| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.BlubbersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.03.2013, 10:24
| #1 |
 |  PUP.Blubbers Hallo liebes Helferteam! Nachdem ich seit einigen Wochen beim Öffnen des IE-Explorers immer wieder eine zusätzl. Werbeseite (ad.adserverplus.com) darunter liegen hatte, habe ich aufgrund eig. Recherchen " Malwarebytes Anti-Malware " geladen und 201 Objekte "PUP.Blubbers" gefunden und in Quarantäne gesteckt. Habe nach dem ersten Suchlauf diverse Toolbars (Google, Ask,...) über"... Programme" deinstalliert. Jetzt bin ich mir nicht sicher, ob das Problem wirklich damit behoben ist...Avira Internet Sec. (akt. vollst. Bezahlversion) hat im Suchlauf danach nichts gefunden. Bin ein neuer User Eures Forums und kein Comp.spezialist! Bitte dringend um Rat bzw. Hilfe und im Voraus vielen Dank dafür!!!! |
|
21.03.2013, 11:17
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  PUP.Blubbers Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.03.2013, 12:33
| #3 |
| | PUP.BlubbersCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.20.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16521 Home :: HOME-PC [Administrator] Schutz: Aktiviert 20.03.2013 10:13:51 mbam-log-2013-03-20 (10-13-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228614 Laufzeit: 16 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 2 C:\Program Files\BROWSERCOMPANION\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\UPDATEBHOWIN32.DLL (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files\BROWSERCOMPANION (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 170 C:\Program Files\BROWSERCOMPANION\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\TDATAPROTOCOL.DLL (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\UPDATEBHOWIN32.DLL (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\BLABBERS-FF-FULL.XPI (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BROWSERCOMPANION\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0227dd5d240c9bdfb9504999e66c665b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d5baae4ef839769f8eb7e9f9d82d8a40_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\897979c67bed116efad1a04f5f229ecd_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.20.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16521 Home :: HOME-PC [Administrator] Schutz: Aktiviert 20.03.2013 12:56:18 mbam-log-2013-03-20 (12-56-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 227479 Laufzeit: 44 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files\BROWSERCOMPANION (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 166 C:\Program Files\BROWSERCOMPANION\BLABBERS-FF-FULL.XPI (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BROWSERCOMPANION\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BROWSERCOMPANION\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BROWSERCOMPANION\terms.lnk.url (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BROWSERCOMPANION\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BROWSERCOMPANION\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BROWSERCOMPANION\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BROWSERCOMPANION\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0227dd5d240c9bdfb9504999e66c665b_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d5baae4ef839769f8eb7e9f9d82d8a40_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\897979c67bed116efad1a04f5f229ecd_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Home\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Exportierte Ereignisse:
20.03.2013 18:29 [System-Scanner] Malware gefunden
Die Datei 'J:\Festpl.H, Medion XP\Eigene Dateien\Eigene
Downloads\updater\edisionlink4-2.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0cb4575e.qua'
verschoben!
20.03.2013 18:29 [System-Scanner] Malware gefunden
Die Datei 'J:\Festpl.H, Medion XP\Eigene Dateien\Eigene
Downloads\updater\edisionlink4-2\EdisionLink4-2.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '400c7b14.qua'
verschoben!
20.03.2013 18:29 [System-Scanner] Malware gefunden
Die Datei 'J:\Sicherung\NERO Backup\20101222_174703_Home\C\Users\Home\Marion
Eigene Dateien\Eigene Downloads\Privat\edisionlink4-2\EdisionLink4-2.exe.nco'
enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '70ac170e.qua'
verschoben!
20.03.2013 18:29 [System-Scanner] Malware gefunden
Die Datei 'J:\Festpl.H, Medion XP\Sicherung\Backup Arbeitszimmer\Nero
D\20090215_190528_Marion Janik.nba'
enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3fdc4ad0.qua'
verschoben!
20.03.2013 18:29 [System-Scanner] Malware gefunden
Die Datei 'J:\Sicherung\NERO Backup\20101222_174703_Home\C\Users\Home\Marion
Eigene Dateien\Eigene Downloads\Privat\edisionlink4-2.zip.nco'
enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5df63843.qua'
verschoben!
20.03.2013 18:28 [System-Scanner] Malware gefunden
Die Datei 'J:\HOME-PC\Backup Set 2011-02-17 113553\Backup Files 2011-02-17
113553\Backup files 20.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7a8d6401.qua'
verschoben!
20.03.2013 18:28 [System-Scanner] Malware gefunden
Die Datei 'J:\HOME-PC\Backup Set 2011-02-17 113553\Backup Files 2011-02-17
113553\Backup files 274.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1cba2bc2.qua'
verschoben!
20.03.2013 18:28 [System-Scanner] Malware gefunden
Die Datei 'J:\HOME-PC\Backup Set 2012-01-29 105646\Backup Files 2012-01-29
105646\Backup files 23.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ee57128.qua'
verschoben!
20.03.2013 18:28 [System-Scanner] Malware gefunden
Die Datei 'J:\HOME-PC\Backup Set 2012-01-29 105646\Backup Files 2012-01-29
105646\Backup files 404.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Refroso.epdf' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56725e81.qua'
verschoben!
Habe keine anderen akt. Scanergebnisse, der AntiVirScan ist, wie ich denke, nicht zum Thema. Ist das ausreichend???? Hoffe auf weiterführende Hilfe für meinen PC!! |
|
21.03.2013, 16:26
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.Blubbers Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.03.2013, 17:06
| #5 |
| | PUP.Blubbers Hier die Dateien nach OTL-Scan: Code:
ATTFilter OTL Extras logfile created on: 21.03.2013 16:58:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,85% Memory free
5,98 Gb Paging File | 4,11 Gb Available in Paging File | 68,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356,16 Gb Total Space | 1138,38 Gb Free Space | 83,94% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 21,20 Gb Free Space | 53,00% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 910,09 Gb Free Space | 97,70% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB397A1-6996-4227-A254-0D003E68752B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3681C921-7D05-42D4-AA5F-63144B061307}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5BCACACA-325D-4221-A578-7CFCA270E86E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61E37E18-F421-4FAD-987C-C6A5840770C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A198C39A-8590-4913-9A75-5B8CE0B53A8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A469E627-A16B-462C-A0C1-C7DC9C096A75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC8FFDB7-CBA1-45BF-AECA-0C3B34854C75}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AE98CC6E-71C1-490E-B18D-F5C977DA7C13}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B4E589EF-82F7-418B-8D4B-F9E87D6DEE3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B511ED13-A335-46C6-9D0A-495F45A8A24C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B6B97598-0689-4365-BF40-165BDFE8D936}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDDFB7AE-0E52-44D5-BA78-F3FA56E0AECE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD785397-BCD6-4781-AEB5-5ACF753259C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EEBE195F-775F-4145-A964-66B5FAB9E4B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04246E6F-DE7D-4B55-BA08-EC2175B9E9C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{082FD3A8-0636-458A-B980-2B7312D5B150}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 apoedition\app\starmoney.exe |
"{0E317D00-D4D2-4960-A72A-FE8E897E75F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1703CC13-3BBB-4C6B-86DE-5055E1E77873}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{19E290E8-D909-4C5B-A7D4-D1AD141A9A63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{1B2A5A5C-64E6-4ADE-AC81-2D16BE750A09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{233BA796-EF9A-49B9-844A-69917B608785}" = dir=in | app=e:\setup\hpznui01.exe |
"{242CA202-DD5D-4B57-BF61-406620C3D0EA}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 apoedition\ouservice\starmoneyonlineupdate.exe |
"{25BD7991-3329-46C4-83BA-8CA5ED2D66AF}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs27ac\hppiw.exe |
"{25C21D7F-CA3E-48DD-88FC-DC31E9EBA4F4}" = protocol=6 | dir=out | app=system |
"{293BAD13-A235-413A-A34F-5C435B34F4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C2B3AAA-6C21-4B55-9508-D1A7CB88B737}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2C35796D-0997-4620-B9DC-C41D2D46AA81}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs2a64\hpdiagnosticcoreui.exe |
"{33DD6D46-6BF7-437F-833C-508E910AFE4A}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\devicesetup.exe |
"{34B828D1-2BE4-4672-9380-E492DFB792FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3A24B9BC-664F-43C6-9033-D8662A0A07D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3F255F46-823B-45DE-8F11-01AD9529A899}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs1fca\hpdiagnosticcoreui.exe |
"{451492B2-47D5-4721-B0BA-CF5D1B6CAE5F}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 apoedition\ouservice\starmoneyonlineupdate.exe |
"{530F2ADC-A878-4C11-B194-4555E99E95C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5596FB10-CBCA-4174-8BD6-2988B5CE85F4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{664FA9CB-C6AC-4A0F-871D-E007B7D01EDE}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6B913BCE-C9DD-4A4B-A2D9-54722A79E9DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6EBA8046-967F-4DA4-8547-8901DCA58E90}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7079E0AB-4A6B-4007-AC3E-5D69A98C8DDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{71CDFFC1-7489-4F40-A78D-5F01B98AEE8B}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs1fca\hpdiagnosticcoreui.exe |
"{74AF0EB5-BAC8-4305-9DB0-1CFC8C944789}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8412B01E-C7B3-419E-B47F-0503C078636C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{89B9E925-DAEB-445D-B20E-4E55D4097F10}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{9B8298D9-068F-4BAC-A938-8FFFA805FD75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F07E192-804E-431F-8F52-D23ECEE5E31E}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 apoedition\app\starmoney.exe |
"{A27B7226-6EF7-4149-9794-907848A86663}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A2BD277C-FE15-4F4B-A9C9-FFD0A9AED202}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7CD8BED-7699-4377-A084-B15C601F70E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{AE923602-42AC-4B2E-AA8D-305106B51B34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{B376E4F9-3879-44CA-81F6-D57692C3C3DA}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs2a64\hpdiagnosticcoreui.exe |
"{B4735C2E-2883-4933-BF5A-3533DAEA8DFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4AC4CCA-0E3C-4F17-9CFF-FF2B27233738}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs27ac\hppiw.exe |
"{B4B1505A-858A-418E-8036-6509C8CA02C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B52C01AD-A933-4726-A36F-FD9408FF6C61}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B688FA93-24AE-43A1-9CC9-DF52D2990834}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDC7BA54-38C8-4031-AD38-0EE3F61117BF}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\hpnetworkcommunicator.exe |
"{C4B120AF-60EC-4532-A5AF-7A629789BC9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{C8E99D43-EAA3-4443-BD9E-7D223B14D94F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D87B1C77-03CE-48C3-84FA-031C9997E05E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{DD9B5286-31EF-4094-AB56-149A2484183F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{DDA53C83-3FAE-4C62-A77D-2416B79CBA73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0AB2124-29AB-4962-982B-A17380C26C9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6CCE1C5-7055-44F6-9EB6-B571318B625E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{F8ED9470-6624-424B-9C56-73322642BE61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9301285A-574F-4A90-ABAB-BC7D049CE161}C:\mc-light\mclwin\prg\zbase32.exe" = protocol=6 | dir=in | app=c:\mc-light\mclwin\prg\zbase32.exe |
"UDP Query User{7F363FF2-FF5C-4B6F-B9D4-097B628BCA8E}C:\mc-light\mclwin\prg\zbase32.exe" = protocol=17 | dir=in | app=c:\mc-light\mclwin\prg\zbase32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{02c5230b-9da5-46bc-a2e4-1047895041e2}" = Nero 9 Essentials
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{07D0F003-4C56-45F2-9D9D-613BEC6FD5A7}" = .NET Utilities
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5229C090-842B-1CB0-1676-43E421294B5C}" = AMD Drag and Drop Transcoding
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{562B89CE-2FF3-4573-B67C-67EB8CF8063D}" = HP ENVY 110 series - Grundlegende Software für das Gerät
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A6F6041-013B-4C45-861E-3E2BA6C894B8}" = Studie zur Verbesserung von HP Officejet Pro 8600 Produkten
"{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1" = 3M Products Update version 2012-05 for Microsoft Office 2010
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D846456-C32B-43B9-99ED-B1AC43D6A233}" = GoGear SA4RGA Device Manager
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{729713E3-CFD5-4E9F-A301-5BD8EA25A28B}" = COMPUTERBILD-PC-Schnellstarter
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7419582C-1E2E-4848-88F6-9FF638D9EA87}" = LightScribe Diagnostic Utility
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B69FE75-3AF9-4714-89EE-D3F64CB08F90}" = HP Officejet Pro 8000 A809 Series
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7F2B12E7-2302-4A86-AE26-33DDD84E478A}" = MAGIX Burn routines
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85092B90-AEB2-2E30-0EF1-432EC61F6BD1}" = Catalyst Control Center InstallProxy
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0CBFC47-690E-4277-82BB-13BE18CF0C2E}" = CEWE FOTOBUCH PRO Designvorlagen
"{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}" = HP Digital Photo Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Kameras 9.0
"{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09E526E-586C-4AD1-B2C0-A632CAA59C25}" = Studie zur Verbesserung von HP ENVY 110 series Produkten
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7EA1AF1-F908-0832-AA52-5EDBE128FD6B}" = ccc-core-static
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}" = HP ENVY 110 series Hilfe
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E6FCA24F-1192-4C9D-B1AA-F93C3DA80851}" = DDBAC
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9D4FBA9-FB46-A5CE-F52F-516C4B8F0373}" = ccc-utility
"{EB0E062C-575D-8154-2682-C84EF432CCF0}" = Catalyst Control Center Graphics Previews Common
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EDD7B70D-36D0-694D-AA34-D566A13CE98D}" = WMV9/VC-1 Video Playback
"{EEA54973-AFC8-21C8-1414-246AA9435890}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB8927C5-0232-4DFF-8D13-CAEDCDB4C1A3}" = StarMoney 8.0 apoEdition
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 9.20
"ABEURO_is1" = AB-Euro 2.2.0.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Internet Security
"AVMBLUECLI" = AVM BlueFRITZ! USB
"B81055EA372C9E3EA5000B4BD9585D992D51F1DE" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002)
"BlazePhoto 2.0_is1" = BlazePhoto 2.0
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CD-DVD Druckerei 7_is1" = DATA BECKER CD-DVD Druckerei 7
"Content Manager 2" = Content Manager 2
"DATA BECKER - Etikettendruckerei 2000" = DATA BECKER - Etikettendruckerei 2000
"DATA BECKER Die große Weihnachts Druckerei 2000" = DATA BECKER Die große Weihnachts Druckerei 2000
"DOCexpertComfort" = DOCexpertComfort
"DPP" = Canon Utilities Digital Photo Professional 3.5
"Duplicate Cleaner" = Duplicate Cleaner 1.4.7c
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"FRITZ! 2.0" = AVM FRITZ!
