| |
| |||||||
Log-Analyse und Auswertung: TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.06.2013, 17:02
| #1 |
| |  TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. Hallo Leute, Ich habe vor einigen Tagen meinen Laptop formatiert und Windows 7 neu aufgesetzt, da er von zwei Trojanern befallen war und ich sowieso ziemlich viel Mist drauf hatte. Bei der Formatierung wusste ich nicht genau welche Partitionen formatiert werden sollten, also formatierte ich nur (C  .Nach dem Formatieren und der Installation von Treibern (hatte ich schon vorher heruntergeladen), Flashplayer und Co. wollte ich zu allererst die E-Mails checken, jedoch wurde ich nach dem Einloggen auf Freemail.de zu einer Seite weitergeleitet, auf der stand, dass ich deren Flashplayer benötige um mein Postfach zu öffnen. Naiv wie ich bin, hab ich mir das Setup auch gezogen, ob ich ihn installiert habe weis ich nicht mehr. Danach wurde ich jedoch nicht mehr auf die andere Seite weitergeleitet. Seitdem werden aber immer wieder Pop Up Fenster im Firefox geöffnet von Seiten die "World of Trust" als nicht vertrauenswürdig einstuft. Heute habe ich die Setup-Datei mit Antivir überprüft und siehe da: "TR/Strictor.29593". Diesen habe ich in die Quarantäne verschoben und zu diesem Zeitpunkt entschloss ich mich das Trojaner-Board zu besuchen, um mir hoffentlich helfen zu lassen. Ich hoffe das waren nicht zu viele Informationen für den Anfang. Ich bin mir aber nicht sicher, welche Informationen ihr alles benötigt. Hier die LOG´s OTL.txt Code:
ATTFilter OTL logfile created on: 01.06.2013 14:39:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop\Bereinigung 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,95 Gb Total Physical Memory | 4,34 Gb Available Physical Memory | 73,00% Memory free 11,90 Gb Paging File | 10,08 Gb Available in Paging File | 84,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,59 Gb Total Space | 372,13 Gb Free Space | 83,14% Space Free | Partition Type: NTFS Drive D: | 17,87 Gb Total Space | 1,92 Gb Free Space | 10,76% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 77,78 Mb Free Space | 78,55% Space Free | Partition Type: FAT32 Drive F: | 269,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 14,42 Gb Total Space | 0,40 Gb Free Space | 2,80% Space Free | Partition Type: FAT32 Computer Name: HP-PC | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.01 13:54:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\Bereinigung\OTL.exe PRC - [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.05.14 22:57:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012.07.18 18:08:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:08:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.07.18 18:08:01 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.07.18 18:08:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.18 18:08:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe PRC - [2011.08.09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.08.09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2013.05.28 08:14:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll MOD - [2013.05.28 08:14:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll MOD - [2013.05.27 19:23:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.05.27 19:23:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.27 19:22:53 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.05.27 19:22:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.27 19:22:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.05.27 19:22:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.05.27 19:22:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.27 19:22:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - [2012.04.25 14:02:52 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011.09.30 22:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.05.23 15:20:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.14 22:57:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.18 18:08:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:08:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.07.18 18:08:01 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.07.18 18:08:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012.01.04 00:37:16 | 000,311,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.12.11 03:48:26 | 000,260,424 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService) SRV - [2011.12.09 06:41:00 | 000,269,640 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\AuthenTec\TrueService.exe -- (TrueService) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.08.09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.08.09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.06.28 17:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.06.14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.23 09:59:53 | 004,747,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.07.18 18:08:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:08:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.18 18:08:31 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.25 14:02:52 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.04.25 14:02:52 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.10.01 00:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.30 21:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.06.10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.06.10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.06.09 18:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.05.30 16:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.20 07:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 5C 3D 97 B3 57 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: fmdownloader%40gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: ytfmdownloader%40gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.backup.ftp: "172.19.1.150" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "172.19.1.150" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "172.19.1.150" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "172.19.1.150" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "172.19.1.150" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "172.19.1.150" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "172.19.1.150" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013.06.01 13:25:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013.06.01 13:25:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcfan@fansoft.br: C:\Program Files (x86)\LyricsFan\FF\ [2013.05.24 06:49:40 | 000,000,000 | ---D | M] [2013.05.23 10:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions [2013.05.23 22:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\th39jonx.default\extensions [2013.05.23 22:27:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\th39jonx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.05.23 22:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013.05.23 10:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.23 10:37:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.01 13:25:01 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\FMDOWNLOADER@GMAIL.COM [2013.06.01 13:25:01 | 000,000,000 | ---D | M] (Freemake Youtube Download Button) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\YTFMDOWNLOADER@GMAIL.COM O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O2 - BHO: (Lyrics Fan) - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Program Files (x86)\LyricsFan\lrcfan.dll (FAN Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = hxxp://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation) O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55361C37-6034-40CB-A8F1-DF445646E151}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E167851-AE3F-4DE5-8327-BC4871EAC5B3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.31 19:01:03 | 000,000,129 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{0a4917a2-c381-11e2-9133-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0a4917a2-c381-11e2-9133-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012.01.31 19:01:03 | 001,715,048 | R--- | M] (Hewlett-Packard Co.