| |
| |||||||
Log-Analyse und Auswertung: PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.05.2013, 20:50
| #1 |
 |  PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert Hallo, da ich mich nur sehr oberflächlich mit PCs auskenne, würde ich mich bei diesem Problem sehr über Hilfe freuen. Ich habe vor wenigen Tagen eine Email von einer Freundin und den darin enthaltenen Link geöffnet, bei der sich später herausstellte, dass ihr Acount gehackt wurde. Auf der Seite, die bei dem Link aufging, habe ich nichts eingegeben und sie direkt geschlossen (es kamen ein paar Zwischenfragen, ob ich diese Seite wirklich schließen möchte..). Deswegen ließ ich nun gestern Malwarebytes durchlaufen - weiß aber nicht, ob der PUP.Dealio.TB Fund etwas damit zu tun hat.. Die Logfiles sind auch im Anhang. Vielen Dank im Voraus! OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/18/2013 10:04:18 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ev\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.80% Memory free 3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 133.75 Gb Total Space | 15.38 Gb Free Space | 11.50% Space Free | Partition Type: NTFS Computer Name: EV-PC | User Name: ev | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/18 09:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ev\Desktop\OTL.exe PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013/02/05 10:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2013/01/29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2013/01/29 20:35:36 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/11/22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe PRC - [2012/11/22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe PRC - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe PRC - [2012/08/09 07:32:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/08 15:36:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/08 15:36:40 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/05/08 15:36:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/08 15:36:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/07/28 00:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009/07/27 17:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2009/07/14 01:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe PRC - [2009/06/17 18:56:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009/06/17 18:56:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/03/02 23:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe ========== Modules (No Company Name) ========== MOD - [2013/05/16 17:38:15 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/01/13 13:56:03 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013/01/12 11:43:09 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/12 11:42:36 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/12 11:42:29 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2013/05/16 11:03:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/04/13 16:44:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013/02/05 10:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2013/01/29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/11/22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012/05/08 15:36:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/08 15:36:40 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/05/08 15:36:40 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/27 17:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/14 01:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV) SRV - [2009/06/17 18:56:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009/06/13 20:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009/03/02 23:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - [2013/02/05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2012/12/13 11:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2012/11/22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012/11/15 21:06:10 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/06/27 10:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2012/06/27 10:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2012/06/27 10:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2012/05/08 15:36:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/08 15:36:41 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009/07/27 17:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/20 11:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 01:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/02 11:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2009/06/04 20:19:00 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) DRV - [2009/05/16 03:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/05/16 03:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK) DRV - [2009/05/16 03:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/05/16 03:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK) DRV - [2009/05/16 03:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK) DRV - [2009/04/29 17:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009/04/20 18:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008/10/21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008/10/21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008/10/21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008/10/21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008/10/21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008/10/21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008/10/21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2004/02/04 11:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{441E1BB4-D566-4C46-9F0C-04820E74E1D7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=02e2183c1cb34dd9b2032aadd8889845&tu=10G9000861B000v&sku=&tstsId=&ver=&" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: finder%40meingutscheincode.de:3.0.2 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.126 FF - prefs.js..extensions.enabledAddons: pdfforge%40mybrowserbar.com:4.6 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:3.3.3.2 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..keyword.URL: "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=02e2183c1cb34dd9b2032aadd8889845&tu=10G9000861B000v&sku=&tstsId=&ver=&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/30 19:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/23 22:09:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/05/17 22:55:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 16:44:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 16:44:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/15 15:43:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/30 19:30:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011/09/01 10:27:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 16:44:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 16:44:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/15 15:43:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/01/30 22:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\Extensions [2010/01/30 22:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013/05/17 23:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\Firefox\Profiles\4xu31f84.default\extensions [2013/02/24 12:22:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ev\AppData\Roaming\mozilla\Firefox\Profiles\4xu31f84.