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 deluxe D" = MAGIX Fotos auf CD & DVD 8 deluxe 8.0.2.6 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MC light" = MC light
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"Netzmanager" = Netzmanager
"nLite_is1" = nLite 1.4.9.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineFotoservice" = OnlineFotoservice
"Philips Songbird" = Philips Songbird
"PhotoStitch" = Canon Utilities PhotoStitch
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva
"SetEditEdision1600" = SetEditEdision1600 (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"Visitenkarten-Druckerei 11_is1" = DATA BECKER Visitenkarten-Druckerei 11
"WinLiveSuite" = Windows Live Essentials
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"Sansa Updater" = Sansa Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.10.2011 03:49:38 | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 17.10.2011 04:43:31 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AvmObexService.exe, Version: 1.0.13.0,
Zeitstempel: 0x4564a69d Name des fehlerhaften Moduls: AVMCCDI.DLL_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4211aef4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002b3d9a
ID
des fehlerhaften Prozesses: 0xa3c Startzeit der fehlerhaften Anwendung: 0x01cc8c9c36578f51
Pfad
der fehlerhaften Anwendung: C:\Program Files\avmclient\AvmObexService.exe Pfad des
fehlerhaften Moduls: AVMCCDI.DLL Berichtskennung: 170c3aa2-f89c-11e0-845b-6c626d8d74ef
Error - 18.10.2011 03:43:57 | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 18.10.2011 04:12:58 | Computer Name = Home-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 18.10.2011 04:15:29 | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.10.2011 09:24:57 | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 19.10.2011 10:56:51 | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.10.2011 10:29:56 | Computer Name = Home-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.10.2011 11:09:00 | Computer Name = Home-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 20.10.2011 11:12:34 | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 19.03.2013 08:09:41 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 20.03.2013 14:38:18 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM BT OBEX Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.03.2013 15:15:06 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 20.03.2013 15:15:12 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 20.03.2013 15:15:12 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 20.03.2013 15:15:13 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 20.03.2013 15:15:13 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 21.03.2013 08:09:41 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM BT OBEX Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 21.03.2013 08:12:25 | Computer Name = Home-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
Error - 21.03.2013 10:24:21 | Computer Name = Home-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
< End of report >
Code:
ATTFilter OTL logfile created on: 21.03.2013 16:58:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,85% Memory free 5,98 Gb Paging File | 4,11 Gb Available in Paging File | 68,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356,16 Gb Total Space | 1138,38 Gb Free Space | 83,94% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 21,20 Gb Free Space | 53,00% Space Free | Partition Type: NTFS Drive J: | 931,51 Gb Total Space | 910,09 Gb Free Space | 97,70% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Programme\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Users\Home\AppData\Roaming\BrowserCompanion\tbhcn.exe () PRC - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () PRC - C:\Programme\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) PRC - C:\Programme\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Programme\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) PRC - C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\avmclient\bluefritz.exe (AVM Berlin) PRC - C:\Programme\avmclient\AvmObex.exe (AVM Berlin) PRC - C:\Programme\avmclient\avmbtservice.exe (AVM Berlin) PRC - C:\Programme\avmclient\AvmObexService.exe (AVM Berlin) PRC - C:\MC-Light\MCLWIN\PRG\ZBASE32.EXE (Omikron Systemhaus) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Users\Home\AppData\Roaming\BrowserCompanion\tbhcn.exe () MOD - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BingDesktopUpdate) -- C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (Netzmanager Service) -- C:\Programme\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (FreeAgentGoNext Service) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (AVM BT Connection Service) -- C:\Programme\avmclient\avmbtservice.exe (AVM Berlin) SRV - (AvmObexService) -- C:\Programme\avmclient\AvmObexService.exe (AVM Berlin) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (bfubase) -- C:\Windows\System32\drivers\bfubase.sys (AVM Berlin) DRV - (CAPI_CIP) -- C:\Windows\System32\drivers\capi_cip.sys (AVM Berlin) DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH) DRV - (AVMBTPARALLEL) -- C:\Windows\System32\drivers\avmbtpar.sys (AVM GmbH) DRV - (AVMBTSERIAL) -- C:\Windows\System32\drivers\avmbtser.sys (AVM GmbH) DRV - (BFHU_CFG) -- C:\Windows\System32\drivers\bfhu_cfg.sys (AVM Berlin) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = Search Plusnetwork - Results} IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{EDD09B12-5276-4B4E-A76E-D92EAC628DA8}: "URL" = {searchTerms} - Google Search IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Home\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.08 18:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 14:32:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 14:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.11.11 14:46:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.08 18:03:42 | 000,000,000 | ---D | M] [2013.02.03 16:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions [2011.03.09 21:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2013.02.03 16:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2011.03.09 21:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Sunbird\Profiles\rojy113b.default\extensions ========== Chrome ========== CHR - homepage: Plus! Network - Plusnetwork CHR - default_search_provider: Plus! Network (Enabled) CHR - default_search_provider: search_url = Search Plusnetwork - Results} CHR - default_search_provider: suggest_url = CHR - homepage: Plus! Network - Plusnetwork CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Home\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Browser Companion Helper = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: Google-Suche = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5\ CHR - Extension: Google Mail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (CBAbzockschutz.InitToolbarBHO) - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Oracle) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (COMPUTERBILD-Abzockschutz) - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe (AVM Berlin) O4 - HKLM..\Run: [AVMBLUEOBEX] C:\Program Files\avmclient\AvmObex.exe (AVM Berlin) O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [HP ENVY 110 series (NET)] C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [SansaDispatch] C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC light-Alarm.lnk = C:\MC-Light\MCLWIN\PRG\LOADER.EXE () O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Home\AppData\Roaming\BrowserCompanion\tbhcn.exe () O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk = C:\Windows\System32\rundll32.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites) O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites) O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: windowsupdate.com ([]* in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\base64 - No CLSID value found O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\chrome - No CLSID value found O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\prox - No CLSID value found O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{853f9162-0d27-11e0-a53b-6c626d8d74ef}\Shell - "" = AutoRun O33 - MountPoints2\{853f9162-0d27-11e0-a53b-6c626d8d74ef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{d6f50945-2c4f-11e0-a50b-6c626d8d74ef}\Shell - "" = AutoRun O33 - MountPoints2\{d6f50945-2c4f-11e0-a50b-6c626d8d74ef}\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.21 16:40:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013.03.21 16:00:50 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.03.20 10:12:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes [2013.03.20 10:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.20 10:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.20 10:12:41 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.20 10:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.13 16:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop [2013.03.13 16:26:48 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.13 16:26:48 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.13 16:26:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.13 16:26:48 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.13 16:26:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.13 16:26:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.13 16:26:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 16:26:47 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 16:26:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 16:26:47 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 16:26:47 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.13 16:26:47 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.13 16:26:47 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.13 16:26:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 16:26:47 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 16:26:47 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.13 16:26:47 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.13 16:26:47 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.13 16:26:47 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 16:26:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.13 16:26:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.13 16:26:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.13 16:26:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 16:26:47 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.13 16:26:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.13 16:26:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.13 16:26:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.13 16:26:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.13 16:26:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.13 16:26:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.13 16:26:47 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.13 16:26:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.13 16:26:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.13 16:26:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.13 16:26:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.13 16:26:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.13 16:24:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.10 10:53:01 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.03.10 10:52:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.03.10 10:52:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.10 10:52:54 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.10 10:52:54 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.10 10:52:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.03.10 10:52:52 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.03.10 10:52:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.10 10:52:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.10 10:52:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.10 10:52:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.10 10:52:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.10 10:52:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.10 10:52:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.03.10 10:52:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.03.10 10:52:51 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.03.10 10:52:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.03.10 10:52:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.03.10 10:52:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.03.10 10:52:51 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.03.10 10:52:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.03.10 10:52:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.03.10 10:52:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.03.10 10:52:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.03.10 10:52:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.03.09 10:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.24 18:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice [6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.21 16:50:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.21 16:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013.03.21 16:31:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.21 16:00:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.03.21 15:46:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 15:46:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 15:39:19 | 000,001,926 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk [2013.03.21 15:38:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.21 15:38:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.21 15:38:39 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2013.03.21 15:33:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.21 15:33:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.21 15:33:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.21 11:09:19 | 000,707,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.21 11:09:19 | 000,660,934 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.21 11:09:19 | 000,152,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.21 11:09:19 | 000,125,124 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.21 10:44:54 | 000,250,727 | ---- | M] () -- C:\Windows\hpwins21.dat [2013.03.21 09:48:00 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe [2013.03.20 18:31:27 | 002,522,934 | ---- | M] () -- C:\Users\Home\AppData\Local\[j0004]-[p08].bmp [2013.03.20 18:31:25 | 002,522,934 | ---- | M] () -- C:\Users\Home\AppData\Local\[j0004]-[p07].bmp [2013.03.20 10:12:42 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.19 11:47:51 | 000,001,120 | ---- | M] () -- C:\Users\Home\Desktop\Content Manager 2.lnk [2013.03.18 16:36:45 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.18 16:36:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.13 16:26:48 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.13 16:26:48 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.13 16:26:48 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.13 16:26:48 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.13 16:26:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.13 16:26:48 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.13 16:26:48 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 16:26:47 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 16:26:47 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 16:26:47 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 16:26:47 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.13 16:26:47 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.13 16:26:47 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.13 16:26:47 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 16:26:47 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 16:26:47 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.13 16:26:47 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.13 16:26:47 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.13 16:26:47 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 16:26:47 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.13 16:26:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.13 16:26:47 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.13 16:26:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 16:26:47 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.13 16:26:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.13 16:26:47 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.13 16:26:47 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.13 16:26:47 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.13 16:26:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.13 16:26:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.13 16:26:47 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.13 16:26:47 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.13 16:26:47 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.13 16:26:47 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.13 16:26:47 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.03.13 16:26:47 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.13 16:26:47 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.09 10:53:17 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.27 18:41:07 | 016,356,254 | ---- | M] () -- C:\Users\Home\AppData\Roaming\sa4rga04kf_12_fuz_eng.zip [2013.02.27 18:37:59 | 000,002,348 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA4RGA Device Manager.lnk [2013.02.27 18:37:58 | 000,002,314 | ---- | M] () -- C:\Users\Public\Desktop\Philips GoGear SA4RGA Device Manager.lnk [2013.02.24 18:45:06 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk [6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.21 09:48:00 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe [2013.03.20 18:31:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0004]-[p08].bmp [2013.03.20 18:31:24 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0004]-[p07].bmp [2013.03.20 10:12:42 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.19 11:46:39 | 000,001,120 | ---- | C] () -- C:\Users\Home\Desktop\Content Manager 2.lnk [2013.03.13 16:26:47 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.09 10:53:17 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.24 18:45:06 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk [2013.02.03 18:12:23 | 016,356,254 | ---- | C] () -- C:\Users\Home\AppData\Roaming\sa4rga04kf_12_fuz_eng.zip [2013.01.12 17:42:01 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.01.06 18:48:49 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p34].bmp [2013.01.06 18:48:35 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p33].bmp [2013.01.06 18:48:33 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p32].bmp [2013.01.06 18:48:31 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p31].bmp [2013.01.06 18:48:29 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p30].bmp [2013.01.06 18:48:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p29].bmp [2013.01.06 18:48:24 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p28].bmp [2013.01.06 18:48:20 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p27].bmp [2013.01.06 18:48:18 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p26].bmp [2013.01.06 18:48:15 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p25].bmp [2013.01.06 18:48:13 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p24].bmp [2013.01.06 18:48:11 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p23].bmp [2013.01.06 18:48:08 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p22].bmp [2013.01.06 18:48:06 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p21].bmp [2013.01.06 18:48:03 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p20].bmp [2013.01.06 18:48:01 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p19].bmp [2013.01.06 18:47:58 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p18].bmp [2013.01.06 18:47:56 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p17].bmp [2013.01.06 18:47:54 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p16].bmp [2013.01.06 18:47:51 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p15].bmp [2013.01.06 18:47:49 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p14].bmp [2013.01.06 18:47:46 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p13].bmp [2013.01.06 18:47:44 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p12].bmp [2013.01.06 18:47:41 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p11].bmp [2013.01.06 18:47:39 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p10].bmp [2013.01.06 18:47:37 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p09].bmp [2013.01.06 18:47:34 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p08].bmp [2013.01.06 18:47:32 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p07].bmp [2013.01.06 18:47:30 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p06].bmp [2013.01.06 18:47:28 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p05].bmp [2013.01.06 18:47:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p04].bmp [2013.01.06 18:47:23 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p03].bmp [2013.01.06 18:47:21 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p02].bmp [2012.09.02 21:22:21 | 000,000,740 | ---- | C] () -- C:\Windows\Magix.ini [2012.08.11 18:58:34 | 000,000,393 | ---- | C] () -- C:\Users\Home\AppData\Local\HamsterVideoConverterSettings.cfg [2012.07.16 15:01:58 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0036]-[p02].bmp [2012.02.25 23:59:47 | 000,000,016 | ---- | C] () -- C:\Windows\TSHIRT.INI [2012.02.25 23:58:21 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE [2011.10.19 16:42:15 | 000,000,186 | ---- | C] () -- C:\Users\Home\AppData\Roaming\default.rss [2011.08.22 19:57:42 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{8E61E117-7632-461D-96AF-1D5467EB5383} [2011.07.08 09:35:55 | 000,000,103 | ---- | C] () -- C:\Windows\MCHBPL32.INI [2011.04.04 14:45:32 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl01.dat.temp [2011.04.04 14:43:02 | 000,048,367 | ---- | C] () -- C:\Windows\hpiins01.dat.temp ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
21.03.2013, 17:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.Blubbers Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> PUP.Blubbers |
|
21.03.2013, 18:53
| #7 |
| | PUP.Blubbers Hier nun die Dateien nach GMER und MBAR Scan. Das Anti-Rootkit hatte nichts gefunden. Code:
ATTFilter GMER 2.1.19155 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-21 18:23:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0 1397,27GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Home\AppData\Local\Temp\pwldipow.sys
---- System - GMER 2.1 ----
SSDT 91EC8876 ZwCreateSection
SSDT 91EC884E ZwCreateSymbolicLinkObject
SSDT 91EC8853 ZwLoadDriver
SSDT 91EC8849 ZwOpenSection
SSDT 91EC8880 ZwRequestWaitReplyPort
SSDT 91EC887B ZwSetContextThread
SSDT 91EC8885 ZwSetSecurityObject
SSDT 91EC8858 ZwSetSystemInformation
SSDT 91EC888A ZwSystemDebugControl
SSDT 91EC8817 ZwTerminateProcess
SSDT 91EC8812 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8308A9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C41C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 830CB30C 4 Bytes [76, 88, EC, 91] {JBE 0xffffff8a; IN AL, DX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 830CB314 4 Bytes [4E, 88, EC, 91] {DEC ESI; MOV AH, CH; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 830CB428 4 Bytes [53, 88, EC, 91] {PUSH EBX; MOV AH, CH; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 830CB4C4 4 Bytes [49, 88, EC, 91] {DEC ECX; MOV AH, CH; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 830CB668 4 Bytes [80, 88, EC, 91]
.text ...