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.01 14:00:19 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Bereinigung [2013.06.01 13:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2013.06.01 13:25:03 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\Freemake [2013.06.01 13:25:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2013.06.01 13:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2013.06.01 13:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013.06.01 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2013.05.31 18:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.05.31 18:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.05.29 14:56:45 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Neuer Ordner [2013.05.29 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Audacity [2013.05.28 10:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2013.05.27 22:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acoustica MP3 To Wave Converter PLUS [2013.05.27 22:14:36 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\mp3DirectCut [2013.05.27 22:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2013.05.27 20:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RADVideo [2013.05.27 20:42:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker [2013.05.27 20:32:44 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Animake [2013.05.27 20:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Animake [2013.05.27 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013.05.27 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\IrfanView [2013.05.27 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013.05.27 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\vlc [2013.05.27 11:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.27 11:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.05.26 15:54:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.05.26 15:54:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.05.26 10:35:09 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.05.26 10:34:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.05.24 16:37:12 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\PunkBuster [2013.05.24 16:35:22 | 000,000,000 | RH-D | C] -- C:\Users\HP\AppData\Roaming\SecuROM [2013.05.24 16:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2013.05.24 16:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2013.05.24 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\WinRAR [2013.05.24 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.24 13:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.24 13:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.24 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Hewlett-Packard [2013.05.24 09:23:58 | 000,000,000 | ---D | C] -- C:\Users\HP\.thumbnails [2013.05.24 09:22:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\fontconfig [2013.05.24 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\gegl-0.2 [2013.05.24 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\HP\.gimp-2.8 [2013.05.24 09:21:21 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\schrott [2013.05.24 09:11:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW Graphics [2013.05.24 09:11:01 | 000,237,056 | ---- | C] (MW Publishing) -- C:\Windows\SysWow64\mwgfx24.dll [2013.05.24 09:11:01 | 000,191,488 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfx.dll [2013.05.24 09:11:01 | 000,104,960 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwdds.dll [2013.05.24 09:11:01 | 000,056,832 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwace.dll [2013.05.24 09:11:01 | 000,028,672 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfxcopy.exe [2013.05.24 09:11:01 | 000,000,000 | ---D | C] -- C:\Graphics [2013.05.24 06:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFan [2013.05.23 22:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.05.23 22:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.23 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.23 22:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com [2013.05.23 21:58:57 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Adobe [2013.05.23 21:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindLyrics [2013.05.23 21:33:23 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.23 16:32:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.23 15:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.05.23 15:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.05.23 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Macromedia [2013.05.23 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Macromedia [2013.05.23 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Adobe [2013.05.23 15:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.05.23 15:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2013.05.23 15:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations [2013.05.23 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\HpUpdate [2013.05.23 15:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.05.23 15:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013.05.23 15:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.05.23 15:29:10 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\HP [2013.05.23 15:20:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.05.23 15:20:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.05.23 14:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.05.23 14:42:48 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs [2013.05.23 12:13:41 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\TmForever [2013.05.23 12:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever [2013.05.23 12:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever [2013.05.23 12:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever [2013.05.23 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Avira [2013.05.23 11:03:45 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Nexway [2013.05.23 10:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.23 10:52:49 | 000,140,936 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2013.05.23 10:52:49 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.23 10:52:49 | 000,114,168 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2013.05.23 10:52:49 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.23 10:52:49 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.23 10:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.23 10:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.05.23 10:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.05.23 10:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.05.23 10:45:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.05.23 10:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.05.23 10:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.05.23 10:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.05.23 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Microsoft Help [2013.05.23 10:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.05.23 10:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.05.23 10:42:31 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.05.23 10:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.05.23 10:37:23 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Mozilla [2013.05.23 10:37:23 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Mozilla [2013.05.23 10:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.23 10:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.23 10:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.23 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\AuthenTec [2013.05.23 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Schule [2013.05.23 10:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.05.23 10:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP SimplePass [2013.05.23 10:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AuthenTec [2013.05.23 10:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AuthenTec [2013.05.23 10:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.05.23 10:32:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat [2013.05.23 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YouCam [2013.05.23 10:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2013.05.23 10:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.05.23 10:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Telespree [2013.05.23 10:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2013.05.23 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Hewlett-Packard [2013.05.23 10:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [2013.05.23 10:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2013.05.23 10:24:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\hpqLog [2013.05.23 10:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} [2013.05.23 10:23:36 | 000,000,000 | ---D | C] -- C:\HP [2013.05.23 10:22:10 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2013.05.23 10:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.05.23 10:20:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Intel Corporation [2013.05.23 10:20:27 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Synaptics [2013.05.23 10:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics [2013.05.23 10:14:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.05.23 10:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp60655 [2013.05.23 10:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2013.05.23 10:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors [2013.05.23 10:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013.05.23 10:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda [2013.05.23 10:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.05.23 10:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom [2013.05.23 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\InstallShield [2013.05.23 09:58:13 | 000,428,136 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013.05.23 09:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.05.23 09:56:17 | 000,000,000 | ---D | C] -- C:\Windows\HPQ [2013.05.23 09:55:45 | 006,344,704 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe [2013.05.23 09:55:45 | 005,298,688 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll [2013.05.23 09:55:45 | 004,444,672 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2013.05.23 09:55:45 | 001,819,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl [2013.05.23 09:55:45 | 001,425,408 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe [2013.05.23 09:55:45 | 001,085,440 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll [2013.05.23 09:55:45 | 000,249,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe [2013.05.23 09:55:45 | 000,223,744 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll [2013.05.23 09:55:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2013.05.23 09:55:14 | 000,251,904 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll [2013.05.23 09:55:13 | 001,987,072 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll [2013.05.23 09:55:13 | 000,654,336 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll [2013.05.23 09:55:13 | 000,535,552 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys [2013.05.23 09:55:13 | 000,448,512 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll [2013.05.23 09:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\IDT [2013.05.23 09:34:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\ATI [2013.05.23 09:34:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\ATI [2013.05.23 09:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.05.23 09:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2013.05.23 09:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2013.05.23 09:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.05.23 09:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.05.23 09:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.05.23 09:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.05.23 09:28:37 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.05.23 09:28:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.05.23 09:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.05.23 09:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.05.23 09:27:56 | 000,000,000 | ---D | C] -- C:\Intel [2013.05.23 09:27:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.05.23 09:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics [2013.05.23 09:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics [2013.05.23 09:26:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.05.23 09:26:54 | 000,000,000 | ---D | C] -- C:\SWsetup [2013.05.23 09:24:17 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.05.23 09:24:17 | 000,000,000 | R--D | C] -- C:\Users\HP\Searches [2013.05.23 09:24:17 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.05.23 09:24:07 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Identities [2013.05.23 09:24:04 | 000,000,000 | R--D | C] -- C:\Users\HP\Contacts [2013.05.23 09:24:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\VirtualStore [2013.05.23 09:23:51 | 000,000,000 | --SD | C] -- C:\Users\HP\AppData\Roaming\Microsoft [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Videos [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Saved Games [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Pictures [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Music [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Links [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Favorites [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Downloads [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Documents [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Desktop [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Vorlagen [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\AppData\Local\Verlauf [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\AppData\Local\Temporary Internet Files [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Startmenü [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\SendTo [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Recent [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Netzwerkumgebung [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Lokale Einstellungen [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Documents\Eigene Videos [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Documents\Eigene Musik [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Eigene Dateien [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Documents\Eigene Bilder [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Druckumgebung [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Cookies [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\AppData\Local\Anwendungsdaten [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Anwendungsdaten [2013.05.23 09:23:51 | 000,000,000 | -H-D | C] -- C:\Users\HP\AppData [2013.05.23 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Temp [2013.05.23 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Microsoft [2013.05.23 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Media Center Programs [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Programme [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.05.23 09:18:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.05.23 09:16:15 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.05.23 09:15:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2013.06.01 14:38:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.01 14:38:43 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.01 14:38:43 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.01 14:38:43 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.01 14:38:43 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.01 14:37:35 | 000,000,000 | ---- | M] () -- C:\Users\HP\defogger_reenable [2013.06.01 13:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.01 13:25:02 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2013.06.01 12:53:22 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.06.01 12:53:22 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.06.01 12:06:01 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 12:06:01 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.01 11:58:59 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Lyrics Fan Update.job [2013.06.01 11:58:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.01 11:58:24 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2013.05.31 18:38:42 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.31 18:29:43 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.28 11:50:35 | 000,018,785 | ---- | M] () -- C:\Users\HP\AppData\Local\recently-used.xbel [2013.05.27 22:27:45 | 000,001,072 | ---- | M] () -- C:\Users\HP\Desktop\TmForever - Verknüpfung.lnk [2013.05.27 22:23:51 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2013.05.27 22:11:00 | 000,001,059 | ---- | M] () -- C:\Users\HP\Desktop\mp3DirectCut.lnk [2013.05.27 20:13:06 | 000,001,002 | ---- | M] () -- C:\Users\HP\Desktop\IrfanView.lnk [2013.05.27 19:20:49 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.27 16:10:33 | 001,543,079 | ---- | M] () -- C:\Users\HP\Desktop\Djangoooo.zip [2013.05.27 11:04:34 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.27 11:01:47 | 000,001,298 | ---- | M] () -- C:\Users\HP\Desktop\iw3mp - Verknüpfung.lnk [2013.05.27 10:17:20 | 000,189,248 | ---- | M] () -- C:\Windows\SysNative\PnkBstrB.exe [2013.05.27 10:17:05 | 000,189,248 | ---- | M] () -- C:\Windows\SysNative\PnkBstrB.ex0 [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysNative\PnkBstrA.exe [2013.05.27 10:16:38 | 000,840,264 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2013.05.27 10:09:20 | 000,281,768 | ---- | M] () -- C:\Windows\SysNative\PnkBstrB.xtr [2013.05.24 17:16:19 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 17:16:19 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.24 09:21:14 | 000,001,442 | ---- | M] () -- C:\Users\HP\Desktop\gimp-2.8 - Verknüpfung.lnk [2013.05.23 22:32:49 | 000,000,545 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.23 15:29:30 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.05.23 15:19:39 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2013.05.23 15:19:39 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2013.05.23 14:35:05 | 000,007,597 | ---- | M] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg [2013.05.23 11:50:58 | 000,001,275 | ---- | M] () -- C:\Users\HP\Desktop\Raumtausch.lnk [2013.05.23 10:52:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.23 10:37:15 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.23 10:32:12 | 000,001,365 | ---- | M] () -- C:\Users\HP\Documents\CyberLink YouCam.lnk [2013.05.23 10:25:26 | 000,002,173 | ---- | M] () -- C:\Users\HP\Documents\HP Connection Manager.lnk [2013.05.23 10:24:25 | 000,002,179 | ---- | M] () -- C:\Users\HP\Documents\HP Support Assistant.lnk [2013.05.23 10:11:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf [2013.05.23 10:09:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.05.23 10:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.05.23 10:00:41 | 001,089,238 | ---- | M] () -- C:\Windows\SysNative\oem13.inf [2013.05.23 09:59:53 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll [2013.05.23 09:19:15 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.05.23 09:19:15 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.05.23 09:17:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf ========== Files Created - No Company Name ========== [2013.06.01 14:37:35 | 000,000,000 | ---- | C] () -- C:\Users\HP\defogger_reenable [2013.06.01 13:25:02 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2013.05.31 18:29:43 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.28 11:50:35 | 000,018,785 | ---- | C] () -- C:\Users\HP\AppData\Local\recently-used.xbel [2013.05.28 10:11:57 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.05.27 22:27:45 | 000,001,072 | ---- | C] () -- C:\Users\HP\Desktop\TmForever - Verknüpfung.lnk [2013.05.27 22:23:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2013.05.27 22:11:00 | 000,001,059 | ---- | C] () -- C:\Users\HP\Desktop\mp3DirectCut.lnk [2013.05.27 22:01:03 | 001,543,079 | ---- | C] () -- C:\Users\HP\Desktop\Djangoooo.zip [2013.05.27 20:13:06 | 000,001,002 | ---- | C] () -- C:\Users\HP\Desktop\IrfanView.lnk [2013.05.27 11:04:33 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.27 11:01:47 | 000,001,298 | ---- | C] () -- C:\Users\HP\Desktop\iw3mp - Verknüpfung.lnk [2013.05.27 10:20:58 | 000,281,768 | ---- | C] () -- C:\Windows\SysNative\PnkBstrB.xtr [2013.05.27 10:20:58 | 000,189,248 | ---- | C] () -- C:\Windows\SysNative\PnkBstrB.exe [2013.05.27 10:20:58 | 000,189,248 | ---- | C] () -- C:\Windows\SysNative\PnkBstrB.ex0 [2013.05.27 10:20:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysNative\PnkBstrA.exe [2013.05.27 10:17:01 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.05.26 16:59:12 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.26 10:36:17 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.05.26 10:34:34 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.05.26 10:34:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.05.26 10:34:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.05.26 10:33:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.05.24 17:16:19 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 17:16:19 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.24 16:34:29 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.24 16:34:29 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.24 16:34:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.05.24 09:21:14 | 000,001,442 | ---- | C] () -- C:\Users\HP\Desktop\gimp-2.8 - Verknüpfung.lnk [2013.05.24 06:49:41 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\Lyrics Fan Update.job [2013.05.23 22:32:39 | 000,000,545 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.05.23 22:15:16 | 000,002,003 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk [2013.05.23 21:56:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.05.23 21:38:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.05.23 15:56:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.05.23 15:29:30 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.05.23 15:20:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 14:43:14 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.05.23 14:35:05 | 000,007,597 | ---- | C] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg [2013.05.23 11:50:38 | 000,001,275 | ---- | C] () -- C:\Users\HP\Desktop\Raumtausch.lnk [2013.05.23 10:52:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.23 10:37:15 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.23 10:37:14 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.23 10:32:12 | 000,001,365 | ---- | C] () -- C:\Users\HP\Documents\CyberLink YouCam.lnk [2013.05.23 10:25:26 | 000,002,173 | ---- | C] () -- C:\Users\HP\Documents\HP Connection Manager.lnk [2013.05.23 10:24:25 | 000,002,179 | ---- | C] () -- C:\Users\HP\Documents\HP Support Assistant.lnk [2013.05.23 10:11:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf [2013.05.23 10:09:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.05.23 10:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.05.23 10:00:47 | 001,089,238 | ---- | C] () -- C:\Windows\SysNative\oem13.inf [2013.05.23 10:00:10 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll [2013.05.23 09:58:13 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013.05.23 09:32:59 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2013.05.23 09:32:59 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat [2013.05.23 09:28:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.05.23 09:24:59 | 000,001,409 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.05.23 09:24:55 | 000,001,443 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.05.23 09:19:09 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.05.23 09:19:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.05.23 09:17:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.05.23 09:15:25 | 495,865,855 | -HS- | C] () -- C:\hiberfil.sys [2011.09.30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.08.09 08:30:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.09 08:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.09 08:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.09 08:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.06.09 18:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.06.2013 14:39:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop\Bereinigung
