Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 18.05.2013, 20:50   #1
Toma
 
PUP.Dealio.TB  in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert - Standard

PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert



Hallo,
da ich mich nur sehr oberflächlich mit PCs auskenne, würde ich mich bei diesem Problem sehr über Hilfe freuen.
Ich habe vor wenigen Tagen eine Email von einer Freundin und den darin enthaltenen Link geöffnet, bei der sich später herausstellte, dass ihr Acount gehackt wurde. Auf der Seite, die bei dem Link aufging, habe ich nichts eingegeben und sie direkt geschlossen (es kamen ein paar Zwischenfragen, ob ich diese Seite wirklich schließen möchte..). Deswegen ließ ich nun gestern Malwarebytes durchlaufen - weiß aber nicht, ob der PUP.Dealio.TB Fund etwas damit zu tun hat..
Die Logfiles sind auch im Anhang.


Vielen Dank im Voraus!

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/18/2013 10:04:18 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ev\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.80% Memory free
3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.75 Gb Total Space | 15.38 Gb Free Space | 11.50% Space Free | Partition Type: NTFS
 
Computer Name: EV-PC | User Name: ev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/18 09:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ev\Desktop\OTL.exe
PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/02/05 10:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013/01/29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/01/29 20:35:36 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2012/11/22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
PRC - [2012/08/09 07:32:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 15:36:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 15:36:40 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/08 15:36:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 15:36:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/28 00:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/27 17:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/07/14 01:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009/06/17 18:56:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/06/17 18:56:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/03/02 23:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/16 17:38:15 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/01/13 13:56:03 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/12 11:43:09 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/12 11:42:36 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/12 11:42:29 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/05/16 11:03:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/13 16:44:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/02/05 10:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013/01/29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012/05/08 15:36:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 15:36:40 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/08 15:36:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/27 17:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/14 01:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009/06/17 18:56:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009/06/13 20:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/02 23:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - [2013/02/05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012/12/13 11:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2012/11/22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/11/15 21:06:10 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/06/27 10:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2012/06/27 10:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2012/06/27 10:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2012/05/08 15:36:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 15:36:41 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/07/27 17:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 11:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/02 11:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/06/04 20:19:00 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009/05/16 03:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 03:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 03:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 03:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 03:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 17:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/20 18:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/10/21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008/10/21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008/10/21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008/10/21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008/10/21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/02/04 11:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{441E1BB4-D566-4C46-9F0C-04820E74E1D7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=02e2183c1cb34dd9b2032aadd8889845&tu=10G9000861B000v&sku=&tstsId=&ver=&"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: finder%40meingutscheincode.de:3.0.2
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.126
FF - prefs.js..extensions.enabledAddons: pdfforge%40mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:3.3.3.2
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=02e2183c1cb34dd9b2032aadd8889845&tu=10G9000861B000v&sku=&tstsId=&ver=&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/30 19:30:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/23 22:09:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/05/17 22:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 16:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 16:44:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/15 15:43:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/30 19:30:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011/09/01 10:27:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 16:44:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 16:44:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/15 15:43:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/01/30 22:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\Extensions
[2010/01/30 22:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/05/17 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\Firefox\Profiles\4xu31f84.default\extensions
[2013/02/24 12:22:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ev\AppData\Roaming\mozilla\Firefox\Profiles\4xu31f84.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/05/17 23:07:30 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\ev\AppData\Roaming\mozilla\Firefox\Profiles\4xu31f84.default\extensions\ffxtlbr@zonealarm.com
[2011/07/23 22:06:12 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/12/11 21:35:51 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/08 23:04:59 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/23 12:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js