? System32\drivers\geigxg.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C11000, 0x37D761, 0xE8000020]
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9D98669D]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1436] kernel32.dll!SetUnhandledExceptionFilter 75ADF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys
---- Threads - GMER 2.1 ----
Thread System [4:7288] A8BB4F2E
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_WO6FW.exe_37f123692fdf3fb3b6a4d550206f3bc41717cd_0d8189b8
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.21.11
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Home :: HOME-PC [administrator]
21.03.2013 18:41:00
mbar-log-2013-03-21 (18-41-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32281
Time elapsed: 12 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
22.03.2013, 10:57
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.Blubbers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 11:46
| #9 |
| | PUP.Blubbers Habe beim avast Scan zum wiederholten Mal Abbruch mit "avast! Antirootkit fkt. Nicht mehr....muß geschlossen werden!" Habe es jetzt 3 mal laufen lassen....!!! Bin jetzt nochmal dabei es im Kompatibiltätsmodus laufen zu lassen. Es läuft zumindest länger... Habe es endlich geschafft! Anbei die Dateien. Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-22 11:51:35
-----------------------------
11:51:35.431 OS Version: Windows 5.1.2600 Service Pack 2
11:51:35.431 Number of processors: 4 586 0x2505
11:51:35.431 ComputerName: HOME-PC UserName: Home
11:51:37.303 Initialize success
11:51:44.291 AVAST engine defs: 13032200
11:51:49.658 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:51:49.658 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
11:51:49.907 Disk 0 MBR read successfully
11:51:49.907 Disk 0 MBR scan
11:51:49.923 Disk 0 Windows 7 default MBR code
11:51:49.923 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:51:49.954 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1388712 MB offset 206848
11:51:49.985 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 2844291072
11:51:50.001 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 2928177152
11:51:50.017 Disk 0 scanning sectors +2930275120
11:51:50.126 Disk 0 scanning C:\Windows\system32\drivers
11:52:14.555 Service scanning
11:52:37.316 Modules scanning
11:53:00.310 Disk 0 trace - called modules:
11:53:00.342 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
11:53:00.342 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88234ac8]
11:53:00.342 3 CLASSPNP.SYS[8bb9859e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866f5028]
11:53:03.274 AVAST engine scan C:\Windows
11:53:30.013 AVAST engine scan C:\Windows\system32
11:58:02.501 AVAST engine scan C:\Windows\system32\drivers
11:58:17.088 AVAST engine scan C:\Users\Home
12:33:08.209 AVAST engine scan C:\ProgramData
12:41:01.175 Scan finished successfully
12:42:14.261 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
12:42:14.261 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
Code:
ATTFilter 12:46:11.0650 6804 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:46:13.0662 6804 ============================================================
12:46:13.0662 6804 Current date / time: 2013/03/22 12:46:13.0662
12:46:13.0662 6804 SystemInfo:
12:46:13.0662 6804
12:46:13.0662 6804 OS Version: 6.1.7601 ServicePack: 1.0
12:46:13.0662 6804 Product type: Workstation
12:46:13.0662 6804 ComputerName: HOME-PC
12:46:13.0662 6804 UserName: Home
12:46:13.0662 6804 Windows directory: C:\Windows
12:46:13.0662 6804 System windows directory: C:\Windows
12:46:13.0662 6804 Processor architecture: Intel x86
12:46:13.0662 6804 Number of processors: 4
12:46:13.0662 6804 Page size: 0x1000
12:46:13.0662 6804 Boot type: Normal boot
12:46:13.0662 6804 ============================================================
12:46:14.0146 6804 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:46:14.0146 6804 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:46:20.0105 6804 Drive \Device\Harddisk5\DR5 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:46:20.0105 6804 ============================================================
12:46:20.0105 6804 \Device\Harddisk0\DR0:
12:46:20.0105 6804 MBR partitions:
12:46:20.0105 6804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:46:20.0105 6804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854000
12:46:20.0105 6804 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000
12:46:20.0105 6804 \Device\Harddisk1\DR1:
12:46:20.0105 6804 MBR partitions:
12:46:20.0105 6804 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
12:46:20.0105 6804 \Device\Harddisk5\DR5:
12:46:20.0105 6804 MBR partitions:
12:46:20.0105 6804 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
12:46:20.0105 6804 ============================================================
12:46:20.0136 6804 C: <-> \Device\Harddisk0\DR0\Partition2
12:46:20.0168 6804 D: <-> \Device\Harddisk0\DR0\Partition3
12:46:20.0168 6804 J: <-> \Device\Harddisk1\DR1\Partition1
12:46:20.0214 6804 L: <-> \Device\Harddisk5\DR5\Partition1
12:46:20.0214 6804 ============================================================
12:46:20.0214 6804 Initialize success
12:46:20.0214 6804 ============================================================
12:47:05.0174 6492 ============================================================
12:47:05.0174 6492 Scan started
12:47:05.0174 6492 Mode: Manual; SigCheck; TDLFS;
12:47:05.0174 6492 ============================================================
12:47:05.0642 6492 ================ Scan system memory ========================
12:47:05.0642 6492 System memory - ok
12:47:05.0642 6492 ================ Scan services =============================
12:47:05.0813 6492 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:47:05.0954 6492 1394ohci - ok
12:47:06.0063 6492 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:47:06.0110 6492 ACDaemon - ok
12:47:06.0156 6492 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
12:47:06.0172 6492 acedrv11 - ok
12:47:06.0203 6492 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:47:06.0219 6492 ACPI - ok
12:47:06.0234 6492 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:47:06.0312 6492 AcpiPmi - ok
12:47:06.0375 6492 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
12:47:06.0422 6492 AdobeActiveFileMonitor8.0 - ok
12:47:06.0515 6492 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:47:06.0562 6492 AdobeARMservice - ok
12:47:06.0640 6492 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:47:06.0671 6492 AdobeFlashPlayerUpdateSvc - ok
12:47:06.0718 6492 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:47:06.0734 6492 adp94xx - ok
12:47:06.0749 6492 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:47:06.0765 6492 adpahci - ok
12:47:06.0780 6492 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:47:06.0796 6492 adpu320 - ok
12:47:06.0812 6492 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:47:06.0952 6492 AeLookupSvc - ok
12:47:06.0999 6492 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:47:07.0046 6492 AFD - ok
12:47:07.0077 6492 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:47:07.0092 6492 agp440 - ok
12:47:07.0108 6492 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:47:07.0124 6492 aic78xx - ok
12:47:07.0139 6492 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:47:07.0202 6492 ALG - ok
12:47:07.0233 6492 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:47:07.0248 6492 aliide - ok
12:47:07.0264 6492 [ AEFEEE2E852F2774A4491C8EFA6C3B6E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:47:07.0358 6492 AMD External Events Utility - ok
12:47:07.0373 6492 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:47:07.0389 6492 amdagp - ok
12:47:07.0404 6492 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:47:07.0404 6492 amdide - ok
12:47:07.0420 6492 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:47:07.0451 6492 AmdK8 - ok
12:47:07.0623 6492 [ D05CF4523E0C04EF82454ABFD84FDC1D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:47:07.0826 6492 amdkmdag - ok
12:47:07.0841 6492 [ 92DC2E0AE49148F83B24D89C737B0C97 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:47:07.0872 6492 amdkmdap - ok
12:47:07.0888 6492 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:47:07.0919 6492 AmdPPM - ok
12:47:07.0935 6492 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:47:07.0950 6492 amdsata - ok
12:47:07.0966 6492 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:47:07.0982 6492 amdsbs - ok
12:47:07.0997 6492 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:47:08.0013 6492 amdxata - ok
12:47:08.0075 6492 [ 07B0B7175C61F65483D60577AC864B41 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
12:47:08.0138 6492 AntiVirFirewallService - ok
12:47:08.0184 6492 [ 6A8163C6428C5734192E9CF91F7207B7 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
12:47:08.0247 6492 AntiVirMailService - ok
12:47:08.0278 6492 [ BD33282EC067551060DC3A9628160E5B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:47:08.0340 6492 AntiVirSchedulerService - ok
12:47:08.0356 6492 [ 2B73EF0F975642509AB66827C4E9D6C8 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:47:08.0403 6492 AntiVirService - ok
12:47:08.0434 6492 [ 6C77D1B35B70F0710E32DFAE5326F196 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
12:47:08.0559 6492 AntiVirWebService - ok
12:47:08.0590 6492 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:47:08.0652 6492 AppID - ok
12:47:08.0715 6492 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:47:08.0777 6492 AppIDSvc - ok
12:47:08.0808 6492 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:47:08.0886 6492 Appinfo - ok
12:47:08.0949 6492 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:47:08.0996 6492 Apple Mobile Device - ok
12:47:09.0011 6492 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:47:09.0027 6492 arc - ok
12:47:09.0058 6492 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:47:09.0058 6492 arcsas - ok
12:47:09.0152 6492 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:47:09.0198 6492 aspnet_state - ok
12:47:09.0230 6492 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:47:09.0354 6492 AsyncMac - ok
12:47:09.0417 6492 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:47:09.0448 6492 atapi - ok
12:47:09.0495 6492 [ 95B1E9804CA10D096C0383F7C6684950 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
12:47:09.0510 6492 AtiHDAudioService - ok
12:47:09.0542 6492 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:47:09.0542 6492 AtiHdmiService - ok
12:47:09.0588 6492 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:47:09.0682 6492 AudioEndpointBuilder - ok
12:47:09.0698 6492 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:47:09.0744 6492 Audiosrv - ok
12:47:09.0776 6492 [ 662ECAEC0FAE2C2069B75EF8A762BE87 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
12:47:09.0791 6492 avfwim - ok
12:47:09.0807 6492 [ E4DC0228AB7492086B96FCC8298CF3B6 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
12:47:09.0822 6492 avfwot - ok
12:47:09.0838 6492 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:47:09.0854 6492 avgntflt - ok
12:47:09.0885 6492 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:47:09.0900 6492 avipbb - ok
12:47:09.0916 6492 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:47:09.0932 6492 avkmgr - ok
12:47:09.0978 6492 [ DE54CA336EDCE6BE8FDB83D84AF67AE8 ] AVM BT Connection Service C:\Program Files\avmclient\avmbtservice.exe
12:47:10.0025 6492 AVM BT Connection Service ( UnsignedFile.Multi.Generic ) - warning
12:47:10.0025 6492 AVM BT Connection Service - detected UnsignedFile.Multi.Generic (1)
12:47:10.0056 6492 [ 5860CF10ACE95AE25733B24467D655AA ] AVMBTPARALLEL C:\Windows\system32\DRIVERS\avmbtpar.sys
12:47:10.0119 6492 AVMBTPARALLEL - ok
12:47:10.0150 6492 [ F9466C032337B3BF6F7323B55B8BD32F ] AVMBTSERIAL C:\Windows\system32\DRIVERS\avmbtser.sys
12:47:10.0181 6492 AVMBTSERIAL - ok
12:47:10.0212 6492 [ 5685E9F471135E6675D981D5D45C9935 ] AVMCOWAN C:\Windows\system32\DRIVERS\AVMCOWAN.sys
12:47:10.0228 6492 AVMCOWAN - ok
12:47:10.0275 6492 [ 9A85E9280C7C785EB38EB1053AD1B6BF ] AvmObexService C:\Program Files\avmclient\AvmObexService.exe
12:47:10.0322 6492 AvmObexService ( UnsignedFile.Multi.Generic ) - warning
12:47:10.0322 6492 AvmObexService - detected UnsignedFile.Multi.Generic (1)
12:47:10.0368 6492 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:47:10.0415 6492 AxInstSV - ok
12:47:10.0509 6492 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:47:10.0618 6492 b06bdrv - ok
12:47:10.0634 6492 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:47:10.0680 6492 b57nd60x - ok
12:47:10.0758 6492 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
12:47:10.0805 6492 BBSvc - ok
12:47:10.0836 6492 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:47:10.0977 6492 BDESVC - ok
12:47:10.0977 6492 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:47:11.0055 6492 Beep - ok
12:47:11.0133 6492 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:47:11.0211 6492 BFE - ok
12:47:11.0226 6492 [ 35CF299E5272D64239C1AB35F5C6AFC5 ] BFHU_CFG C:\Windows\system32\DRIVERS\bfhu_cfg.sys
12:47:11.0242 6492 BFHU_CFG - ok
12:47:11.0273 6492 [ D8B5D5A9C92EFD53198E1F83AD9EF3EB ] bfubase C:\Windows\system32\DRIVERS\bfubase.sys
12:47:11.0320 6492 bfubase - ok
12:47:11.0382 6492 [ D1EA0584675FF4D15C6906866EEFB43F ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
12:47:11.0429 6492 BingDesktopUpdate - ok
12:47:11.0460 6492 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
12:47:11.0523 6492 BITS - ok
12:47:11.0523 6492 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:47:11.0538 6492 blbdrive - ok
12:47:11.0601 6492 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:47:11.0663 6492 Bonjour Service - ok
12:47:11.0679 6492 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:47:11.0741 6492 bowser - ok
12:47:11.0757 6492 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:47:11.0788 6492 BrFiltLo - ok
12:47:11.0804 6492 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:47:11.0835 6492 BrFiltUp - ok
12:47:11.0897 6492 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:47:11.0944 6492 Browser - ok
12:47:11.0975 6492 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:47:12.0022 6492 Brserid - ok
12:47:12.0038 6492 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:47:12.0069 6492 BrSerWdm - ok
12:47:12.0084 6492 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:47:12.0116 6492 BrUsbMdm - ok
12:47:12.0147 6492 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:47:12.0194 6492 BrUsbSer - ok
12:47:12.0194 6492 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:47:12.0240 6492 BTHMODEM - ok
12:47:12.0272 6492 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:47:12.0365 6492 bthserv - ok
12:47:12.0381 6492 [ A1340504561B78E086BA5BC8DAD41212 ] CAPI_CIP C:\Windows\system32\DRIVERS\capi_cip.sys
12:47:12.0412 6492 CAPI_CIP - ok
12:47:12.0443 6492 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:47:12.0506 6492 cdfs - ok
12:47:12.0537 6492 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:47:12.0568 6492 cdrom - ok
12:47:12.0615 6492 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:47:12.0677 6492 CertPropSvc - ok
12:47:12.0693 6492 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:47:12.0724 6492 circlass - ok
12:47:12.0755 6492 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:47:12.0786 6492 CLFS - ok
12:47:12.0849 6492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:47:12.0896 6492 clr_optimization_v2.0.50727_32 - ok
12:47:12.0911 6492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:47:12.0942 6492 clr_optimization_v4.0.30319_32 - ok
12:47:12.0974 6492 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:47:12.0989 6492 CmBatt - ok
12:47:13.0020 6492 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:47:13.0052 6492 cmdide - ok
12:47:13.0083 6492 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
12:47:13.0114 6492 CNG - ok
12:47:13.0130 6492 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:47:13.0145 6492 Compbatt - ok