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,95 Gb Total Physical Memory | 4,34 Gb Available Physical Memory | 73,00% Memory free
11,90 Gb Paging File | 10,08 Gb Available in Paging File | 84,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,59 Gb Total Space | 372,13 Gb Free Space | 83,14% Space Free | Partition Type: NTFS
Drive D: | 17,87 Gb Total Space | 1,92 Gb Free Space | 10,76% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 77,78 Mb Free Space | 78,55% Space Free | Partition Type: FAT32
Drive F: | 269,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,42 Gb Total Space | 0,40 Gb Free Space | 2,80% Space Free | Partition Type: FAT32
Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E883360-C146-4EF2-B540-B53E50593B51}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F9F762E-4C32-4B86-9EAE-FA25AE637174}" = rport=139 | protocol=6 | dir=out | app=system |
"{0FAEB3A2-7B5F-4B21-BF9E-59AA91F993B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1470C75C-6BF1-47FF-BEC5-6BB40074C0E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17532EC9-63A6-495C-99B7-BC4F7588B00F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{282D8877-88A4-4F9F-A8B4-54D0BD6F6244}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FB2FA2C-C07B-43D8-BD36-03C0F65C8F53}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2FE32FDE-29A2-414F-958D-C1244488E3F3}" = lport=445 | protocol=6 | dir=in | app=system |
"{5529F5FC-144A-4F2D-9B90-A9AE11288019}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D5FD6A9-F5BB-4719-B4EF-DE76B1E16475}" = lport=137 | protocol=17 | dir=in | app=system |
"{605B96F4-8514-4E87-8D50-06E030B76C60}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F16DD50-4343-4A0A-9993-426A319B1ABC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F848624-A4F7-4911-B697-7DC256F7EA45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{816FC32E-5E00-49C1-9AF1-4972B498F18F}" = lport=138 | protocol=17 | dir=in | app=system |
"{88AD8EEF-172E-4726-ADD3-0E0BD0180AC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{94221988-24F4-46F2-A977-189CA3058537}" = rport=445 | protocol=6 | dir=out | app=system |
"{95D75479-F39A-403E-9388-9B293A8B406E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{966BAD92-8194-49E3-99BB-5608D555F3EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F8B61F7-9A01-42EC-9673-35DF55748CCD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C10D6643-98CF-4936-A7AE-670931599883}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E13E6A92-67A7-411E-B741-B8FAAB9ECB8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6857A5E-CB49-4DE2-A5FE-8111268B1528}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC740102-85E8-4D16-8E8F-0B8FF24C0292}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F3367C09-7976-42A5-9731-EB0ACD5DAB46}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E180075-A73E-4B82-B7AA-E1B3BD10E7D4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0FEBBC58-F187-46D7-A023-51C3C861487D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{13DCD82D-7FDD-4253-AFDB-BDBCA57DC0FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{197D39AC-E290-417D-88B8-7EF634F10A81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3934EFC1-A7ED-420B-9DE3-794B55F53FD2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44FE2142-D213-46CA-BCC2-B1CCCAE317A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45E1AC92-770F-439E-89E0-05441245C884}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe |
"{46CBF368-6441-40DB-A2F0-885E4268F97F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5AB60B13-C96F-4178-BA69-D99B14BB41DF}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe |
"{656C5B61-FB20-4109-8552-B7EEBE77F3CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E6C1373-4899-418F-B37F-092B107669E8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{88A8939D-9F3E-4AF5-8251-6B698835386A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8F228DA1-2AC4-40E9-AF5B-4271AB18A9B6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{90C35831-579B-493B-8747-F429715D0344}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{925B4FED-2D70-4CF4-B0DB-0F50D11ADFDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2C7313B-B790-4BC6-80E8-0A6C266F067D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9E2EAC5-5B3E-4122-A470-764B2B34689B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B2E46DA5-2041-4DD2-B68A-439B1FCE109D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC30FD82-F5E1-4808-82EE-2B6633C817BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7BEB55-98F2-489C-B8B0-CC9222264A93}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C0AC06C4-26BC-437D-A7D0-F7FE5D03198E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C1B57482-7383-4BBA-8E89-D35336E727DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D20B33AF-C4EA-4E94-A1EC-59E966627E9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5D77FAB-5C9C-48B1-8761-DF17E69AD759}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D8545397-FC8D-479A-B78F-E04412152899}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBC31DED-CC6C-43DA-BA55-4D19978C709F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E1E4AFD2-97DA-40BF-A760-2675A42A956B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E50427A5-C745-4B00-AFB6-ED1822EB3B2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB171E2E-78AA-4E9E-A018-2349E6FDD62B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FD06A6B9-0F31-4ABA-B3D8-3729AAE283C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FD9F6C85-3A4D-484D-9E45-5E946FC80092}" = protocol=6 | dir=out | app=system |
"TCP Query User{2C9B6000-6151-4010-83C3-D34084010625}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{9707715A-4E5D-47E7-983C-742049DAEB60}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{DE571F08-82CD-4E62-8F6A-DA31B86E7E62}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{0F007BBE-845E-4672-B947-59164299260E}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{36A12929-42A9-48B0-87FA-B762352E8C34}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{65FCC6DB-55AA-4B1A-AC11-038BAFC43450}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1876545F-47B1-80A7-2F98-D175DA98A392}" = ccc-utility64
"{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A9C5381E-F415-4EDC-95A2-9164218FEA8A}" = HP Deskjet 3520 series - Grundlegende Software für das Gerät
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E75A77D7-A854-44D6-A46B-82332AD79E9E}" = Studie zur Verbesserung von HP Deskjet 3520 series Produkten
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9E64F70-9BE4-4ECD-9B83-09E74CF5B6C3}" = AuthenTec TrueAPI 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics TouchPad Driver
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}" = Catalyst Control Center Graphics Previews Common
"{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding
"{120F4744-38ED-FB1E-F313-A7A7E419A71E}" = CCC Help Chinese Traditional
"{135AAD7D-FB4A-800C-E7F2-58D02B936C38}" = Catalyst Control Center Localization All
"{178EA4CE-9622-76B4-308F-73FEC150DBB4}" = CCC Help Norwegian
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}" = CCC Help Swedish
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}" = CCC Help Portuguese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{412308A1-73B4-A26B-57A8-BE827ADA9BF9}" = Catalyst Control Center Profiles Mobile