[2010/08/05 21:36:36 | 000,000,941 | ---- | M] () -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\searchplugins\conduit.xml
[2011/10/19 07:08:50 | 000,002,289 | ---- | M] () -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\searchplugins\ecosia.xml
[2013/05/17 22:50:34 | 000,001,488 | ---- | M] () -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\searchplugins\zonealarm.xml
[2013/04/13 16:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/07/23 22:09:40 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/09/01 10:27:04 | 000,000,000 | ---D | M] (preisspion.de) -- C:\PROGRAM FILES\MEIN GUTSCHEINCODE FINDER\FIREFOX
[2011/08/22 21:10:21 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2013/04/13 16:44:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012/06/21 10:13:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/11 14:06:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/21 10:13:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/21 10:13:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/21 10:13:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/21 10:13:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8126F23-F2A2-44E1-9F67-387FE3718A4F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d6bbde9d-35a0-11e2-abc9-18a905e5ee4d}\Shell - "" = AutoRun
O33 - MountPoints2\{d6bbde9d-35a0-11e2-abc9-18a905e5ee4d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/18 09:59:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ev\Desktop\OTL.exe
[2013/05/17 23:27:41 | 000,000,000 | ---D | C] -- C:\Users\ev\AppData\Roaming\Malwarebytes
[2013/05/17 23:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/17 23:27:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/05/17 23:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/17 23:02:57 | 000,000,000 | ---D | C] -- C:\Users\ev\Documents\ForceField Shared Files
[2013/05/17 22:56:03 | 000,000,000 | ---D | C] -- C:\Users\ev\AppData\Roaming\CheckPoint
[2013/05/17 22:55:26 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys
[2013/05/17 22:55:26 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klflt.sys
[2013/05/17 22:55:25 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2013/05/17 22:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013/05/17 22:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013/05/17 22:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/05/15 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/05/12 21:40:55 | 000,000,000 | ---D | C] -- C:\Users\ev\Desktop\Neuer Ordner
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\ev\Desktop\DUE_12.01.
[2013/05/18 10:03:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/18 10:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/18 10:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/18 09:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ev\Desktop\OTL.exe
[2013/05/18 09:58:48 | 000,000,000 | ---- | M] () -- C:\Users\ev\defogger_reenable
[2013/05/18 09:52:57 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/18 09:52:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/18 09:51:49 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/18 09:20:07 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/17 23:27:19 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/05/17 23:00:58 | 000,417,507 | ---- | M] () -- C:\windows\System32\drivers\vsconfig.xml
[2013/05/17 22:54:22 | 000,000,732 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/05/16 17:35:48 | 000,508,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/05/16 15:18:23 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/05/16 15:18:23 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/05/16 15:18:23 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/05/16 15:18:23 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/05/02 17:17:29 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Users\ev\Desktop\DUE_12.01.
[2013/05/18 09:58:48 | 000,000,000 | ---- | C] () -- C:\Users\ev\defogger_reenable
[2013/05/17 23:27:19 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/05/17 22:56:07 | 000,417,507 | ---- | C] () -- C:\windows\System32\drivers\vsconfig.xml
[2013/05/17 22:54:22 | 000,000,732 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/05/02 17:17:29 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2013/03/01 17:47:45 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2013/03/01 17:47:45 | 000,037,344 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2012/07/30 14:16:20 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/07/30 14:16:18 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2012/07/30 14:16:18 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2012/07/30 14:16:18 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2012/07/30 14:16:18 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011/11/24 15:43:26 | 000,004,096 | -H-- | C] () -- C:\Users\ev\AppData\Local\keyfile3.drm
[2011/09/25 19:16:57 | 000,946,519 | ---- | C] () -- C:\windows\Diercke Globus Online Uninstaller.exe
[2011/08/11 18:40:52 | 000,001,849 | ---- | C] () -- C:\Users\ev\AppData\Roaming\GhostObjGAFix.xml
[2011/07/13 22:36:11 | 000,000,000 | ---- | C] () -- C:\Users\ev\AppData\Local\{E7DB8E29-DED0-491F-8564-75C2CDE85391}
[2011/07/05 21:01:45 | 000,000,000 | ---- | C] () -- C:\Users\ev\AppData\Local\{59BC1DC2-9F9E-4423-8124-4D36CD010DCC}
[2011/05/24 15:02:41 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/04/13 11:33:18 | 000,000,148 | ---- | C] () -- C:\Users\ev\.xconvrc
[2010/07/29 16:59:16 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/02/21 15:59:56 | 000,017,408 | ---- | C] () -- C:\Users\ev\AppData\Local\WebpageIcons.db
[2010/01/31 15:52:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/08/23 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Canneverbe Limited
[2013/05/17 22:56:03 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\CheckPoint
[2011/09/25 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Diercke Globus Online
[2011/09/07 17:32:27 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Downloaded Installations
[2011/08/31 17:06:02 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Dropbox
[2012/10/26 21:55:54 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\DVDVideoSoft
[2012/10/26 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/09/14 17:56:46 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\FreeFLVConverter
[2010/09/13 20:21:19 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Gutscheinmieze
[2010/09/13 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\ImgBurn
[2010/02/07 13:01:31 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\IrfanView
[2012/08/16 17:42:58 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\MyPhoneExplorer
[2011/09/12 20:42:57 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Nitro PDF
[2010/02/01 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\OpenOffice.org
[2010/04/13 17:47:23 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\ProtectDisc
[2012/09/04 20:25:59 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Samsung
[2011/07/16 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Thunderbird
[2010/08/23 21:08:27 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:760E0606BD1C6092