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/05/17 23:07:30 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\ev\AppData\Roaming\mozilla\Firefox\Profiles\4xu31f84.default\extensions\ffxtlbr@zonealarm.com [2011/07/23 22:06:12 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\extensions\DivXWebPlayer@divx.com.xpi [2012/12/11 21:35:51 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013/05/08 23:04:59 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/01/23 12:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js [2010/08/05 21:36:36 | 000,000,941 | ---- | M] () -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\searchplugins\conduit.xml [2011/10/19 07:08:50 | 000,002,289 | ---- | M] () -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\searchplugins\ecosia.xml [2013/05/17 22:50:34 | 000,001,488 | ---- | M] () -- C:\Users\ev\AppData\Roaming\mozilla\firefox\profiles\4xu31f84.default\searchplugins\zonealarm.xml [2013/04/13 16:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/07/23 22:09:40 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011/09/01 10:27:04 | 000,000,000 | ---D | M] (preisspion.de) -- C:\PROGRAM FILES\MEIN GUTSCHEINCODE FINDER\FIREFOX [2011/08/22 21:10:21 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2013/04/13 16:44:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/03/31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2009/11/28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2012/06/21 10:13:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/11 14:06:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/21 10:13:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/06/21 10:13:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/21 10:13:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/21 10:13:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8126F23-F2A2-44E1-9F67-387FE3718A4F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d6bbde9d-35a0-11e2-abc9-18a905e5ee4d}\Shell - "" = AutoRun O33 - MountPoints2\{d6bbde9d-35a0-11e2-abc9-18a905e5ee4d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/18 09:59:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ev\Desktop\OTL.exe [2013/05/17 23:27:41 | 000,000,000 | ---D | C] -- C:\Users\ev\AppData\Roaming\Malwarebytes [2013/05/17 23:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/05/17 23:27:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/05/17 23:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/05/17 23:02:57 | 000,000,000 | ---D | C] -- C:\Users\ev\Documents\ForceField Shared Files [2013/05/17 22:56:03 | 000,000,000 | ---D | C] -- C:\Users\ev\AppData\Roaming\CheckPoint [2013/05/17 22:55:26 | 000,587,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys [2013/05/17 22:55:26 | 000,075,096 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klflt.sys [2013/05/17 22:55:25 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE [2013/05/17 22:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2013/05/17 22:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2013/05/17 22:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2013/05/15 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013/05/12 21:40:55 | 000,000,000 | ---D | C] -- C:\Users\ev\Desktop\Neuer Ordner ========== Files - Modified Within 30 Days ========== File not found -- C:\Users\ev\Desktop\DUE_12.01. [2013/05/18 10:03:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/05/18 10:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/18 10:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/18 09:59:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ev\Desktop\OTL.exe [2013/05/18 09:58:48 | 000,000,000 | ---- | M] () -- C:\Users\ev\defogger_reenable [2013/05/18 09:52:57 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/18 09:52:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/05/18 09:51:49 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys [2013/05/18 09:20:07 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/17 23:27:19 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/05/17 23:00:58 | 000,417,507 | ---- | M] () -- C:\windows\System32\drivers\vsconfig.xml [2013/05/17 22:54:22 | 000,000,732 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2013/05/16 17:35:48 | 000,508,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/05/16 15:18:23 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/05/16 15:18:23 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/05/16 15:18:23 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/05/16 15:18:23 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/05/02 17:17:29 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf ========== Files Created - No Company Name ========== File not found -- C:\Users\ev\Desktop\DUE_12.01. [2013/05/18 09:58:48 | 000,000,000 | ---- | C] () -- C:\Users\ev\defogger_reenable [2013/05/17 23:27:19 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/05/17 22:56:07 | 000,417,507 | ---- | C] () -- C:\windows\System32\drivers\vsconfig.xml [2013/05/17 22:54:22 | 000,000,732 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2013/05/02 17:17:29 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf [2013/03/01 17:47:45 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll [2013/03/01 17:47:45 | 000,037,344 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys [2012/07/30 14:16:20 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012/07/30 14:16:18 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2012/07/30 14:16:18 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2012/07/30 14:16:18 