"{483539DB-FA71-4C45-8438-55D3DCFDECC8}" = HP Software Framework
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6937DA-DABE-31C9-C433-D67C640B7BED}" = CCC Help Italian
"{52594AFD-2797-356A-CC6F-57047524F1E1}" = CCC Help Japanese
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C7F3D35-9018-A839-3B9C-E50B517B9458}" = CCC Help Hungarian
"{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy
"{5E63C0AB-19B0-47D4-842E-6B324EB0614B}" = HP Connection Manager
"{60CD8628-DDD9-B498-A368-D01A4793CCFA}" = CCC Help Dutch
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6866ADAD-71F1-D306-B979-6371D8C4411A}" = CCC Help German
"{6B953497-169C-4929-9AA9-A9F510347468}" = HP Deskjet 3520 series Hilfe
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{76D0E682-0183-E295-FA4C-DA6763669CCA}" = CCC Help English
"{880B5A98-B242-4B53-BD6F-41EA17495EAD}" = HP SimplePass
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DB85CDE-EC37-A333-05B1-23846D03F08D}" = CCC Help Russian
"{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}" = CCC Help French
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}" = CCC Help Korean
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
"{B18BEB15-A9DA-43D7-BAE1-C6C67484C2C0}" = ESU for Microsoft Windows 7 SP1
"{B357B619-36C5-7C1E-063B-92677609CB14}" = CCC Help Danish
"{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C5D8263A-4D81-8979-91DE-B10120642FC5}" = Catalyst Control Center
"{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}" = CCC Help Finnish
"{CF48FF43-B417-637C-C804-0F285FD7ED05}" = CCC Help Spanish
"{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}" = CCC Help Czech
"{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}" = CCC Help Greek
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E59E0B3D-F840-5910-DF8C-73CFA82613C2}" = CCC Help Polish
"{E635F3DC-E92B-6E68-A2E7-BF77298E8584}" = PX Profile Update
"{E77268D6-5E7F-6DE1-34AC-A1A276710C21}" = CCC Help Chinese Standard
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F5C7356C-463C-75BC-E4E0-324E4516EB73}" = CCC Help Thai
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Professional Security
"COD4_is1" = Call of Duty(R) 4 - Modern Warfare(TM)
"FileHippo.com" = FileHippo.com Update Checker
"Freemake Video Downloader_is1" = Freemake Video Downloader
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"lrcfan@fansoft.br" = Lyrics Fan
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"TmNationsForever_is1" = TmNationsForever
"WinPcapInst" = WinPcap 4.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2013 06:15:11 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 28.05.2013 07:31:52 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 28.05.2013 10:58:18 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 28.05.2013 15:54:52 | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16483,
Zeitstempel: 0x515df825 Name des fehlerhaften Moduls: SeaNote.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4dd6f83b Ausnahmecode: 0xc0000005 Fehleroffset: 0x63851060
ID
des fehlerhaften Prozesses: 0xfe0 Startzeit der fehlerhaften Anwendung: 0x01ce5bdd3427824d
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
des fehlerhaften Moduls: SeaNote.dll Berichtskennung: 756910d3-c7d0-11e2-9b99-082e5f80547b
Error - 29.05.2013 02:15:59 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 29.05.2013 03:15:59 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 29.05.2013 04:16:00 | Computer Name = HP-PC | Source = Avira Antivirus | ID = 4129
Description = Das Update von HP-PC (172.19.73.19) ist fehlgeschlagen. Während des
Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen.
Error - 30.05.2013 09:08:31 | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7abf9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000052fc6
ID
des fehlerhaften Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01ce5d36bd6644af
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 06512c30-c92a-11e2-96a0-20107a063c92
Error - 30.05.2013 17:20:02 | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001cffe7 ID des fehlerhaften Prozesses:
0x1070 Startzeit der fehlerhaften Anwendung: 0x01ce5d74ebc999fe Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: b042412b-c96e-11e2-9c58-082e5f80547b
Error - 31.05.2013 05:55:02 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = Programm iw3mp.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b0c Startzeit:
01ce5dd24ce26f26 Endzeit: 1258 Anwendungspfad: C:\Program Files (x86)\Activision\Call
of Duty 4 - Modern Warfare\iw3mp.exe Berichts-ID:
[ Hewlett-Packard Events ]
Error - 25.05.2013 09:21:47 | Computer Name = HP-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 bei System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
bei System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() bei HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object
arg) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
Während des Vorgangs ist eine Ausnahme aufgetreten, sodass das Ergebnis ungültig
ist. Weitere Ausnahmedetails finden Sie in InnerException. StackTrace: bei System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
bei System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() bei HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) bei System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) bei System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object
arg) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml" konnte nicht gefunden werden. Name: HPSF.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Format:
de-DE RAM: 6091 Ram Utilization: 30 TargetSite: Void RaiseExceptionIfNecessary()
[ HP Software Framework Events ]
Error - 24.05.2013 04:46:13 | Computer Name = HP-PC | Source = CaslSmBios | ID = 5
Description = 2013.05.24 10:46:13.464|00000588|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
[ System Events ]
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x33) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x34) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x35) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x36) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x37) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x38) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x39) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x3a) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x3b) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 30.05.2013 16:33:04 | Computer Name = HP-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-01 17:21:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0005 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\HP\AppData\Local\Temp\pxldipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072e61a22 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072e61ad0 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072e61b08 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072e61bba 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072e61bda 2 bytes [E6, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077981465 2 bytes [98, 77]
.text C:\Windows\SysWOW64\PnkBstrA.exe[636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779814bb 2 bytes [98, 77]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 528
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 247
---- EOF - GMER 2.1 ----
|
|
01.06.2013, 17:39
| #2 | |
| /// the machine /// TB-Ausbilder    | TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. Hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
01.06.2013, 20:07
| #3 |
| | TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. Hier das Combofix-Log
__________________Combofix Logfile: Code:
ATTFilter ComboFix 13-06-01.01 - HP 01.06.2013 20:52:06.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6092.4663 [GMT 2:00]
ausgeführt von:: c:\users\HP\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-01 bis 2013-06-01 ))))))))))))))))))))))))))))))
.