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 5/18/2013 10:04:18 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ev\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.80% Memory free
3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.75 Gb Total Space | 15.38 Gb Free Space | 11.50% Space Free | Partition Type: NTFS
 
Computer Name: EV-PC | User Name: ev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9D76FCA1-CCFB-4305-BE94-B21CD60F67BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EBE2156A-312C-4367-98C7-AB2B2C3F8737}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0878C6E5-B6D2-4CCC-A0D3-1BE3859B7324}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{0C20719F-7106-43CA-B458-20793BE64030}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{13FDE6A6-15B5-4EC9-A8CC-13C9F4F20B68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{163A96A0-7BE7-4B7D-92E9-77E810AA6A4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{1C5AE799-89B9-4270-BB02-BAC40419E7B2}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{27E23ECE-171E-49DC-A010-3E3B28572A1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2FFED27E-44B5-49CB-AD62-10C82D4E54D0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{336481F2-1E84-41F7-9346-7783866BFBCD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{4773F12C-9B35-449F-97A9-6873096306F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A845840-01C7-4EBD-A7E8-B44CD958A296}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{7E2914C8-2966-4D62-969C-16D9F3379DC0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{8784DDE3-47CF-4204-B190-EC5F253F4A4D}" = protocol=17 | dir=in | app=c:\users\ev\appdata\roaming\dropbox\bin\dropbox.exe | 
"{91D1E7FE-5DD3-4324-917C-BF3A26E97B59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{95893CA3-58CB-44BD-9C46-55A7D8330072}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{AF42AA1B-7084-47C3-AC31-7E691DE04A30}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{B253BD8F-FF87-495B-972D-B8FEC6721FF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{BF9C11C2-C348-4B44-8215-1E057F4D8AF7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{CFBD2F6C-661F-490D-B43D-C3CF510E7DD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{EA239B54-8046-4A21-B067-ED3EA3143B98}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{EE2332C0-C5D0-4A4A-B55F-B121B113F383}" = protocol=6 | dir=in | app=c:\users\ev\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F1D7352C-6BE4-448D-9B22-E3BADE22B5B2}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{FEEAF0FE-FCAC-4F4B-B0BB-27A1EFA2AAF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"TCP Query User{0B665EC9-6F8F-4F13-8BC5-D2114C95DBA4}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{6102B154-449D-4E2D-B06B-A8C9B9F97C68}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{6B7C0EBE-25F4-48D8-B05D-EC1492ABC053}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9E10DA9E-717A-4E2F-9303-EBB228A00284}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B0DF4850-AA47-4AF6-8840-40E84F8A7D0A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{D2755DEC-73DE-4C1D-9760-155941E79B61}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{0444D400-88C9-4833-8B08-8543E11230B1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