12:47:13.0192 6492 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:47:13.0223 6492 CompositeBus - ok
12:47:13.0239 6492 COMSysApp - ok
12:47:13.0254 6492 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:47:13.0254 6492 crcdisk - ok
12:47:13.0301 6492 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:47:13.0410 6492 CryptSvc - ok
12:47:13.0442 6492 [ 48297BF3339BC56DD7D7524D7A1740AA ] DBService C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
12:47:13.0504 6492 DBService ( UnsignedFile.Multi.Generic ) - warning
12:47:13.0504 6492 DBService - detected UnsignedFile.Multi.Generic (1)
12:47:13.0535 6492 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:47:13.0582 6492 DcomLaunch - ok
12:47:13.0629 6492 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:47:13.0660 6492 defragsvc - ok
12:47:13.0691 6492 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:47:13.0769 6492 DfsC - ok
12:47:13.0832 6492 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
12:47:13.0894 6492 DfSdkS ( UnsignedFile.Multi.Generic ) - warning
12:47:13.0894 6492 DfSdkS - detected UnsignedFile.Multi.Generic (1)
12:47:13.0925 6492 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:47:14.0019 6492 Dhcp - ok
12:47:14.0034 6492 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:47:14.0097 6492 discache - ok
12:47:14.0128 6492 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:47:14.0159 6492 Disk - ok
12:47:14.0190 6492 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:47:14.0268 6492 Dnscache - ok
12:47:14.0300 6492 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:47:14.0378 6492 dot3svc - ok
12:47:14.0424 6492 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
12:47:14.0456 6492 Dot4 - ok
12:47:14.0487 6492 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:47:14.0502 6492 Dot4Print - ok
12:47:14.0502 6492 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
12:47:14.0534 6492 dot4usb - ok
12:47:14.0565 6492 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:47:14.0627 6492 DPS - ok
12:47:14.0658 6492 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:47:14.0705 6492 drmkaud - ok
12:47:14.0736 6492 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:47:14.0783 6492 DXGKrnl - ok
12:47:14.0814 6492 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:47:14.0846 6492 EapHost - ok
12:47:14.0908 6492 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:47:15.0017 6492 ebdrv - ok
12:47:15.0048 6492 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:47:15.0126 6492 EFS - ok
12:47:15.0173 6492 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:47:15.0282 6492 ehRecvr - ok
12:47:15.0314 6492 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:47:15.0360 6492 ehSched - ok
12:47:15.0392 6492 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:47:15.0407 6492 elxstor - ok
12:47:15.0438 6492 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:47:15.0454 6492 ErrDev - ok
12:47:15.0485 6492 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:47:15.0532 6492 EventSystem - ok
12:47:15.0563 6492 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:47:15.0579 6492 exfat - ok
12:47:15.0594 6492 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:47:15.0641 6492 fastfat - ok
12:47:15.0688 6492 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:47:15.0750 6492 Fax - ok
12:47:15.0797 6492 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:47:15.0813 6492 fdc - ok
12:47:15.0828 6492 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:47:15.0891 6492 fdPHost - ok
12:47:15.0891 6492 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:47:15.0953 6492 FDResPub - ok
12:47:15.0969 6492 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:47:15.0984 6492 FileInfo - ok
12:47:16.0000 6492 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:47:16.0047 6492 Filetrace - ok
12:47:16.0156 6492 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
12:47:16.0218 6492 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
12:47:16.0218 6492 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
12:47:16.0281 6492 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:47:16.0328 6492 FLEXnet Licensing Service - ok
12:47:16.0343 6492 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:47:16.0374 6492 flpydisk - ok
12:47:16.0406 6492 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:47:16.0421 6492 FltMgr - ok
12:47:16.0437 6492 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
12:47:16.0499 6492 FontCache - ok
12:47:16.0562 6492 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:47:16.0593 6492 FontCache3.0.0.0 - ok
12:47:16.0655 6492 [ 9513B437B7ADB1E6065B7F0D83D11ECF ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
12:47:16.0702 6492 FreeAgentGoNext Service - ok
12:47:16.0718 6492 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:47:16.0733 6492 FsDepends - ok
12:47:16.0764 6492 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:47:16.0780 6492 Fs_Rec - ok
12:47:16.0827 6492 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:47:16.0858 6492 fvevol - ok
12:47:16.0874 6492 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:47:16.0889 6492 gagp30kx - ok
12:47:16.0952 6492 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:47:16.0967 6492 GEARAspiWDM - ok
12:47:16.0998 6492 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:47:17.0076 6492 gpsvc - ok
12:47:17.0170 6492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:47:17.0186 6492 gupdate - ok
12:47:17.0201 6492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:47:17.0217 6492 gupdatem - ok
12:47:17.0232 6492 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:47:17.0295 6492 hcw85cir - ok
12:47:17.0326 6492 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:47:17.0357 6492 HdAudAddService - ok
12:47:17.0373 6492 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:47:17.0404 6492 HDAudBus - ok
12:47:17.0420 6492 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:47:17.0435 6492 HidBatt - ok
12:47:17.0451 6492 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:47:17.0482 6492 HidBth - ok
12:47:17.0498 6492 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:47:17.0529 6492 HidIr - ok
12:47:17.0544 6492 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:47:17.0591 6492 hidserv - ok
12:47:17.0622 6492 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:47:17.0654 6492 HidUsb - ok
12:47:17.0685 6492 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:47:17.0747 6492 hkmsvc - ok
12:47:17.0778 6492 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:47:17.0856 6492 HomeGroupListener - ok
12:47:17.0888 6492 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:47:17.0919 6492 HomeGroupProvider - ok
12:47:17.0966 6492 [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:47:18.0012 6492 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
12:47:18.0012 6492 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
12:47:18.0044 6492 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:47:18.0075 6492 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
12:47:18.0075 6492 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
12:47:18.0090 6492 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:47:18.0106 6492 HpSAMD - ok
12:47:18.0137 6492 [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:47:18.0215 6492 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
12:47:18.0215 6492 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
12:47:18.0262 6492 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:47:18.0309 6492 HTTP - ok
12:47:18.0324 6492 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:47:18.0340 6492 hwpolicy - ok
12:47:18.0356 6492 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:47:18.0371 6492 i8042prt - ok
12:47:18.0418 6492 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:47:18.0449 6492 iaStor - ok
12:47:18.0512 6492 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:47:18.0527 6492 IAStorDataMgrSvc - ok
12:47:18.0574 6492 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:47:18.0590 6492 iaStorV - ok
12:47:18.0652 6492 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:47:18.0730 6492 idsvc - ok
12:47:18.0761 6492 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:47:18.0777 6492 iirsp - ok
12:47:18.0824 6492 [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
12:47:18.0870 6492 IJPLMSVC - ok
12:47:18.0933 6492 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:47:18.0995 6492 IKEEXT - ok
12:47:19.0120 6492 [ 4BE85CF5831A41104C2DDED55FBC3565 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:47:19.0229 6492 IntcAzAudAddService - ok
12:47:19.0261 6492 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:47:19.0276 6492 intelide - ok
12:47:19.0307 6492 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:47:19.0323 6492 intelppm - ok
12:47:19.0354 6492 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:47:19.0417 6492 IPBusEnum - ok
12:47:19.0448 6492 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:47:19.0495 6492 IpFilterDriver - ok
12:47:19.0541 6492 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:47:19.0604 6492 iphlpsvc - ok
12:47:19.0604 6492 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:47:19.0619 6492 IPMIDRV - ok
12:47:19.0635 6492 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:47:19.0682 6492 IPNAT - ok
12:47:19.0760 6492 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:47:19.0822 6492 iPod Service - ok
12:47:19.0838 6492 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:47:19.0853 6492 IRENUM - ok
12:47:19.0869 6492 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:47:19.0885 6492 isapnp - ok
12:47:19.0885 6492 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:47:19.0900 6492 iScsiPrt - ok
12:47:19.0931 6492 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:47:19.0947 6492 kbdclass - ok
12:47:19.0963 6492 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:47:19.0978 6492 kbdhid - ok
12:47:19.0994 6492 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:47:20.0009 6492 KeyIso - ok
12:47:20.0056 6492 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:47:20.0072 6492 KSecDD - ok
12:47:20.0103 6492 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:47:20.0119 6492 KSecPkg - ok
12:47:20.0150 6492 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:47:20.0197 6492 KtmRm - ok
12:47:20.0228 6492 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
12:47:20.0259 6492 LanmanServer - ok
12:47:20.0306 6492 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:47:20.0353 6492 LanmanWorkstation - ok
12:47:20.0384 6492 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:47:20.0415 6492 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:47:20.0415 6492 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:47:20.0462 6492 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:47:20.0509 6492 lltdio - ok
12:47:20.0540 6492 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:47:20.0571 6492 lltdsvc - ok
12:47:20.0571 6492 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:47:20.0602 6492 lmhosts - ok
12:47:20.0618 6492 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:47:20.0618 6492 LSI_FC - ok
12:47:20.0649 6492 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:47:20.0649 6492 LSI_SAS - ok
12:47:20.0665 6492 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:47:20.0665 6492 LSI_SAS2 - ok
12:47:20.0696 6492 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:47:20.0711 6492 LSI_SCSI - ok
12:47:20.0727 6492 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:47:20.0774 6492 luafv - ok
12:47:20.0821 6492 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:47:20.0821 6492 MBAMProtector - ok
12:47:20.0852 6492 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:47:20.0914 6492 MBAMScheduler - ok
12:47:20.0945 6492 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:47:20.0977 6492 MBAMService - ok
12:47:21.0039 6492 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:47:21.0070 6492 Mcx2Svc - ok
12:47:21.0086 6492 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:47:21.0101 6492 megasas - ok
12:47:21.0133 6492 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:47:21.0148 6492 MegaSR - ok
12:47:21.0164 6492 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:47:21.0195 6492 MMCSS - ok
12:47:21.0211 6492 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:47:21.0257 6492 Modem - ok
12:47:21.0289 6492 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:47:21.0304 6492 monitor - ok
12:47:21.0320 6492 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:47:21.0335 6492 mouclass - ok
12:47:21.0335 6492 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:47:21.0351 6492 mouhid - ok
12:47:21.0398 6492 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:47:21.0398 6492 mountmgr - ok
12:47:21.0429 6492 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:47:21.0445 6492 mpio - ok
12:47:21.0476 6492 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:47:21.0507 6492 mpsdrv - ok
12:47:21.0554 6492 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:47:21.0632 6492 MpsSvc - ok
12:47:21.0663 6492 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:47:21.0710 6492 MRxDAV - ok
12:47:21.0725 6492 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:47:21.0772 6492 mrxsmb - ok
12:47:21.0803 6492 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:47:21.0835 6492 mrxsmb10 - ok
12:47:21.0850 6492 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:47:21.0897 6492 mrxsmb20 - ok
12:47:21.0913 6492 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:47:21.0944 6492 msahci - ok
12:47:21.0959 6492 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:47:21.0975 6492 msdsm - ok
12:47:21.0991 6492 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:47:22.0037 6492 MSDTC - ok
12:47:22.0069 6492 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:47:22.0115 6492 Msfs - ok
12:47:22.0131 6492 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:47:22.0147 6492 mshidkmdf - ok
12:47:22.0162 6492 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:47:22.0162 6492 msisadrv - ok
12:47:22.0209 6492 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:47:22.0256 6492 MSiSCSI - ok
12:47:22.0256 6492 msiserver - ok
12:47:22.0271 6492 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:47:22.0287 6492 MSKSSRV - ok
12:47:22.0303 6492 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:47:22.0349 6492 MSPCLOCK - ok
12:47:22.0381 6492 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:47:22.0396 6492 MSPQM - ok
12:47:22.0412 6492 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:47:22.0427 6492 MsRPC - ok
12:47:22.0443 6492 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:47:22.0443 6492 mssmbios - ok
12:47:22.0459 6492 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:47:22.0490 6492 MSTEE - ok
12:47:22.0490 6492 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:47:22.0521 6492 MTConfig - ok
12:47:22.0537 6492 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:47:22.0552 6492 Mup - ok
12:47:22.0583 6492 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:47:22.0646 6492 napagent - ok
12:47:22.0693 6492 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:47:22.0724 6492 NativeWifiP - ok
12:47:22.0771 6492 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:47:22.0802 6492 NBService - ok
12:47:22.0880 6492 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:47:22.0911 6492 NDIS - ok
12:47:22.0942 6492 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:47:22.0973 6492 NdisCap - ok
12:47:23.0005 6492 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:23.0036 6492 NdisTapi - ok
12:47:23.0051 6492 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:47:23.0083 6492 Ndisuio - ok
12:47:23.0114 6492 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:47:23.0176 6492 NdisWan - ok
12:47:23.0207 6492 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:47:23.0239 6492 NDProxy - ok