.
2013-06-01 18:57 . 2013-06-01 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-01 11:25 . 2013-06-01 11:25 -------- d-----w- c:\program files\WinPcap
2013-06-01 11:25 . 2013-06-01 11:25 -------- d-----w- c:\programdata\Freemake
2013-06-01 11:25 . 2013-05-14 21:14 8013376 ----a-w- c:\program files (x86)\Internet Explorer\Microsoft.mshtml.dll
2013-06-01 11:24 . 2013-06-01 11:25 -------- d-----w- c:\program files (x86)\Freemake
2013-05-31 16:29 . 2013-05-31 16:29 -------- d-----w- c:\program files\CCleaner
2013-05-28 20:02 . 2013-05-28 20:05 8597072 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-05-28 08:11 . 2013-05-28 08:11 -------- d-----w- c:\program files (x86)\Audacity
2013-05-27 20:23 . 2013-05-27 20:23 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-05-27 20:22 . 2013-05-27 20:24 -------- d-----w- c:\program files (x86)\Acoustica MP3 To Wave Converter PLUS
2013-05-27 20:11 . 2013-05-27 20:11 -------- d-----w- c:\program files (x86)\mp3DirectCut
2013-05-27 18:42 . 2013-05-27 18:42 -------- d-----w- c:\program files (x86)\RADVideo
2013-05-27 18:32 . 2013-05-27 18:32 -------- d-----w- c:\program files\Animake
2013-05-27 18:13 . 2013-05-27 18:13 -------- d-----w- c:\program files (x86)\IrfanView
2013-05-27 17:05 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-27 17:05 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-27 17:05 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-27 09:56 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-27 09:56 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-27 09:56 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-27 09:56 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-27 09:56 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-27 09:56 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-27 09:56 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-27 09:56 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-27 09:51 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-05-27 09:42 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-27 09:42 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-27 09:42 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-27 09:37 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-05-27 09:37 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-05-27 09:37 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-05-27 09:37 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-05-27 09:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-05-27 09:04 . 2013-05-27 09:04 -------- d-----w- c:\program files\VideoLAN
2013-05-27 08:20 . 2013-05-27 08:17 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-27 08:20 . 2013-05-27 08:17 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-05-27 08:20 . 2013-05-27 08:17 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-05-27 08:20 . 2013-05-27 08:09 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-27 08:17 . 2013-05-27 08:16 840264 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-05-26 14:59 . 2013-06-01 10:53 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-26 14:52 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-05-26 14:52 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-05-26 14:52 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-26 14:19 . 2013-05-26 14:19 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-05-26 13:54 . 2013-05-26 13:54 -------- d-----w- c:\windows\system32\SPReview
2013-05-26 13:54 . 2013-05-26 13:54 -------- d-----w- c:\windows\system32\EventProviders
2013-05-26 08:37 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-05-26 08:37 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-05-26 08:35 . 2010-11-20 13:25 1475584 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
2013-05-26 08:34 . 2010-11-20 13:27 769536 ----a-w- c:\windows\system32\sud.dll
2013-05-26 08:33 . 2010-11-20 13:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2013-05-26 08:33 . 2010-11-20 13:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2013-05-26 08:33 . 2010-11-20 13:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2013-05-26 08:33 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2013-05-26 08:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2013-05-26 08:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2013-05-26 08:33 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-05-26 08:33 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-05-26 08:33 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-05-26 08:31 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-05-26 08:31 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-05-26 08:30 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-05-25 12:25 . 2013-05-25 12:25 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-05-25 12:25 . 2013-05-25 12:25 -------- d-----w- c:\windows\system32\wbem\en-US
2013-05-24 14:34 . 2013-06-01 10:53 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-24 14:33 . 2007-03-15 14:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2013-05-24 14:21 . 2013-05-24 14:21 -------- d-----w- c:\program files (x86)\Activision
2013-05-24 11:47 . 2013-05-24 11:48 -------- d-----w- c:\program files\WinRAR
2013-05-24 07:11 . 2013-05-24 07:11 -------- d-----w- C:\Graphics
2013-05-24 07:11 . 2009-03-10 21:25 191488 ------w- c:\windows\SysWow64\mwgfx.dll
2013-05-24 07:11 . 2008-10-20 11:44 237056 ------w- c:\windows\SysWow64\mwgfx24.dll
2013-05-24 07:11 . 2008-09-05 06:32 104960 ------w- c:\windows\SysWow64\mwdds.dll
2013-05-24 07:11 . 2007-08-19 07:37 28672 ------w- c:\windows\SysWow64\mwgfxcopy.exe
2013-05-24 07:11 . 2004-05-14 09:13 56832 ------w- c:\windows\SysWow64\mwace.dll
2013-05-24 04:56 . 2013-05-03 14:15 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-24 04:49 . 2013-05-24 04:49 -------- d-----w- c:\program files (x86)\LyricsFan
2013-05-23 20:32 . 2013-05-23 20:32 545 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-23 20:19 . 2013-05-23 20:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-23 20:18 . 2013-05-23 20:18 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-23 20:18 . 2013-05-23 20:18 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-23 20:18 . 2013-05-23 20:18 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-23 20:18 . 2013-05-23 20:18 -------- d-----w- c:\program files (x86)\Java
2013-05-23 20:15 . 2013-05-23 20:15 -------- d-----w- c:\program files (x86)\FileHippo.com