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2012/07/30 14:16:18 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011/11/24 15:43:26 | 000,004,096 | -H-- | C] () -- C:\Users\ev\AppData\Local\keyfile3.drm [2011/09/25 19:16:57 | 000,946,519 | ---- | C] () -- C:\windows\Diercke Globus Online Uninstaller.exe [2011/08/11 18:40:52 | 000,001,849 | ---- | C] () -- C:\Users\ev\AppData\Roaming\GhostObjGAFix.xml [2011/07/13 22:36:11 | 000,000,000 | ---- | C] () -- C:\Users\ev\AppData\Local\{E7DB8E29-DED0-491F-8564-75C2CDE85391} [2011/07/05 21:01:45 | 000,000,000 | ---- | C] () -- C:\Users\ev\AppData\Local\{59BC1DC2-9F9E-4423-8124-4D36CD010DCC} [2011/05/24 15:02:41 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe [2011/04/13 11:33:18 | 000,000,148 | ---- | C] () -- C:\Users\ev\.xconvrc [2010/07/29 16:59:16 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010/02/21 15:59:56 | 000,017,408 | ---- | C] () -- C:\Users\ev\AppData\Local\WebpageIcons.db [2010/01/31 15:52:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010/08/23 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Canneverbe Limited [2013/05/17 22:56:03 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\CheckPoint [2011/09/25 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Diercke Globus Online [2011/09/07 17:32:27 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Downloaded Installations [2011/08/31 17:06:02 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Dropbox [2012/10/26 21:55:54 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\DVDVideoSoft [2012/10/26 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\DVDVideoSoftIEHelpers [2010/09/14 17:56:46 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\FreeFLVConverter [2010/09/13 20:21:19 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Gutscheinmieze [2010/09/13 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\ImgBurn [2010/02/07 13:01:31 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\IrfanView [2012/08/16 17:42:58 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\MyPhoneExplorer [2011/09/12 20:42:57 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Nitro PDF [2010/02/01 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\OpenOffice.org [2010/04/13 17:47:23 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\ProtectDisc [2012/09/04 20:25:59 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Samsung [2011/07/16 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Thunderbird [2010/08/23 21:08:27 | 000,000,000 | ---D | M] -- C:\Users\ev\AppData\Roaming\Uniblue ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:760E0606BD1C6092 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 5/18/2013 10:04:18 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ev\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.80% Memory free
3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.75 Gb Total Space | 15.38 Gb Free Space | 11.50% Space Free | Partition Type: NTFS
Computer Name: EV-PC | User Name: ev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9D76FCA1-CCFB-4305-BE94-B21CD60F67BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EBE2156A-312C-4367-98C7-AB2B2C3F8737}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0878C6E5-B6D2-4CCC-A0D3-1BE3859B7324}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0C20719F-7106-43CA-B458-20793BE64030}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{13FDE6A6-15B5-4EC9-A8CC-13C9F4F20B68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{163A96A0-7BE7-4B7D-92E9-77E810AA6A4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{1C5AE799-89B9-4270-BB02-BAC40419E7B2}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{27E23ECE-171E-49DC-A010-3E3B28572A1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2FFED27E-44B5-49CB-AD62-10C82D4E54D0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{336481F2-1E84-41F7-9346-7783866BFBCD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{4773F12C-9B35-449F-97A9-6873096306F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A845840-01C7-4EBD-A7E8-B44CD958A296}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{7E2914C8-2966-4D62-969C-16D9F3379DC0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8784DDE3-47CF-4204-B190-EC5F253F4A4D}" = protocol=17 | dir=in | app=c:\users\ev\appdata\roaming\dropbox\bin\dropbox.exe |
"{91D1E7FE-5DD3-4324-917C-BF3A26E97B59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{95893CA3-58CB-44BD-9C46-55A7D8330072}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{AF42AA1B-7084-47C3-AC31-7E691DE04A30}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B253BD8F-FF87-495B-972D-B8FEC6721FF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BF9C11C2-C348-4B44-8215-1E057F4D8AF7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{CFBD2F6C-661F-490D-B43D-C3CF510E7DD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{EA239B54-8046-4A21-B067-ED3EA3143B98}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{EE2332C0-C5D0-4A4A-B55F-B121B113F383}" = protocol=6 | dir=in | app=c:\users\ev\appdata\roaming\dropbox\bin\dropbox.exe |
"{F1D7352C-6BE4-448D-9B22-E3BADE22B5B2}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{FEEAF0FE-FCAC-4F4B-B0BB-27A1EFA2AAF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"TCP Query User{0B665EC9-6F8F-4F13-8BC5-D2114C95DBA4}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{6102B154-449D-4E2D-B06B-A8C9B9F97C68}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6B7C0EBE-25F4-48D8-B05D-EC1492ABC053}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9E10DA9E-717A-4E2F-9303-EBB228A00284}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B0DF4850-AA47-4AF6-8840-40E84F8A7D0A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D2755DEC-73DE-4C1D-9760-155941E79B61}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{0444D400-88C9-4833-8B08-8543E11230B1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1735F64A-4A77-4D45-A95D-AFF996F16DE9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{35AB0EE1-8C83-456B-B4FA-16A70371B8F6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3603AF0C-17E2-44BF-9716-6371082B374A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3F5A9098-CBA3-40FC-9052-14A5E3B5FBD6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8B3220C9-3B7D-45F3-819B-E15C0654ECCE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{151C3103-B7E9-4346-9107-8FEE2BF4E93B}" = Rund um ... Seydlitz 3-4 Geographie GWG
"{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ADC5BE-8B82-426F-8779-2308B54B00EE}" = ZoneAlarm Antivirus