12:47:23.0317 6492 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:47:23.0395 6492 Nero BackItUp Scheduler 4.0 - ok
12:47:23.0410 6492 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:47:23.0426 6492 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:47:23.0426 6492 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:47:23.0441 6492 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:47:23.0473 6492 NetBIOS - ok
12:47:23.0504 6492 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:47:23.0535 6492 NetBT - ok
12:47:23.0551 6492 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:47:23.0551 6492 Netlogon - ok
12:47:23.0613 6492 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:47:23.0675 6492 Netman - ok
12:47:23.0707 6492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:47:23.0738 6492 NetMsmqActivator - ok
12:47:23.0800 6492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:47:23.0816 6492 NetPipeActivator - ok
12:47:23.0847 6492 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:47:23.0909 6492 netprofm - ok
12:47:23.0925 6492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:47:23.0941 6492 NetTcpActivator - ok
12:47:23.0941 6492 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:47:23.0941 6492 NetTcpPortSharing - ok
12:47:24.0003 6492 [ 450D0D2062C54DDA23583A78C0EB63D9 ] Netzmanager Service C:\Program Files\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
12:47:24.0019 6492 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
12:47:24.0019 6492 Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
12:47:24.0065 6492 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:47:24.0097 6492 nfrd960 - ok
12:47:24.0128 6492 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:47:24.0143 6492 NlaSvc - ok
12:47:24.0206 6492 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:47:24.0237 6492 NMIndexingService - ok
12:47:24.0237 6492 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:47:24.0268 6492 Npfs - ok
12:47:24.0315 6492 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:47:24.0377 6492 nsi - ok
12:47:24.0377 6492 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:47:24.0409 6492 nsiproxy - ok
12:47:24.0455 6492 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:47:24.0487 6492 Ntfs - ok
12:47:24.0502 6492 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:47:24.0533 6492 Null - ok
12:47:24.0549 6492 [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
12:47:24.0549 6492 nusb3hub - ok
12:47:24.0596 6492 [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:47:24.0611 6492 nusb3xhc - ok
12:47:24.0643 6492 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:47:24.0658 6492 nvraid - ok
12:47:24.0674 6492 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:47:24.0689 6492 nvstor - ok
12:47:24.0705 6492 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:47:24.0721 6492 nv_agp - ok
12:47:24.0736 6492 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:47:24.0752 6492 ohci1394 - ok
12:47:24.0783 6492 [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
12:47:24.0814 6492 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
12:47:24.0814 6492 OMSI download service - detected UnsignedFile.Multi.Generic (1)
12:47:24.0861 6492 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:47:24.0892 6492 ose - ok
12:47:25.0033 6492 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:47:25.0173 6492 osppsvc - ok
12:47:25.0220 6492 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:47:25.0298 6492 p2pimsvc - ok
12:47:25.0313 6492 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:47:25.0391 6492 p2psvc - ok
12:47:25.0407 6492 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:47:25.0423 6492 Parport - ok
12:47:25.0454 6492 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:47:25.0469 6492 partmgr - ok
12:47:25.0469 6492 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:47:25.0501 6492 Parvdm - ok
12:47:25.0516 6492 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:47:25.0532 6492 PcaSvc - ok
12:47:25.0547 6492 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:47:25.0563 6492 pci - ok
12:47:25.0579 6492 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:47:25.0579 6492 pciide - ok
12:47:25.0610 6492 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:47:25.0625 6492 pcmcia - ok
12:47:25.0641 6492 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:47:25.0641 6492 pcw - ok
12:47:25.0672 6492 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:47:25.0719 6492 PEAUTH - ok
12:47:25.0781 6492 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:47:25.0875 6492 pla - ok
12:47:25.0875 6492 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
12:47:25.0891 6492 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
12:47:25.0891 6492 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
12:47:25.0922 6492 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:47:25.0969 6492 PlugPlay - ok
12:47:25.0984 6492 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:47:26.0000 6492 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:47:26.0000 6492 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:47:26.0000 6492 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:47:26.0031 6492 PNRPAutoReg - ok
12:47:26.0047 6492 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:47:26.0062 6492 PNRPsvc - ok
12:47:26.0109 6492 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:47:26.0187 6492 PolicyAgent - ok
12:47:26.0218 6492 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:47:26.0281 6492 Power - ok
12:47:26.0312 6492 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:47:26.0390 6492 PptpMiniport - ok
12:47:26.0405 6492 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:47:26.0437 6492 Processor - ok
12:47:26.0452 6492 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:47:26.0499 6492 ProfSvc - ok
12:47:26.0499 6492 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:47:26.0515 6492 ProtectedStorage - ok
12:47:26.0530 6492 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:47:26.0561 6492 Psched - ok
12:47:26.0593 6492 [ E7483BE1E7A6FB16FC9AD6B54F99DEE4 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:47:26.0639 6492 PSI_SVC_2 - ok
12:47:26.0671 6492 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:47:26.0686 6492 PxHelp20 - ok
12:47:26.0717 6492 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:47:26.0749 6492 ql2300 - ok
12:47:26.0780 6492 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:47:26.0780 6492 ql40xx - ok
12:47:26.0811 6492 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:47:26.0842 6492 QWAVE - ok
12:47:26.0858 6492 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:47:26.0873 6492 QWAVEdrv - ok
12:47:26.0873 6492 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:47:26.0920 6492 RasAcd - ok
12:47:26.0983 6492 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:47:27.0061 6492 RasAgileVpn - ok
12:47:27.0076 6492 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:47:27.0123 6492 RasAuto - ok
12:47:27.0123 6492 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:27.0170 6492 Rasl2tp - ok
12:47:27.0185 6492 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:47:27.0263 6492 RasMan - ok
12:47:27.0279 6492 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:47:27.0310 6492 RasPppoe - ok
12:47:27.0326 6492 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:47:27.0357 6492 RasSstp - ok
12:47:27.0373 6492 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:47:27.0388 6492 rdbss - ok
12:47:27.0404 6492 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:47:27.0435 6492 rdpbus - ok
12:47:27.0451 6492 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:27.0482 6492 RDPCDD - ok
12:47:27.0529 6492 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:47:27.0591 6492 RDPENCDD - ok
12:47:27.0607 6492 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:47:27.0638 6492 RDPREFMP - ok
12:47:27.0669 6492 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:47:27.0731 6492 RdpVideoMiniport - ok
12:47:27.0763 6492 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:47:27.0825 6492 RDPWD - ok
12:47:27.0841 6492 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:47:27.0856 6492 rdyboost - ok
12:47:27.0887 6492 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:47:27.0919 6492 RemoteAccess - ok
12:47:27.0919 6492 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:47:27.0965 6492 RemoteRegistry - ok
12:47:27.0981 6492 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:47:28.0043 6492 RpcEptMapper - ok
12:47:28.0075 6492 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:47:28.0121 6492 RpcLocator - ok
12:47:28.0137 6492 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:47:28.0184 6492 RpcSs - ok
12:47:28.0199 6492 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:47:28.0246 6492 rspndr - ok
12:47:28.0277 6492 [ 0516998076AD894AE7E362C3110AA071 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
12:47:28.0309 6492 RTL8167 - ok
12:47:28.0324 6492 [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
12:47:28.0355 6492 RTL8192su - ok
12:47:28.0371 6492 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:47:28.0387 6492 SamSs - ok
12:47:28.0418 6492 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:47:28.0418 6492 sbp2port - ok
12:47:28.0449 6492 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:47:28.0480 6492 SCardSvr - ok
12:47:28.0496 6492 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:47:28.0527 6492 scfilter - ok
12:47:28.0558 6492 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:47:28.0621 6492 Schedule - ok
12:47:28.0636 6492 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:47:28.0652 6492 SCPolicySvc - ok
12:47:28.0683 6492 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:47:28.0777 6492 SDRSVC - ok
12:47:28.0839 6492 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
12:47:28.0886 6492 SeaPort - ok
12:47:28.0933 6492 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:47:28.0979 6492 secdrv - ok
12:47:29.0011 6492 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:47:29.0073 6492 seclogon - ok
12:47:29.0104 6492 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
12:47:29.0151 6492 seehcri - ok
12:47:29.0182 6492 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
12:47:29.0245 6492 SENS - ok
12:47:29.0260 6492 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:47:29.0354 6492 SensrSvc - ok
12:47:29.0369 6492 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:47:29.0385 6492 Serenum - ok
12:47:29.0401 6492 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:47:29.0432 6492 Serial - ok
12:47:29.0463 6492 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:47:29.0494 6492 sermouse - ok
12:47:29.0557 6492 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:47:29.0619 6492 SessionEnv - ok
12:47:29.0650 6492 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:47:29.0666 6492 sffdisk - ok
12:47:29.0681 6492 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:47:29.0713 6492 sffp_mmc - ok
12:47:29.0713 6492 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:47:29.0728 6492 sffp_sd - ok
12:47:29.0744 6492 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:47:29.0775 6492 sfloppy - ok
12:47:29.0806 6492 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:47:29.0869 6492 SharedAccess - ok
12:47:29.0900 6492 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:47:29.0947 6492 ShellHWDetection - ok
12:47:29.0947 6492 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:47:29.0962 6492 sisagp - ok
12:47:29.0978 6492 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:47:29.0993 6492 SiSRaid2 - ok
12:47:29.0993 6492 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:47:30.0009 6492 SiSRaid4 - ok
12:47:30.0009 6492 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:47:30.0056 6492 Smb - ok
12:47:30.0103 6492 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:47:30.0134 6492 SNMPTRAP - ok
12:47:30.0149 6492 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:47:30.0165 6492 spldr - ok
12:47:30.0196 6492 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:47:30.0274 6492 Spooler - ok
12:47:30.0368 6492 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:47:30.0493 6492 sppsvc - ok
12:47:30.0524 6492 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:47:30.0586 6492 sppuinotify - ok
12:47:30.0617 6492 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:47:30.0649 6492 srv - ok
12:47:30.0664 6492 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:47:30.0711 6492 srv2 - ok
12:47:30.0711 6492 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:47:30.0742 6492 srvnet - ok
12:47:30.0758 6492 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:47:30.0789 6492 SSDPSRV - ok
12:47:30.0820 6492 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
12:47:30.0820 6492 ssmdrv - ok
12:47:30.0836 6492 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:47:30.0867 6492 SstpSvc - ok
12:47:30.0976 6492 [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
12:47:31.0023 6492 StarMoney 8.0 OnlineUpdate - ok
12:47:31.0054 6492 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:47:31.0085 6492 stexstor - ok
12:47:31.0117 6492 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:47:31.0148 6492 StillCam - ok
12:47:31.0195 6492 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:47:31.0257 6492 StiSvc - ok
12:47:31.0273 6492 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:47:31.0288 6492 swenum - ok
12:47:31.0335 6492 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:47:31.0429 6492 swprv - ok
12:47:31.0475 6492 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:47:31.0553 6492 SysMain - ok
12:47:31.0553 6492 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:47:31.0569 6492 TabletInputService - ok
12:47:31.0600 6492 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:47:31.0647 6492 TapiSrv - ok
12:47:31.0663 6492 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:47:31.0709 6492 TBS - ok
12:47:31.0756 6492 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:47:31.0803 6492 Tcpip - ok
12:47:31.0834 6492 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:47:31.0865 6492 TCPIP6 - ok
12:47:31.0897 6492 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:47:31.0943 6492 tcpipreg - ok
12:47:31.0959 6492 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:47:32.0037 6492 TDPIPE - ok
12:47:32.0053 6492 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:47:32.0068 6492 TDTCP - ok
12:47:32.0099 6492 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:47:32.0146 6492 tdx - ok
12:47:32.0146 6492 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:47:32.0162 6492 TermDD - ok
12:47:32.0209 6492 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:47:32.0255 6492 TermService - ok
12:47:32.0271 6492 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:47:32.0302 6492 Themes - ok
12:47:32.0302 6492 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:47:32.0333 6492 THREADORDER - ok
12:47:32.0349 6492 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:47:32.0380 6492 TrkWks - ok
12:47:32.0458 6492 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:47:32.0536 6492 TrustedInstaller - ok
12:47:32.0552 6492 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:32.0599 6492 tssecsrv - ok
12:47:32.0630 6492 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:47:32.0661 6492 TsUsbFlt - ok
12:47:32.0708 6492 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:47:32.0755 6492 tunnel - ok
12:47:32.0786 6492 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:47:32.0801 6492 uagp35 - ok
12:47:32.0833 6492 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:47:32.0895 6492 udfs - ok
12:47:32.0926 6492 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:47:32.0957 6492 UI0Detect - ok
12:47:32.0957 6492 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:47:32.0989 6492 uliagpkx - ok
12:47:33.0020 6492 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
12:47:33.0035 6492 umbus - ok