{1735F64A-4A77-4D45-A95D-AFF996F16DE9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{35AB0EE1-8C83-456B-B4FA-16A70371B8F6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{3603AF0C-17E2-44BF-9716-6371082B374A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{3F5A9098-CBA3-40FC-9052-14A5E3B5FBD6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{8B3220C9-3B7D-45F3-819B-E15C0654ECCE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{151C3103-B7E9-4346-9107-8FEE2BF4E93B}" = Rund um ... Seydlitz 3-4 Geographie GWG
"{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ADC5BE-8B82-426F-8779-2308B54B00EE}" = ZoneAlarm Antivirus
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{436D9902-CB85-4DE7-A0C6-05FC1E5229B8}" = TERRA-Erdkunde 8-13 Entwicklungsländer 
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85DDDEB7-AD6E-40E8-8F1F-0D140E6911AA}" = Rund um ... Seydlitz 1-2 Geographie GWG Baden-Württemberg
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDFC149-8359-4C4B-9DA0-BA1F773CD70C}" = HP User Guides 0140
"{9D6105F0-C6D7-4C53-851F-171F8C7F57E3}" = Sibelius Scorch (all browsers)
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE8F467D-69E9-4D81-A934-CA443D9073E8}" = Rund um ... Seydlitz 5-6 Geographie GWG
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CamStudio" = CamStudio
"ClipNavigator" = ClipNavigator
"Diercke Globus Online" = Diercke Globus Online
"DivX Setup.divx.com" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"FormatFactory" = FormatFactory 2.50
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Gadwin PrintScreen Professional" = Gadwin PrintScreen Professional
"GeoGebra" = GeoGebra
"Geographie 2.1" = Arbeitskarten Geographie 2
"Geogrid_DynPerspView" = Geogrid® DynPerspView
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"RealPlayer 12.0" = RealPlayer
"SciMacros für Microsoft Word 11" = SciMacros für Microsoft Word 2003 (Version 11)
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TERRA CD-ROM Gymnasium BW GWG 3/4_is1" = die TERRA CD-ROM Gymnasium BW GWG 3/4
"TERRA CD-ROM Gymnasium BW GWG 5/6_is1" = die TERRA CD-ROM Gymnasium BW GWG 5/6
"TERRA CD-ROM Gymnasium BW GWG1_is1" = dieTERRA CD-ROM Gymnasium BW GWG1
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.1.6
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveSlide Player" = ActiveSlide Player
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/21/2012 2:04:43 PM | Computer Name = ev-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "hpCaslNotification" konnte nicht heruntergefahren
 werden.
 
Error - 12/21/2012 2:06:11 PM | Computer Name = ev-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 1/9/2013 2:24:11 PM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 888    Startzeit: 
01cdee8df49989aa    Endzeit: 40    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 9fd6f2f8-5a89-11e2-a914-18a905e5ee4d  
 
Error - 1/14/2013 1:23:07 PM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.0.4752 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d58    Startzeit: 
01cdf27981fd5c09    Endzeit: 30    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 035be3b2-5e6f-11e2-a724-18a905e5ee4d  
 
Error - 1/25/2013 2:06:59 AM | Computer Name = ev-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x0) 
festgestellt.
 