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{436D9902-CB85-4DE7-A0C6-05FC1E5229B8}" = TERRA-Erdkunde 8-13 Entwicklungsländer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85DDDEB7-AD6E-40E8-8F1F-0D140E6911AA}" = Rund um ... Seydlitz 1-2 Geographie GWG Baden-Württemberg
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDFC149-8359-4C4B-9DA0-BA1F773CD70C}" = HP User Guides 0140
"{9D6105F0-C6D7-4C53-851F-171F8C7F57E3}" = Sibelius Scorch (all browsers)
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE8F467D-69E9-4D81-A934-CA443D9073E8}" = Rund um ... Seydlitz 5-6 Geographie GWG
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CamStudio" = CamStudio
"ClipNavigator" = ClipNavigator
"Diercke Globus Online" = Diercke Globus Online
"DivX Setup.divx.com" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"FormatFactory" = FormatFactory 2.50
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Gadwin PrintScreen Professional" = Gadwin PrintScreen Professional
"GeoGebra" = GeoGebra
"Geographie 2.1" = Arbeitskarten Geographie 2
"Geogrid_DynPerspView" = Geogrid® DynPerspView
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"RealPlayer 12.0" = RealPlayer
"SciMacros für Microsoft Word 11" = SciMacros für Microsoft Word 2003 (Version 11)
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TERRA CD-ROM Gymnasium BW GWG 3/4_is1" = die TERRA CD-ROM Gymnasium BW GWG 3/4
"TERRA CD-ROM Gymnasium BW GWG 5/6_is1" = die TERRA CD-ROM Gymnasium BW GWG 5/6
"TERRA CD-ROM Gymnasium BW GWG1_is1" = dieTERRA CD-ROM Gymnasium BW GWG1
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.1.6
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveSlide Player" = ActiveSlide Player
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/21/2012 2:04:43 PM | Computer Name = ev-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "hpCaslNotification" konnte nicht heruntergefahren
werden.
Error - 12/21/2012 2:06:11 PM | Computer Name = ev-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 1/9/2013 2:24:11 PM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 888 Startzeit:
01cdee8df49989aa Endzeit: 40 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
9fd6f2f8-5a89-11e2-a914-18a905e5ee4d
Error - 1/14/2013 1:23:07 PM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.0.4752 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d58 Startzeit:
01cdf27981fd5c09 Endzeit: 30 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
035be3b2-5e6f-11e2-a724-18a905e5ee4d
Error - 1/25/2013 2:06:59 AM | Computer Name = ev-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x0)
festgestellt.
Error - 1/25/2013 1:57:29 PM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.1.4764 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b1c Startzeit:
01cdfb1b1bd34da4 Endzeit: 300 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
a23f908a-6718-11e2-9f7d-18a905e5ee4d
Error - 1/29/2013 5:59:28 AM | Computer Name = ev-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpasset.exe, Version: 3.0.1.0, Zeitstempel:
0x505898cd Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses:
0x14f4 Startzeit der fehlerhaften Anwendung: 0x01cdfe075070d054 Pfad der fehlerhaften
Anwendung: C:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe
Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 9142d288-69fa-11e2-a285-18a905e5ee4d
Error - 2/22/2013 12:43:02 PM | Computer Name = ev-PC | Source = VSS | ID = 8194
Description =
Error - 5/7/2013 5:14:15 AM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm SndVol.exe, Version 6.1.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 14d0 Startzeit: 01ce4b030772ee78 Endzeit: 10 Anwendungspfad:
C:\windows\system32\SndVol.exe Berichts-ID: 69fa0f97-b6f6-11e2-a679-18a905e5ee4d
Error - 5/12/2013 4:47:40 AM | Computer Name = ev-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1248 Startzeit: 01ce4eed2e580125 Endzeit: 10 Anwendungspfad:
C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: 8d180715-bae0-11e2-9ef7-18a905e5ee4d
[ Hewlett-Packard Events ]
Error - 11/20/2011 11:35:59 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 11/20/2011 11:36:01 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 11/20/2011 11:42:16 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 11/20/2011 11:42:18 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 4/26/2012 9:59:26 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 4/26/2012 9:59:48 AM | Computer Name = ev-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/0ed51557_e58f_4133_a9ba_7b1bf14476bd/nyjcbrnsukp24muajrmnmxet_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 2039 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)
Error - 6/8/2012 12:52:22 PM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 8/23/2012 10:21:40 AM | Computer Name = ev-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/6f340e09_ed3b_4e47_b8bd_ca3541bc4407/ahkenb3o467ub8h8_ogrtwtq_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 2039 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)
Error - 11/15/2012 12:53:43 PM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description =
Error - 11/29/2012 10:34:50 AM | Computer Name = ev-PC | Source = HPSF.exe | ID = 4000
Description =
[ HP Software Framework Events ]
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.220|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.230|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.250|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.270|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.290|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.310|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.329|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.349|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.367|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
Error - 12/21/2012 2:09:33 PM | Computer Name = ev-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.21 19:09:33.385|00001964|Error |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: e_BIOS_INVALID_COMMAND_TYPE
[ System Events ]
Error - 5/16/2013 4:47:58 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 5/16/2013 5:23:27 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 5/16/2013 5:39:58 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 5/16/2013 5:49:46 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 5/16/2013 11:34:36 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 5/17/2013 1:57:17 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 5/17/2013 2:03:03 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 5/17/2013 2:06:54 AM | Computer Name = ev-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 5/17/2013 4:57:10 PM | Computer Name = ev-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 5/18/2013 2:19:42 AM | Computer Name = ev-PC | Source = DCOM | ID = 10010