12:47:33.0098 6492 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:47:33.0145 6492 UmPass - ok
12:47:33.0176 6492 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:47:33.0223 6492 upnphost - ok
12:47:33.0301 6492 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
12:47:33.0347 6492 UPnPService ( UnsignedFile.Multi.Generic ) - warning
12:47:33.0347 6492 UPnPService - detected UnsignedFile.Multi.Generic (1)
12:47:33.0394 6492 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:33.0425 6492 usbccgp - ok
12:47:33.0457 6492 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:47:33.0503 6492 usbcir - ok
12:47:33.0535 6492 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:47:33.0550 6492 usbehci - ok
12:47:33.0566 6492 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:47:33.0597 6492 usbhub - ok
12:47:33.0628 6492 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:47:33.0659 6492 usbohci - ok
12:47:33.0659 6492 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:47:33.0706 6492 usbprint - ok
12:47:33.0753 6492 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:47:33.0784 6492 usbscan - ok
12:47:33.0784 6492 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:33.0847 6492 USBSTOR - ok
12:47:33.0862 6492 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:47:33.0893 6492 usbuhci - ok
12:47:33.0909 6492 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:47:33.0956 6492 UxSms - ok
12:47:33.0971 6492 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:47:33.0971 6492 VaultSvc - ok
12:47:33.0987 6492 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:47:33.0987 6492 vdrvroot - ok
12:47:34.0034 6492 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:47:34.0081 6492 vds - ok
12:47:34.0096 6492 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:34.0127 6492 vga - ok
12:47:34.0127 6492 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:47:34.0159 6492 VgaSave - ok
12:47:34.0174 6492 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:47:34.0190 6492 vhdmp - ok
12:47:34.0221 6492 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:47:34.0237 6492 viaagp - ok
12:47:34.0237 6492 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:47:34.0268 6492 ViaC7 - ok
12:47:34.0299 6492 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:47:34.0299 6492 viaide - ok
12:47:34.0315 6492 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:47:34.0330 6492 volmgr - ok
12:47:34.0361 6492 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:47:34.0377 6492 volmgrx - ok
12:47:34.0393 6492 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:47:34.0408 6492 volsnap - ok
12:47:34.0424 6492 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:47:34.0424 6492 vsmraid - ok
12:47:34.0502 6492 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:47:34.0549 6492 VSS - ok
12:47:34.0564 6492 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:47:34.0595 6492 vwifibus - ok
12:47:34.0595 6492 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:47:34.0611 6492 vwififlt - ok
12:47:34.0627 6492 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:47:34.0658 6492 vwifimp - ok
12:47:34.0673 6492 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:47:34.0720 6492 W32Time - ok
12:47:34.0720 6492 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:47:34.0751 6492 WacomPen - ok
12:47:34.0767 6492 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:47:34.0798 6492 WANARP - ok
12:47:34.0798 6492 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:47:34.0829 6492 Wanarpv6 - ok
12:47:34.0861 6492 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:47:34.0954 6492 wbengine - ok
12:47:35.0001 6492 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:47:35.0048 6492 WbioSrvc - ok
12:47:35.0095 6492 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:47:35.0126 6492 wcncsvc - ok
12:47:35.0126 6492 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:47:35.0188 6492 WcsPlugInService - ok
12:47:35.0188 6492 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:47:35.0204 6492 Wd - ok
12:47:35.0251 6492 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:47:35.0297 6492 Wdf01000 - ok
12:47:35.0313 6492 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:47:35.0360 6492 WdiServiceHost - ok
12:47:35.0375 6492 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:47:35.0391 6492 WdiSystemHost - ok
12:47:35.0422 6492 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:47:35.0438 6492 WebClient - ok
12:47:35.0453 6492 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:47:35.0485 6492 Wecsvc - ok
12:47:35.0500 6492 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:47:35.0531 6492 wercplsupport - ok
12:47:35.0531 6492 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:47:35.0563 6492 WerSvc - ok
12:47:35.0594 6492 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:47:35.0656 6492 WfpLwf - ok
12:47:35.0672 6492 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:47:35.0687 6492 WIMMount - ok
12:47:35.0750 6492 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:47:35.0828 6492 WinDefend - ok
12:47:35.0843 6492 WinHttpAutoProxySvc - ok
12:47:35.0890 6492 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:47:35.0953 6492 Winmgmt - ok
12:47:35.0984 6492 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:47:36.0031 6492 WinRM - ok
12:47:36.0093 6492 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
12:47:36.0109 6492 WinUsb - ok
12:47:36.0155 6492 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:47:36.0218 6492 Wlansvc - ok
12:47:36.0311 6492 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:47:36.0343 6492 wlcrasvc - ok
12:47:36.0405 6492 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:47:36.0499 6492 wlidsvc - ok
12:47:36.0514 6492 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:47:36.0530 6492 WmiAcpi - ok
12:47:36.0561 6492 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:47:36.0623 6492 wmiApSrv - ok
12:47:36.0717 6492 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:47:36.0779 6492 WMPNetworkSvc - ok
12:47:36.0795 6492 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:47:36.0826 6492 WPCSvc - ok
12:47:36.0857 6492 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:47:36.0904 6492 WPDBusEnum - ok
12:47:36.0935 6492 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:47:36.0967 6492 ws2ifsl - ok
12:47:36.0998 6492 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
12:47:37.0013 6492 wscsvc - ok
12:47:37.0013 6492 WSearch - ok
12:47:37.0076 6492 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:47:37.0169 6492 wuauserv - ok
12:47:37.0185 6492 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:47:37.0247 6492 WudfPf - ok
12:47:37.0263 6492 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:37.0279 6492 WUDFRd - ok
12:47:37.0310 6492 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:47:37.0341 6492 wudfsvc - ok
12:47:37.0388 6492 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:47:37.0450 6492 WwanSvc - ok
12:47:37.0466 6492 ================ Scan global ===============================
12:47:37.0497 6492 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:47:37.0544 6492 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:47:37.0544 6492 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:47:37.0575 6492 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:47:37.0606 6492 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:47:37.0606 6492 [Global] - ok
12:47:37.0606 6492 ================ Scan MBR ==================================
12:47:37.0622 6492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:47:37.0903 6492 \Device\Harddisk0\DR0 - ok
12:47:37.0903 6492 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:47:37.0981 6492 \Device\Harddisk1\DR1 - ok
12:47:38.0027 6492 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
12:47:38.0183 6492 \Device\Harddisk5\DR5 - ok
12:47:38.0183 6492 ================ Scan VBR ==================================
12:47:38.0199 6492 [ 4BA4FAB1AB1BB0938C5CE8CA9A40EC46 ] \Device\Harddisk0\DR0\Partition1
12:47:38.0199 6492 \Device\Harddisk0\DR0\Partition1 - ok
12:47:38.0215 6492 [ F9492EBE7210EBCAC2A978DF4BAE06BA ] \Device\Harddisk0\DR0\Partition2
12:47:38.0215 6492 \Device\Harddisk0\DR0\Partition2 - ok
12:47:38.0246 6492 [ 4A6508FACEA94B9FCABE01BDC850863E ] \Device\Harddisk0\DR0\Partition3
12:47:38.0246 6492 \Device\Harddisk0\DR0\Partition3 - ok
12:47:38.0246 6492 [ D01E1E0222E978B80AFE19A41123C2B9 ] \Device\Harddisk1\DR1\Partition1
12:47:38.0246 6492 \Device\Harddisk1\DR1\Partition1 - ok
12:47:38.0246 6492 [ 1ACBDCCB69AD16CB512D6189DCC1530F ] \Device\Harddisk5\DR5\Partition1
12:47:38.0261 6492 \Device\Harddisk5\DR5\Partition1 - ok
12:47:38.0261 6492 ============================================================
12:47:38.0261 6492 Scan finished
12:47:38.0261 6492 ============================================================
12:47:38.0261 11496 Detected object count: 15
12:47:38.0261 11496 Actual detected object count: 15
12:47:57.0605 11496 AVM BT Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496 AVM BT Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0605 11496 AvmObexService ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496 AvmObexService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0605 11496 DBService ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496 DBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0605 11496 DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496 DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0605 11496 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0605 11496 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:47:57.0621 11496 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
12:47:57.0621 11496 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.03.2013, 13:36
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.Blubbers Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 14:28
| #11 |
| | PUP.Blubbers Hier die Datei: Code:
ATTFilter ComboFix 13-03-21.02 - Home 22.03.2013 14:03:32.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3063.1637 [GMT 1:00]
ausgeführt von:: c:\users\Home\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Internet Explorer
c:\internet explorer\Custom\eBay.ico
c:\internet explorer\NPSWF32.dll
c:\users\Home\AppData\Roaming\Microsoft\Office\unins000.exe
c:\windows\IsUn0407.exe
c:\windows\system\olepro32.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
L:\Autorun.inf
L:\Setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-22 bis 2013-03-22 ))))))))))))))))))))))))))))))
.
.
2013-03-22 13:13 . 2013-03-22 13:13 -------- d-----w- c:\users\Home\AppData\Local\temp
2013-03-22 13:13 . 2013-03-22 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-22 07:30 . 2013-03-22 07:30 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2C2EB93-45EA-429C-B50D-80F3C51DC321}\offreg.dll
2013-03-22 07:20 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2C2EB93-45EA-429C-B50D-80F3C51DC321}\mpengine.dll
2013-03-20 09:12 . 2013-03-20 09:12 -------- d-----w- c:\users\Home\AppData\Roaming\Malwarebytes
2013-03-20 09:12 . 2013-03-20 09:12 -------- d-----w- c:\programdata\Malwarebytes
2013-03-20 09:12 . 2013-03-20 09:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-20 09:12 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 16:05 . 2012-11-22 09:50 92184 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-03-13 15:24 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-10 09:53 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-09 09:52 . 2013-03-09 09:53 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-03-09 09:52 . 2013-03-09 09:53 -------- d-----w- c:\program files\iTunes
2013-03-09 09:52 . 2013-03-09 09:52 -------- d-----w- c:\program files\iPod
2013-03-07 17:42 . 2013-03-07 17:42 5664768 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 14:33 . 2012-10-09 16:02 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-21 14:33 . 2012-10-09 16:02 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-21 14:33 . 2012-10-09 16:02 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-18 15:36 . 2012-04-03 14:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-18 15:36 . 2011-05-22 16:16 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-13 13:58 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 13:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-06 12:50 . 2013-02-06 12:50 53248 ----a-r- c:\users\Home\AppData\Roaming\Microsoft\Installer\{F5D84887-8A6F-4993-8560-B3AA44CB620D}\ARPPRODUCTICON.exe
2013-02-06 12:25 . 2012-10-09 16:02 92448 ----a-w- c:\windows\system32\drivers\avfwim.sys
2013-02-06 12:25 . 2012-10-09 16:02 113024 ----a-w- c:\windows\system32\drivers\avfwot.sys
2013-01-17 00:28 . 2010-08-30 16:46 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-16 18:21 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 18:21 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-16 18:20 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-16 18:21 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-16 18:21 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-16 18:21 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"SansaDispatch"="c:\users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-10-24 79872]
"HP ENVY 110 series (NET)"="c:\program files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe" [2011-09-19 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AVMBlueClient"="c:\program files\avmclient\bluefritz.exe" [2007-07-03 1859584]
"AVMBLUEOBEX"="c:\program files\avmclient\AvmObex.exe" [2007-07-03 491520]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-21 345312]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-10-13 296096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-03-19 380416]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-03-07 2387048]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MC light-Alarm.lnk - c:\mc-light\MCLWIN\PRG\LOADER.EXE [2010-12-2 90112]
tbhcn.lnk - c:\users\Home\AppData\Roaming\BrowserCompanion\tbhcn.exe [2012-7-2 695448]
Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
Philips GoGear SA4RGA Device Manager.lnk - c:\program files\Philips\GoGear SA4RGA Device Manager\GoGear_SA4RGA_DeviceManager.exe [2012-12-20 1420928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
R2 AvmObexService;AVM BT OBEX Service;c:\program files\avmclient\AvmObexService.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 bfubase;BlueFRITZ! USB;c:\windows\system32\DRIVERS\bfubase.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 AVM BT Connection Service;AVM BT Connection Service;c:\program files\avmclient\avmbtservice.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [x]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [x]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 AVMBTPARALLEL;AVM Bluetooth Druckeranschluss;c:\windows\system32\DRIVERS\avmbtpar.sys [x]
S3 AVMBTSERIAL;AVM Bluetooth Kommunikationsanschluss;c:\windows\system32\DRIVERS\avmbtser.sys [x]
S3 AVMCOWAN;AVMCOWAN;c:\windows\system32\DRIVERS\AVMCOWAN.sys [x]
S3 BFHU_CFG;AVM BlueFRITZ!USB 2.0 HCI Config Switch Driver;c:\windows\system32\DRIVERS\bfhu_cfg.sys [x]
S3 CAPI_CIP;AVM Bluetooth CAPI-Controller;c:\windows\system32\DRIVERS\capi_cip.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 42067701
*NewlyCreated* - ASWMBR
*Deregistered* - 42067701
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 13:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-16 09:50 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:36]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 19:09]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 19:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
AddRemove-DATA BECKER Die große Weihnachts Druckerei 2000 - c:\windows\IsUn0407.exe
AddRemove-DOCexpertComfort - c:\windows\system32\uninst.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1 - c:\users\Home\AppData\Roaming\Microsoft\Office\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-22 14:21:36
ComboFix-quarantined-files.txt 2013-03-22 13:21
.