Error - 1/25/2013 1:57:29 PM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.1.4764 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b1c    Startzeit: 
01cdfb1b1bd34da4    Endzeit: 300    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 a23f908a-6718-11e2-9f7d-18a905e5ee4d  
 
Error - 1/29/2013 5:59:28 AM | Computer Name = ev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpasset.exe, Version: 3.0.1.0, Zeitstempel:
 0x505898cd  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b60  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c380b  ID des fehlerhaften Prozesses:
 0x14f4  Startzeit der fehlerhaften Anwendung: 0x01cdfe075070d054  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe
Pfad
 des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 9142d288-69fa-11e2-a285-18a905e5ee4d
 
Error - 2/22/2013 12:43:02 PM | Computer Name = ev-PC | Source = VSS | ID = 8194
Description = 
 
Error - 5/7/2013 5:14:15 AM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm SndVol.exe, Version 6.1.7601.17514 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 14d0    Startzeit: 01ce4b030772ee78    Endzeit: 10    Anwendungspfad: 
C:\windows\system32\SndVol.exe    Berichts-ID: 69fa0f97-b6f6-11e2-a679-18a905e5ee4d  
 
Error - 5/12/2013 4:47:40 AM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1248    Startzeit: 01ce4eed2e580125    Endzeit: 10    Anwendungspfad:
 C:\Program Files\Windows Media Player\wmplayer.exe    Berichts-ID: 8d180715-bae0-11e2-9ef7-18a905e5ee4d

 
[ Hewlett-Packard Events ]
Error - 11/20/2011 11:35:59 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/20/2011 11:36:01 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/20/2011 11:42:16 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/20/2011 11:42:18 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 4/26/2012 9:59:26 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 4/26/2012 9:59:48 AM | Computer Name = ev-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/0ed51557_e58f_4133_a9ba_7b1bf14476bd/nyjcbrnsukp24muajrmnmxet_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 2039  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String)  
 
Error - 6/8/2012 12:52:22 PM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 8/23/2012 10:21:40 AM | Computer Name = ev-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/6f340e09_ed3b_4e47_b8bd_ca3541bc4407/ahkenb3o467ub8h8_ogrtwtq_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 2039  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String)  
 
Error - 11/15/2012 12:53:43 PM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/29/2012 10:34:50 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Software Framework Events ]
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.220|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.230|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.250|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.270|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.290|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.310|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.329|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.349|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.367|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.385|00001964|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
[ System Events ]
Error - 5/16/2013 4:47:58 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 5/16/2013 5:23:27 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 5/16/2013 5:39:58 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 5/16/2013 5:49:46 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 5/16/2013 11:34:36 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 5/17/2013 1:57:17 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 5/17/2013 2:03:03 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 5/17/2013 2:06:54 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 5/17/2013 4:57:10 PM | Computer Name = ev-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst
 gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
 nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 5/18/2013 2:19:42 AM | Computer Name = ev-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---



GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-18 11:37:30
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.12.0 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ev\AppData\Local\Temp\pxldapoc.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAdjustPrivilegesToken [0x8ED920C2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwAlpcConnectPort [0x8F89F082]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwAlpcCreatePort [0x8F89F94A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwAlpcSendWaitReceivePort [0x8ED464A0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwClose [0x8ED2E77A]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwConnectPort [0x8F89EAD8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateEvent [0x8ED2ECF2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateFile [0x8F898334]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateKey [0x8F8BA1DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateMutant [0x8ED2EBD8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreatePort [0x8F89F5E2]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateProcess [0x8F8B3F1C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateProcessEx [0x8F8B4344]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateSection [0x8F8BE96E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateSemaphore [0x8ED2EE12]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateSymbolicLinkObject [0x8ED55AC0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateThread [0x8ED943C4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwCreateThreadEx [0x8ED94604]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateUserProcess [0x8F8B47B8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateWaitablePort [0x8F89F740]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDebugActiveProcess [0x8ED93F0E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDeleteFile [0x8F899070]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDeleteKey [0x8F8BBCCE]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDeleteValueKey [0x8F8BB580]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwDeviceIoControlFile [0x8ED2E7BE]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDuplicateObject [0x8F8B2CFC]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadDriver [0x8F892D46]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadKey [0x8F8BC760]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadKey2 [0x8F8BC99E]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadKeyEx [0x8F8BCE50]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwMapViewOfSection [0x8ED55AE0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwNotifyChangeKey [0x8ED44154]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenEvent [0x8ED2ED88]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwOpenFile [0x8F898C22]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenMutant [0x8ED2EC68]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwOpenProcess [0x8F8B6430]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenSection [0x8ED951D8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwOpenSemaphore [0x8ED2EEA8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwOpenThread [0x8F8B601E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwPlugPlayControl [0x8ED55AD0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwProtectVirtualMemory [0x8F8CB340]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueryDirectoryObject [0x8ED2EF32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueryObject [0x8ED44362]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwQueueApcThread [0x8ED94BDA]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwRenameKey [0x8F8BD838]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwReplaceKey [0x8F8BD11A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyPort [0x8ED46284]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyWaitReceivePort [0x8ED46112]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwReplyWaitReceivePortEx [0x8ED461C8]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwRequestWaitReplyPort [0x8F89E67C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwRestoreKey [0x8F8BE29E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwResumeThread [0x8ED94906]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSecureConnectPort [0x8F89EDA4]
SSDT            91BFF7DB                                                                                         ZwSetContextThread
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetInformationFile [0x8F89947C]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetInformationObject [0x8F8CB204]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSetInformationToken [0x8ED2EFD4]
SSDT            91BFF7E5                                                                                         ZwSetSecurityObject
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetSystemInformation [0x8F892410]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetValueKey [0x8F8BACA0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSuspendProcess [0x8ED93C56]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwSuspendThread [0x8ED947AE]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSystemDebugControl [0x8F8B5042]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwTerminateProcess [0x8F8B4D72]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwTerminateThread [0x8ED942C0]
SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwUnloadDriver [0x8F893198]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwUnmapViewOfSection [0x8ED95340]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                            ZwWriteVirtualMemory [0x8ED9506A]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82C84A09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82CBE1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                              82CC522C 4 Bytes  [C2, 20, D9, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                              82CC5254 8 Bytes  [82, F0, 89, 8F, 4A, F9, 89, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                              82CC5298 4 Bytes  [A0, 64, D4, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                              82CC52C4 4 Bytes  [7A, E7, D2, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                              82CC52E8 4 Bytes  JMP 83DC8F89 
.text           ...                                                                                              

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[108] USER32.dll!GetUpdateRect + CF           76E3A644 5 Bytes  JMP 20CC9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                          mfetdik.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                          mfetdik.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713614bbc                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713614bbc (not active ControlSet)  

---- EOF - GMER 2.1 ----
         
--- --- ---

Geändert von Toma (18.05.2013 um 21:05 Uhr)

 

Themen zu PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert
32 bit, 7-zip, adobe reader xi, appdata, direkt, email, frage, fragen, freundin, fund, gehackt, geschlossen, gestern, ide, install.exe, launch, link, link geöffnet, logfiles, malwarebytes, msiinstaller, nicht möglich, nichts, ntdll.dll, pcs, pdfforge toolbar, plug-in, problem, schließe, schließen, seite, temp, users, wirklich, word 2003, würde




Ähnliche Themen: PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\Be\AppData\Local\Temp\OCS Virus gefunden?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (14)
  3. TR/Dropper/A.15627 in C:\Users\XXX\AppData\Local\Temp\
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  4. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  5. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  6. C:\Users\AS8\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (12)
  7. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  8. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  9. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  10. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  11. Malware in C:\Users\***\AppData\Local\Temp\msdump150auro.tmp
    Log-Analyse und Auswertung - 20.10.2011 (3)
  12. C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll
    Log-Analyse und Auswertung - 06.05.2011 (23)
  13. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  14. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  15. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  16. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)

Zum Thema PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert - Hallo, da ich mich nur sehr oberflächlich mit PCs auskenne, würde ich mich bei diesem Problem sehr über Hilfe freuen. Ich habe vor wenigen Tagen eine Email von einer Freundin - PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert...
Archiv
Du betrachtest: PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.