Description =
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-18 11:37:30
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.12.0 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ev\AppData\Local\Temp\pxldapoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x8ED920C2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcConnectPort [0x8F89F082]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcCreatePort [0x8F89F94A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x8ED464A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x8ED2E77A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwConnectPort [0x8F89EAD8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x8ED2ECF2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateFile [0x8F898334]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey [0x8F8BA1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x8ED2EBD8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreatePort [0x8F89F5E2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcess [0x8F8B3F1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcessEx [0x8F8B4344]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateSection [0x8F8BE96E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x8ED2EE12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x8ED55AC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x8ED943C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x8ED94604]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateUserProcess [0x8F8B47B8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateWaitablePort [0x8F89F740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x8ED93F0E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile [0x8F899070]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey [0x8F8BBCCE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey [0x8F8BB580]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x8ED2E7BE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDuplicateObject [0x8F8B2CFC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadDriver [0x8F892D46]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey [0x8F8BC760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey2 [0x8F8BC99E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKeyEx [0x8F8BCE50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x8ED55AE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x8ED44154]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x8ED2ED88]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile [0x8F898C22]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x8ED2EC68]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenProcess [0x8F8B6430]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x8ED951D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x8ED2EEA8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenThread [0x8F8B601E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x8ED55AD0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwProtectVirtualMemory [0x8F8CB340]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x8ED2EF32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x8ED44362]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x8ED94BDA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRenameKey [0x8F8BD838]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey [0x8F8BD11A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x8ED46284]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x8ED46112]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x8ED461C8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRequestWaitReplyPort [0x8F89E67C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey [0x8F8BE29E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x8ED94906]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSecureConnectPort [0x8F89EDA4]
SSDT 91BFF7DB ZwSetContextThread
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile [0x8F89947C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationObject [0x8F8CB204]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x8ED2EFD4]
SSDT 91BFF7E5 ZwSetSecurityObject
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSystemInformation [0x8F892410]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey [0x8F8BACA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x8ED93C56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x8ED947AE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSystemDebugControl [0x8F8B5042]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwTerminateProcess [0x8F8B4D72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x8ED942C0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwUnloadDriver [0x8F893198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x8ED95340]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x8ED9506A]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C84A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBE1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82CC522C 4 Bytes [C2, 20, D9, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82CC5254 8 Bytes [82, F0, 89, 8F, 4A, F9, 89, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82CC5298 4 Bytes [A0, 64, D4, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82CC52C4 4 Bytes [7A, E7, D2, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82CC52E8 4 Bytes JMP 83DC8F89
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[108] USER32.dll!GetUpdateRect + CF 76E3A644 5 Bytes JMP 20CC9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713614bbc
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713614bbc (not active ControlSet)
---- EOF - GMER 2.1 ----
Geändert von Toma (18.05.2013 um 21:05 Uhr) |
| Themen zu PUP.Dealio.TB in C:\Users\ev\AppData\Local\Temp\is-3TFKM.tmp\dealio.exe von Malwarebytes identifiziert |
| 32 bit, 7-zip, adobe reader xi, appdata, direkt, email, frage, fragen, freundin, fund, gehackt, geschlossen, gestern, ide, install.exe, launch, link, link geöffnet, logfiles, malwarebytes, msiinstaller, nicht möglich, nichts, ntdll.dll, pcs, pdfforge toolbar, plug-in, problem, schließe, schließen, seite, temp, users, wirklich, word 2003, würde |
Baum-Darstellung