Vor Suchlauf: 21 Verzeichnis(se), 1.221.731.069.952 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 1.224.188.715.008 Bytes frei
.
- - End Of File - - D4E734C1313C65FE0F837ACE0E68B29C
|
|
22.03.2013, 16:54
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.Blubbers JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 17:08
| #13 |
| | PUP.Blubbers Nächste Dateien: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by Home on 22.03.2013 at 17:04:29,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\blabbers
Successfully deleted: [Registry Key] hkey_local_machine\software\browsercompanion
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tdataprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\updatebho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wit4ie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\base64
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\prox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2769726
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\browsercompanion"
Successfully deleted: [Folder] "C:\Users\Home\appdata\locallow\pricegong"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2013 at 17:06:39,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
22.03.2013, 17:13
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.Blubbers Bitte poste nach Möglichkeit alle Logs in einem Rutsch Sonst muss ich immer reinschauen obwohl es nichts zu tun gibt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 17:28
| #15 |
| | PUP.Blubbers 'tschuldigung!. Hatte Angst, daß die Datei vielleicht weg ist nach dem Runterfahren... Also nochmal komplett jetzt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by Home on 22.03.2013 at 17:04:29,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\blabbers
Successfully deleted: [Registry Key] hkey_local_machine\software\browsercompanion
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tdataprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\updatebho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wit4ie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\base64
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\prox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2769726
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\browsercompanion"
Successfully deleted: [Folder] "C:\Users\Home\appdata\locallow\pricegong"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2013 at 17:06:39,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 22/03/2013 um 17:09:32 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Home - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Home\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Ordner Gelöscht : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\Home\AppData\Local\PackageAware
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\Software\DigitalVolcano\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.8] : homepage = "hxxp://www.searchplusnetwork.com/?sp=vit4",
Gelöscht [l.36] : icon_url = "hxxp://www.plusnetwork.com/assets/56674c9b/img/favicon.ico",
Gelöscht [l.39] : keyword = "www.searchplusnetwork.com",
Gelöscht [l.42] : search_url = "hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}",
Gelöscht [l.1288] : homepage = "hxxp://www.searchplusnetwork.com/?sp=vit4",
*************************
AdwCleaner[S1].txt - [2550 octets] - [22/03/2013 17:09:32]
########## EOF - C:\AdwCleaner[S1].txt - [2610 octets] ##########
Code:
ATTFilter OTL logfile created on: 22.03.2013 17:14:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,95% Memory free 5,98 Gb Paging File | 4,69 Gb Available in Paging File | 78,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356,16 Gb Total Space | 1140,17 Gb Free Space | 84,07% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 21,20 Gb Free Space | 53,00% Space Free | Partition Type: NTFS Drive J: | 931,51 Gb Total Space | 910,09 Gb Free Space | 97,70% Space Free | Partition Type: NTFS Drive L: | 298,09 Gb Total Space | 297,90 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () PRC - C:\Programme\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) PRC - C:\Programme\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Programme\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) PRC - C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\avmclient\bluefritz.exe (AVM Berlin) PRC - C:\Programme\avmclient\AvmObex.exe (AVM Berlin) PRC - C:\Programme\avmclient\avmbtservice.exe (AVM Berlin) PRC - C:\Programme\avmclient\AvmObexService.exe (AVM Berlin) PRC - C:\MC-Light\MCLWIN\PRG\ZBASE32.EXE (Omikron Systemhaus) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BingDesktopUpdate) -- C:\Programme\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (Netzmanager Service) -- C:\Programme\T-Online\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (FreeAgentGoNext Service) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe (mst software GmbH, Germany) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (AVM BT Connection Service) -- C:\Programme\avmclient\avmbtservice.exe (AVM Berlin) SRV - (AvmObexService) -- C:\Programme\avmclient\AvmObexService.exe (AVM Berlin) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Home\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (bfubase) -- C:\Windows\System32\drivers\bfubase.sys (AVM Berlin) DRV - (CAPI_CIP) -- C:\Windows\System32\drivers\capi_cip.sys (AVM Berlin) DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH) DRV - (AVMBTPARALLEL) -- C:\Windows\System32\drivers\avmbtpar.sys (AVM GmbH) DRV - (AVMBTSERIAL) -- C:\Windows\System32\drivers\avmbtser.sys (AVM GmbH) DRV - (BFHU_CFG) -- C:\Windows\System32\drivers\bfhu_cfg.sys (AVM Berlin) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Bing IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\SearchScopes\{EDD09B12-5276-4B4E-A76E-D92EAC628DA8}: "URL" = {searchTerms} - Google Search IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Home\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.08 18:03:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.13 14:32:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 14:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012.11.11 14:46:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.03.08 18:03:42 | 000,000,000 | ---D | M] [2013.02.03 16:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions [2011.03.09 21:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28} [2013.02.03 16:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2011.03.09 21:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Sunbird\Profiles\rojy113b.default\extensions ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Plus! Network (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Home\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5\ CHR - Extension: Google Mail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.03.22 14:13:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe (AVM Berlin) O4 - HKLM..\Run: [AVMBLUEOBEX] C:\Program Files\avmclient\AvmObex.exe (AVM Berlin) O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [HP ENVY 110 series (NET)] C:\Program Files\HP\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001..\Run: [SansaDispatch] C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MC light-Alarm.lnk = C:\MC-Light\MCLWIN\PRG\LOADER.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Programme\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites) O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites) O15 - HKU\S-1-5-21-1981779500-1634259970-2923210030-1001\..Trusted Domains: windowsupdate.com ([]* in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2013.03.22 17:11:33 | 000,000,062 | ---- | M] () - L:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.22 17:04:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.22 17:04:19 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.22 17:03:36 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Home\Desktop\JRT.exe [2013.03.22 14:21:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.22 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\temp [2013.03.22 14:01:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.22 14:01:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.22 14:01:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.22 14:01:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.22 14:00:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.22 13:57:15 | 005,042,224 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2013.03.22 12:44:45 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\tdsskiller.exe [2013.03.22 11:19:52 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe [2013.03.21 18:27:14 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\mbar-1.01.0.1021 [2013.03.21 16:40:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013.03.20 10:12:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes [2013.03.20 10:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.20 10:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.20 10:12:41 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.20 10:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.13 16:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop [2013.03.13 16:26:48 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.13 16:26:48 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.13 16:26:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.13 16:26:48 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.13 16:26:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.13 16:26:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.13 16:26:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 16:26:47 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 16:26:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 16:26:47 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 16:26:47 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.13 16:26:47 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.13 16:26:47 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.13 16:26:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 16:26:47 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 16:26:47 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.13 16:26:47 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.13 16:26:47 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.13 16:26:47 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 16:26:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.13 16:26:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.13 16:26:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.13 16:26:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 16:26:47 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.13 16:26:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.13 16:26:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.13 16:26:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.13 16:26:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.13 16:26:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.13 16:26:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.13 16:26:47 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.13 16:26:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.13 16:26:47 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.13 16:26:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.13 16:26:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.13 16:26:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.13 16:24:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.10 10:53:01 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.03.10 10:52:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.03.10 10:52:54 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.10 10:52:54 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.10 10:52:54 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.10 10:52:52 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.03.10 10:52:52 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.03.10 10:52:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.10 10:52:52 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.10 10:52:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.10 10:52:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.10 10:52:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.10 10:52:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.10 10:52:51 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.03.10 10:52:51 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.03.10 10:52:51 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.03.10 10:52:51 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.03.10 10:52:51 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.03.10 10:52:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.03.10 10:52:51 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.03.10 10:52:51 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.03.10 10:52:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.03.10 10:52:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.03.10 10:52:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.03.10 10:52:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.03.09 10:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.09 10:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.24 18:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice [6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.22 17:11:49 | 000,001,926 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 110 series (Netzwerk).lnk [2013.03.22 17:11:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.22 17:11:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.22 17:11:20 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2013.03.22 17:03:36 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Home\Desktop\JRT.exe [2013.03.22 17:01:59 | 000,609,993 | ---- | M] () -- C:\Users\Home\Desktop\adwcleaner.exe [2013.03.22 16:50:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.22 16:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.22 14:13:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.22 13:57:26 | 005,042,224 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2013.03.22 12:44:46 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\tdsskiller.exe [2013.03.22 12:42:14 | 000,000,512 | ---- | M] () -- C:\Users\Home\Desktop\MBR.dat [2013.03.22 11:22:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Home\Desktop\aswMBR.exe [2013.03.21 18:53:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 18:53:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 18:01:38 | 013,786,977 | ---- | M] () -- C:\Users\Home\Desktop\mbar-1.01.0.1021.zip [2013.03.21 17:51:19 | 000,377,856 | ---- | M] () -- C:\Users\Home\Desktop\gmer_2.1.19155.exe [2013.03.21 16:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013.03.21 15:33:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.21 15:33:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.21 15:33:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.21 11:09:19 | 000,707,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.21 11:09:19 | 000,660,934 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.21 11:09:19 | 000,152,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.21 11:09:19 | 000,125,124 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.21 10:44:54 | 000,250,727 | ---- | M] () -- C:\Windows\hpwins21.dat [2013.03.21 09:48:00 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe [2013.03.20 18:31:27 | 002,522,934 | ---- | M] () -- C:\Users\Home\AppData\Local\[j0004]-[p08].bmp [2013.03.20 18:31:25 | 002,522,934 | ---- | M] () -- C:\Users\Home\AppData\Local\[j0004]-[p07].bmp [2013.03.20 10:12:42 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.19 11:47:51 | 000,001,120 | ---- | M] () -- C:\Users\Home\Desktop\Content Manager 2.lnk [2013.03.18 16:36:45 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.18 16:36:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.13 16:26:48 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.13 16:26:48 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.13 16:26:48 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.13 16:26:48 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.13 16:26:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.13 16:26:48 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.13 16:26:48 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 16:26:47 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 16:26:47 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 16:26:47 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 16:26:47 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.13 16:26:47 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.13 16:26:47 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.13 16:26:47 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 16:26:47 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 16:26:47 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.13 16:26:47 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.13 16:26:47 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.13 16:26:47 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 16:26:47 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.13 16:26:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.13 16:26:47 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.13 16:26:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 16:26:47 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.13 16:26:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.13 16:26:47 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.13 16:26:47 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.13 16:26:47 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.13 16:26:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.13 16:26:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.13 16:26:47 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.13 16:26:47 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.13 16:26:47 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.13 16:26:47 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.13 