08B2770-1F93-4B71-8D8C-C615003F5D9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A0E98F0B-2DD4-4960-B369-8ED1C25B12F1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A88208D9-2D70-4243-A635-B801C4070AE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAB8C518-63DD-4FEF-97B9-981461FFECB7}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{AD7A5DD8-C6C5-451C-9F50-C9BF47FC70F0}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{B1AFA860-7876-44BA-BCCD-CAE48ACDE1FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B45963C7-1104-4466-9AA2-68A3FB8D2A9D}" = dir=in | app=c:\windows\system32\dleecoms.exe |
"{BCBBAD8A-5909-4E9D-A14A-4CCE034A5F67}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C411CC64-A257-4FA0-BE14-073DD1A67A85}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D694D0F0-9967-4ACF-8F9D-01C139B3A7C7}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{DD2EBF82-C962-46CF-8EEA-9E9A58A598F9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{E1D5136D-FC18-45D3-B100-271AA9F93473}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{E1F10FB6-091F-4959-AE3C-C5A2EF2B0A7C}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{E82CE48D-2E82-43D5-BB17-A056BAE7054D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAEC3EE4-0371-4A16-B4EC-1B4763B528CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F4F9D7B8-B466-4DAA-A49A-557474458456}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F7150ED8-9734-4DC4-8A3A-13EEEC6427DA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FF715D12-DB17-48A4-9031-147376D8724D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{8F5E441C-73EF-410D-B1B2-0D7FCDF262C5}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{98D60260-1227-4F32-9F29-597B6FA03D53}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2917FD4B-9D6C-4012-BB45-DC9722CA78E2}" = HP ProtectTools Security Manager
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{369ABA06-0536-4E6A-A1FC-40983E268F47}" = Nitro PDF Reader 2
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5CEE98FB-1963-4662-A780-410DA4533D53}" = HP Power Data
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{682FBA83-2CCA-4CFA-A08A-6767DAB2FC9C}" = HP Power Assistant
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F258628-2E18-4C2E-8127-EF4EFAF5F75C}" = HP 3D DriveGuard
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABCB696E-2494-48FC-826D-0666CEE460DB}" = Drive Encryption for HP ProtectTools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C1AC1FED-9E75-42A5-B3EA-CCEC92E75D61}" = Raw Therapee V4.0.9.50 x64
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}" = Validity Fingerprint Driver
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Bitdefender" = Bitdefender Total Security 2013
"CCleaner" = CCleaner
"Dell V715w" = Dell V715w
"DesktopIconAmazon" = Desktop Icon für Amazon
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotomatixPro4.0x64_is1" = Photomatix Pro version 4.0.2
"PROSet" = Intel(R) Network Connections Drivers
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{05570795-9449-4B25-9F1F-80E7970889F4}" = StarMoney 7.0
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5A771AE0-513F-4EC5-AB09-A7D3D22A2E20}" = Qualcomm Gobi 2000 Package for HP
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7861911B-4270-498A-8F7A-FCF0570F484B}" = HP QuickWeb
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6365256-0FBA-4DCD-88CE-D92A4DC9328E}" = HP ESU for Microsoft Windows 7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EBF2741D-5A35-4509-AD94-F07C18D0CE19}" = HP Connection Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Artisteer 3" = Artisteer 3
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Drive Encryption" = Drive Encryption for HP ProtectTools
"FileZilla Client" = FileZilla Client 3.5.0
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"GanttProject" = GanttProject
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3442603491-3579072867-3194603140-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.02.2013 10:09:18 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetLoggedOnUser
Error - 10.02.2013 14:06:08 | Computer Name = *** | Source = Windows Backup | ID = 4104
Description =
Error - 10.02.2013 14:36:07 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetClient
Error - 10.02.2013 19:31:29 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Hewlett-Packard\2009
Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config" in Zeile
0. Ungültige XML-Syntax.
Error - 10.02.2013 19:31:56 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.02.2013 03:42:05 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Hewlett-Packard\2009
Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config" in Zeile
0. Ungültige XML-Syntax.
Error - 11.02.2013 03:42:21 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetLoggedOnUser
Error - 11.02.2013 03:42:29 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetLoggedOnUser
Error - 11.02.2013 07:45:05 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe".
Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Hewlett-Packard\2009
Password Filter for HP ProtectTools\PTChangeFilterService.exe.Config" in Zeile
0. Ungültige XML-Syntax.
Error - 11.02.2013 07:45:35 | Computer Name = *** | Source = VmbService | ID = 0
Description = GetLoggedOnUser
[ Hewlett-Packard Events ]
Error - 24.11.2012 06:40:58 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 24.11.2012 08:41:41 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 24.11.2012 08:41:53 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 25.11.2012 06:41:50 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 25.11.2012 07:25:01 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 26.11.2012 04:05:15 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 26.11.2012 04:05:16 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()
bei HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedUpdates()
bei HP.SupportFramework.Utilities.HPSAIssues.AnalysisRuntime.ValidateCompletedActions(String
guidRestarted) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 30 TargetSite: System.Collections.Generic.List`1[HP.SupportFramework.Utilities.HPSAIssues.ActionItem]
GetAppliedUpdates()
Error - 03.12.2012 04:29:04 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 03.12.2012 04:39:21 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 03.12.2012 04:39:21 | Computer Name = *** | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
8047 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)
[ HP Power Assistant Events ]
Error - 29.09.2011 04:54:41 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 30.09.2011 11:37:49 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
Error - 30.09.2011 11:37:50 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
Error - 30.09.2011 11:37:50 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 02.10.2011 03:07:46 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
Error - 02.10.2011 03:07:48 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
Error - 02.10.2011 03:07:48 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 02.10.2011 13:05:55 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Current OS (processorVersion=64, version=6.1, servicePack=1.0) not
found in the dat file.
Error - 02.10.2011 13:05:58 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = Aero consumption missing from the power usage node (planName=HP powerSource=AC).
Error - 02.10.2011 13:05:58 | Computer Name = *** | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Aero consumption missing from
the power usage node (planName=HP powerSource=AC). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
[ HP Software Framework Events ]
Error - 21.01.2013 19:06:12 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.01.22 00:06:12.441|00000634|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged.2.0 event. Exception: Der Objektverweis
wurde nicht auf eine Objektinstanz festgelegt.
Error - 26.01.2013 10:04:39 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.01.26 15:04:39.538|000019D0|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 30.01.2013 05:07:03 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.01.30 10:07:03.894|000020FC|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 07.02.2013 04:58:22 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.07 09:58:21.974|00000890|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 07.02.2013 05:34:20 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.07 10:34:20.521|00000FC4|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 07.02.2013 05:34:20 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.07 10:34:20.584|00000FC4|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged.2.0 event. Exception: Der Objektverweis
wurde nicht auf eine Objektinstanz festgelegt.
Error - 08.02.2013 04:37:13 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.08 09:37:13.837|00001C28|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 08.02.2013 21:31:54 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.09 02:31:54.359|00001AFC|Error |[CaslWmi]A::A{bool(object,hpCasl.CaslEventArgs&)}|Error
e_INVALID_XML converting PMC bytes to XML.
Error - 11.02.2013 07:43:49 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.11 12:43:49.187|000018D4|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the PMC.Data event. Exception: Der Objektverweis wurde nicht auf
eine Objektinstanz festgelegt.
Error - 11.02.2013 07:43:49 | Computer Name = *** | Source = CaslSmBios | ID = 5
Description = 2013.02.11 12:43:49.218|000018D4|Error |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
unregistering the Wireless.GlobalChanged.2.0 event. Exception: Der Objektverweis
wurde nicht auf eine Objektinstanz festgelegt.
[ HP Wireless Assistant Events ]
Error - 27.01.2012 18:36:35 | Computer Name = *** | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 08.02.2012 18:22:33 | Computer Name = *** | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 08.02.2012 18:22:33 | Computer Name = *** | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()
Error - 08.03.2012 01:45:11 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
Error - 23.03.2012 09:44:04 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 23.03.2012 09:44:05 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
Error - 06.06.2012 08:25:59 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
bei PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
Error - 28.06.2012 18:08:43 | Computer Name = *** | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 05.02.2013 18:18:19 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 05.02.2013 18:18:20 | Computer Name = *** | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
[ System Events ]
Error - 11.02.2013 05:30:09 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 11.02.2013 05:30:37 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 11.02.2013 07:45:01 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AddonsHelper" wurde aufgrund folgenden Fehlers nicht gestartet:
%%193
Error - 11.02.2013 07:45:05 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
dleeCATSCustConnectService erreicht.
Error - 11.02.2013 07:45:05 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "dleeCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.02.2013 07:45:05 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP ProtectTools Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%14001
Error - 11.02.2013 07:45:07 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimspci" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 11.02.2013 07:45:07 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "risdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 11.02.2013 07:45:07 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rixdpcie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 11.02.2013 07:45:27 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "SearchAnonymizer" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
|
|
11.02.2013, 14:14
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit MalwarebytesFixen mit OTL
Code:
ATTFilter :OTL
[2013.02.05 10:16:22 | 000,000,153 | ---- | M] () -- C:\ProgramData\9zVXhbR.reg
[2013.02.09 15:37:55 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes |
| beste, besten, dateien, defender, folge, forum, gmer, google, internet, malwarebytes, modus, nichts, plötzlich, probleme, quarantäne, rechner, security, total, total security, trojaner, updates, wichtige, win, woche, zahlen |
Textbox. 
Linear-Darstellung