16:26:47 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.03.13 16:26:47 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.13 16:26:47 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.09 10:53:17 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.27 18:41:07 | 016,356,254 | ---- | M] () -- C:\Users\Home\AppData\Roaming\sa4rga04kf_12_fuz_eng.zip [2013.02.27 18:37:59 | 000,002,348 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear SA4RGA Device Manager.lnk [2013.02.27 18:37:58 | 000,002,314 | ---- | M] () -- C:\Users\Public\Desktop\Philips GoGear SA4RGA Device Manager.lnk [2013.02.24 18:45:06 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk [6 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.22 17:01:59 | 000,609,993 | ---- | C] () -- C:\Users\Home\Desktop\adwcleaner.exe [2013.03.22 14:01:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.22 14:01:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.22 14:01:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.22 14:01:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.22 14:01:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.22 12:42:14 | 000,000,512 | ---- | C] () -- C:\Users\Home\Desktop\MBR.dat [2013.03.21 18:01:35 | 013,786,977 | ---- | C] () -- C:\Users\Home\Desktop\mbar-1.01.0.1021.zip [2013.03.21 17:51:18 | 000,377,856 | ---- | C] () -- C:\Users\Home\Desktop\gmer_2.1.19155.exe [2013.03.21 09:48:00 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe [2013.03.20 18:31:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0004]-[p08].bmp [2013.03.20 18:31:24 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0004]-[p07].bmp [2013.03.20 10:12:42 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.19 11:46:39 | 000,001,120 | ---- | C] () -- C:\Users\Home\Desktop\Content Manager 2.lnk [2013.03.13 16:26:47 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.09 10:53:17 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.24 18:45:06 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk [2013.02.03 18:12:23 | 016,356,254 | ---- | C] () -- C:\Users\Home\AppData\Roaming\sa4rga04kf_12_fuz_eng.zip [2013.01.12 17:42:01 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.01.06 18:48:49 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p34].bmp [2013.01.06 18:48:35 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p33].bmp [2013.01.06 18:48:33 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p32].bmp [2013.01.06 18:48:31 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p31].bmp [2013.01.06 18:48:29 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p30].bmp [2013.01.06 18:48:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p29].bmp [2013.01.06 18:48:24 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p28].bmp [2013.01.06 18:48:20 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p27].bmp [2013.01.06 18:48:18 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p26].bmp [2013.01.06 18:48:15 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p25].bmp [2013.01.06 18:48:13 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p24].bmp [2013.01.06 18:48:11 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p23].bmp [2013.01.06 18:48:08 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p22].bmp [2013.01.06 18:48:06 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p21].bmp [2013.01.06 18:48:03 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p20].bmp [2013.01.06 18:48:01 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p19].bmp [2013.01.06 18:47:58 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p18].bmp [2013.01.06 18:47:56 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p17].bmp [2013.01.06 18:47:54 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p16].bmp [2013.01.06 18:47:51 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p15].bmp [2013.01.06 18:47:49 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p14].bmp [2013.01.06 18:47:46 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p13].bmp [2013.01.06 18:47:44 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p12].bmp [2013.01.06 18:47:41 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p11].bmp [2013.01.06 18:47:39 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p10].bmp [2013.01.06 18:47:37 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p09].bmp [2013.01.06 18:47:34 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p08].bmp [2013.01.06 18:47:32 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p07].bmp [2013.01.06 18:47:30 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p06].bmp [2013.01.06 18:47:28 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p05].bmp [2013.01.06 18:47:26 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p04].bmp [2013.01.06 18:47:23 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p03].bmp [2013.01.06 18:47:21 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0013]-[p02].bmp [2012.09.02 21:22:21 | 000,000,740 | ---- | C] () -- C:\Windows\Magix.ini [2012.08.11 18:58:34 | 000,000,393 | ---- | C] () -- C:\Users\Home\AppData\Local\HamsterVideoConverterSettings.cfg [2012.07.16 15:01:58 | 002,522,934 | ---- | C] () -- C:\Users\Home\AppData\Local\[j0036]-[p02].bmp [2012.02.25 23:59:47 | 000,000,016 | ---- | C] () -- C:\Windows\TSHIRT.INI [2012.02.25 23:58:21 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE [2011.10.19 16:42:15 | 000,000,186 | ---- | C] () -- C:\Users\Home\AppData\Roaming\default.rss [2011.08.22 19:57:42 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{8E61E117-7632-461D-96AF-1D5467EB5383} [2011.07.08 09:35:55 | 000,000,103 | ---- | C] () -- C:\Windows\MCHBPL32.INI [2011.04.04 14:45:32 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl01.dat.temp [2011.04.04 14:43:02 | 000,048,367 | ---- | C] () -- C:\Windows\hpiins01.dat.temp ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.03.2013 17:14:21 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,95% Memory free
5,98 Gb Paging File | 4,69 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356,16 Gb Total Space | 1140,17 Gb Free Space | 84,07% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 21,20 Gb Free Space | 53,00% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 910,09 Gb Free Space | 97,70% Space Free | Partition Type: NTFS
Drive L: | 298,09 Gb Total Space | 297,90 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB397A1-6996-4227-A254-0D003E68752B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3681C921-7D05-42D4-AA5F-63144B061307}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5BCACACA-325D-4221-A578-7CFCA270E86E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61E37E18-F421-4FAD-987C-C6A5840770C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A198C39A-8590-4913-9A75-5B8CE0B53A8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A469E627-A16B-462C-A0C1-C7DC9C096A75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC8FFDB7-CBA1-45BF-AECA-0C3B34854C75}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AE98CC6E-71C1-490E-B18D-F5C977DA7C13}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B4E589EF-82F7-418B-8D4B-F9E87D6DEE3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B511ED13-A335-46C6-9D0A-495F45A8A24C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B6B97598-0689-4365-BF40-165BDFE8D936}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDDFB7AE-0E52-44D5-BA78-F3FA56E0AECE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD785397-BCD6-4781-AEB5-5ACF753259C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EEBE195F-775F-4145-A964-66B5FAB9E4B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04246E6F-DE7D-4B55-BA08-EC2175B9E9C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{082FD3A8-0636-458A-B980-2B7312D5B150}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 apoedition\app\starmoney.exe |
"{0E317D00-D4D2-4960-A72A-FE8E897E75F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1703CC13-3BBB-4C6B-86DE-5055E1E77873}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{19E290E8-D909-4C5B-A7D4-D1AD141A9A63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{1B2A5A5C-64E6-4ADE-AC81-2D16BE750A09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{233BA796-EF9A-49B9-844A-69917B608785}" = dir=in | app=e:\setup\hpznui01.exe |
"{242CA202-DD5D-4B57-BF61-406620C3D0EA}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 apoedition\ouservice\starmoneyonlineupdate.exe |
"{25BD7991-3329-46C4-83BA-8CA5ED2D66AF}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs27ac\hppiw.exe |
"{25C21D7F-CA3E-48DD-88FC-DC31E9EBA4F4}" = protocol=6 | dir=out | app=system |
"{293BAD13-A235-413A-A34F-5C435B34F4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C2B3AAA-6C21-4B55-9508-D1A7CB88B737}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2C35796D-0997-4620-B9DC-C41D2D46AA81}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs2a64\hpdiagnosticcoreui.exe |
"{33DD6D46-6BF7-437F-833C-508E910AFE4A}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\devicesetup.exe |
"{34B828D1-2BE4-4672-9380-E492DFB792FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3A24B9BC-664F-43C6-9033-D8662A0A07D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3F255F46-823B-45DE-8F11-01AD9529A899}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs1fca\hpdiagnosticcoreui.exe |
"{451492B2-47D5-4721-B0BA-CF5D1B6CAE5F}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0 apoedition\ouservice\starmoneyonlineupdate.exe |
"{530F2ADC-A878-4C11-B194-4555E99E95C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5596FB10-CBCA-4174-8BD6-2988B5CE85F4}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{664FA9CB-C6AC-4A0F-871D-E007B7D01EDE}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6B913BCE-C9DD-4A4B-A2D9-54722A79E9DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6EBA8046-967F-4DA4-8547-8901DCA58E90}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7079E0AB-4A6B-4007-AC3E-5D69A98C8DDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{71CDFFC1-7489-4F40-A78D-5F01B98AEE8B}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs1fca\hpdiagnosticcoreui.exe |
"{74AF0EB5-BAC8-4305-9DB0-1CFC8C944789}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8412B01E-C7B3-419E-B47F-0503C078636C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{89B9E925-DAEB-445D-B20E-4E55D4097F10}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{9B8298D9-068F-4BAC-A938-8FFFA805FD75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F07E192-804E-431F-8F52-D23ECEE5E31E}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0 apoedition\app\starmoney.exe |
"{A27B7226-6EF7-4149-9794-907848A86663}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{A2BD277C-FE15-4F4B-A9C9-FFD0A9AED202}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7CD8BED-7699-4377-A084-B15C601F70E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{AE923602-42AC-4B2E-AA8D-305106B51B34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{B376E4F9-3879-44CA-81F6-D57692C3C3DA}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\7zs2a64\hpdiagnosticcoreui.exe |
"{B4735C2E-2883-4933-BF5A-3533DAEA8DFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4AC4CCA-0E3C-4F17-9CFF-FF2B27233738}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\7zs27ac\hppiw.exe |
"{B4B1505A-858A-418E-8036-6509C8CA02C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B52C01AD-A933-4726-A36F-FD9408FF6C61}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B688FA93-24AE-43A1-9CC9-DF52D2990834}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDC7BA54-38C8-4031-AD38-0EE3F61117BF}" = dir=in | app=c:\program files\hp\hp envy 110 series\bin\hpnetworkcommunicator.exe |
"{C4B120AF-60EC-4532-A5AF-7A629789BC9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{C8E99D43-EAA3-4443-BD9E-7D223B14D94F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D87B1C77-03CE-48C3-84FA-031C9997E05E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{DD9B5286-31EF-4094-AB56-149A2484183F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{DDA53C83-3FAE-4C62-A77D-2416B79CBA73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0AB2124-29AB-4962-982B-A17380C26C9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6CCE1C5-7055-44F6-9EB6-B571318B625E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{F8ED9470-6624-424B-9C56-73322642BE61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9301285A-574F-4A90-ABAB-BC7D049CE161}C:\mc-light\mclwin\prg\zbase32.exe" = protocol=6 | dir=in | app=c:\mc-light\mclwin\prg\zbase32.exe |
"UDP Query User{7F363FF2-FF5C-4B6F-B9D4-097B628BCA8E}C:\mc-light\mclwin\prg\zbase32.exe" = protocol=17 | dir=in | app=c:\mc-light\mclwin\prg\zbase32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{02c5230b-9da5-46bc-a2e4-1047895041e2}" = Nero 9 Essentials
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{07D0F003-4C56-45F2-9D9D-613BEC6FD5A7}" = .NET Utilities
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{31B620F7-A6E7-4F91-AF10-6EC9DB2EA564}" = ArcSoft Panorama Maker 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5229C090-842B-1CB0-1676-43E421294B5C}" = AMD Drag and Drop Transcoding
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{542C0F0B-FBDF-45d9-AF8A-345C1A9B5AE3}" = 8000A809
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{562B89CE-2FF3-4573-B67C-67EB8CF8063D}" = HP ENVY 110 series - Grundlegende Software für das Gerät
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A6F6041-013B-4C45-861E-3E2BA6C894B8}" = Studie zur Verbesserung von HP Officejet Pro 8600 Produkten
"{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{671B4BAD-D681-4d29-9498-D8BF3F1A389D}" = BPDSoftware
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D846456-C32B-43B9-99ED-B1AC43D6A233}" = GoGear SA4RGA Device Manager
"{6E4EE9B5-F69D-4455-B430-40FA5F0DC988}" = ProductContext
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{729713E3-CFD5-4E9F-A301-5BD8EA25A28B}" = COMPUTERBILD-PC-Schnellstarter
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7419582C-1E2E-4848-88F6-9FF638D9EA87}" = LightScribe Diagnostic Utility
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B69FE75-3AF9-4714-89EE-D3F64CB08F90}" = HP Officejet Pro 8000 A809 Series
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7F2B12E7-2302-4A86-AE26-33DDD84E478A}" = MAGIX Burn routines
"{7F94FB03-6617-4442-9817-CDDB36EAE529}" = 8000A809_eDocs
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85092B90-AEB2-2E30-0EF1-432EC61F6BD1}" = Catalyst Control Center InstallProxy
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86BC184E-CFCD-48D5-829A-666A36C6ACC9}" = 8000A809_Help
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A0CBFC47-690E-4277-82BB-13BE18CF0C2E}" = CEWE FOTOBUCH PRO Designvorlagen
"{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}" = HP Digital Photo Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Kameras 9.0
"{AA721D14-CFE2-410E-B975-79FE5F82F99F}" = MSVCMergeModules
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFB69549-3AAE-4433-A99B-673B8A513379}" = BPDSoftware_Ini
"{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}" = myPrintMileage (Officejet Pro 8000 A809)
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09E526E-586C-4AD1-B2C0-A632CAA59C25}" = Studie zur Verbesserung von HP ENVY 110 series Produkten
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7EA1AF1-F908-0832-AA52-5EDBE128FD6B}" = ccc-core-static
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}" = HP ENVY 110 series Hilfe
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E6FCA24F-1192-4C9D-B1AA-F93C3DA80851}" = DDBAC
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9D4FBA9-FB46-A5CE-F52F-516C4B8F0373}" = ccc-utility
"{EB0E062C-575D-8154-2682-C84EF432CCF0}" = Catalyst Control Center Graphics Previews Common
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EDD7B70D-36D0-694D-AA34-D566A13CE98D}" = WMV9/VC-1 Video Playback
"{EEA54973-AFC8-21C8-1414-246AA9435890}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB8927C5-0232-4DFF-8D13-CAEDCDB4C1A3}" = StarMoney 8.0 apoEdition
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 9.20
"ABEURO_is1" = AB-Euro 2.2.0.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"AudibleManager" = AudibleManager
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Internet Security
"AVMBLUECLI" = AVM BlueFRITZ! USB
"B81055EA372C9E3EA5000B4BD9585D992D51F1DE" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002)
"BlazePhoto 2.0_is1" = BlazePhoto 2.0
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CD-DVD Druckerei 7_is1" = DATA BECKER CD-DVD Druckerei 7
"Content Manager 2" = Content Manager 2
"DATA BECKER - Etikettendruckerei 2000" = DATA BECKER - Etikettendruckerei 2000
"DPP" = Canon Utilities Digital Photo Professional 3.5
"Duplicate Cleaner" = Duplicate Cleaner 1.4.7c
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 deluxe D" = MAGIX Fotos auf CD & DVD 8 deluxe 8.0.2.6 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MC light" = MC light
"MEDION NAS TOOL" = MEDION NAS TOOL
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"Netzmanager" = Netzmanager
"nLite_is1" = nLite 1.4.9.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineFotoservice" = OnlineFotoservice
"Philips Songbird" = Philips Songbird
"PhotoStitch" = Canon Utilities PhotoStitch
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva
"SetEditEdision1600" = SetEditEdision1600 (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"Visitenkarten-Druckerei 11_is1" = DATA BECKER Visitenkarten-Druckerei 11
"WinLiveSuite" = Windows Live Essentials
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1981779500-1634259970-2923210030-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"Sansa Updater" = Sansa Updater
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 22.03.2013 12:11:37 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
StarMoney 8.0 OnlineUpdate erreicht.
< End of report >
|
|
| Themen zu PUP.Blubbers |
| anti-malware, bezahlversion, diverse, dringend, forums, gefunde, geladen, google, helfer, helferteam, inter, interne, internet, malwarebytes, neuer, nichts, objekte, problem, programme, quarantäne, werbeseite, wirklich, woche, wochen |
Linear-Darstellung