2013-05-23 19:56 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-05-23 19:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-23 19:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-23 19:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-05-23 19:48 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-05-23 19:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-05-23 19:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-05-23 19:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-05-23 19:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-05-23 19:39 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-05-23 19:39 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-05-23 19:38 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-05-23 19:38 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-05-23 19:38 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-05-23 19:38 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-05-23 19:38 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-05-23 19:38 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-05-23 19:38 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-05-23 19:36 . 2013-05-24 04:49 -------- d-----w- c:\program files (x86)\FindLyrics
2013-05-23 19:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-05-23 19:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-05-23 19:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-05-23 19:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-05-23 19:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-05-23 16:47 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-05-23 16:47 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-05-23 16:47 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-05-23 16:47 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-05-23 16:47 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-05-23 16:47 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-05-23 16:30 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-05-23 16:30 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-05-23 16:23 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-23 16:23 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-23 16:23 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-23 16:23 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-23 16:23 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-23 16:23 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-23 16:13 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-05-23 16:13 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-05-23 16:13 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-26 14:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-05-26 14:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-04-13 05:49 . 2013-05-27 09:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-27 09:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-27 09:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-27 09:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-27 09:57 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-27 09:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A8720491-9558-4C0D-9E35-30EED15DFB2B}]
2013-05-20 09:10 127488 ----a-w- c:\program files (x86)\LyricsFan\lrcfan.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-07-18 375760]
R4 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
R4 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R4 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-04-25 31000]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
R4 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-05-14 9216]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-23 13:20]
.
2013-06-01 c:\windows\Tasks\Lyrics Fan Update.job
- c:\program files (x86)\LyricsFan\LyricsFanUpdater.exe [2013-05-20 09:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-03 1425408]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\th39jonx.default\
FF - prefs.js: network.proxy.ftp - 172.19.1.150
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 172.19.1.150
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.19.1.150
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.19.1.150
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-23 22:27; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\th39jonx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-05-24 06:49; lrcfan@fansoft.br; c:\program files (x86)\LyricsFan\FF
FF - ExtSQL: 2013-06-01 13:25; fmdownloader@gmail.com; c:\program files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF - ExtSQL: 2013-06-01 13:25; ytfmdownloader@gmail.com; c:\program files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1992994291-2889284697-3986107553-1000\Software\SecuROM\License information*]
"datasecu"=hex:4a,b5,af,c0,0a,00,31,3f,7f,44,45,88,20,49,19,a7,3a,9b,0e,8d,8f,
e3,e6,19,3f,78,ef,01,ff,9d,fd,45,34,c7,5b,4d,a8,63,88,9d,7e,44,60,40,4f,75,\
"rkeysecu"=hex:86,51,4a,05,d3,99,29,80,53,83,6c,f7,70,e2,67,fa
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-01 20:58:56
ComboFix-quarantined-files.txt 2013-06-01 18:58
ComboFix2.txt 2013-06-01 18:25
.
Vor Suchlauf: 13 Verzeichnis(se), 398.765.604.864 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 398.689.275.904 Bytes frei
.
- - End Of File - - CBD9F1471A95F03BB3BA9DE4CD299BAC
Gruß Bagusto, und Danke für die Hilfe |
|
01.06.2013, 20:19
| #4 |
| /// the machine /// TB-Ausbilder | TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. Bitte mal den Inhalt von C:\Qoobox\Combofix2.txt posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 21:15
| #5 |
| | TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. Jo, hier: Combofix Logfile: Code:
ATTFilter ComboFix 13-06-01.01 - HP 01.06.2013 20:11:13.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6092.4621 [GMT 2:00]
ausgeführt von:: c:\users\HP\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-01 bis 2013-06-01 ))))))))))))))))))))))))))))))
.
.
2013-06-01 11:25 . 2013-06-01 11:25 -------- d-----w- c:\program files\WinPcap
2013-06-01 11:25 . 2013-06-01 11:25 -------- d-----w- c:\programdata\Freemake
2013-06-01 11:25 . 2013-05-14 21:14 8013376 ----a-w- c:\program files (x86)\Internet Explorer\Microsoft.mshtml.dll
2013-06-01 11:24 . 2013-06-01 11:25 -------- d-----w- c:\program files (x86)\Freemake
2013-05-31 16:29 . 2013-05-31 16:29 -------- d-----w- c:\program files\CCleaner
2013-05-28 20:02 . 2013-05-28 20:05 8597072 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2013-05-28 08:11 . 2013-05-28 08:11 -------- d-----w- c:\program files (x86)\Audacity
2013-05-27 20:23 . 2013-05-27 20:23 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-05-27 20:22 . 2013-05-27 20:24 -------- d-----w- c:\program files (x86)\Acoustica MP3 To Wave Converter PLUS
2013-05-27 20:11 . 2013-05-27 20:11 -------- d-----w- c:\program files (x86)\mp3DirectCut
2013-05-27 18:42 . 2013-05-27 18:42 -------- d-----w- c:\program files (x86)\RADVideo
2013-05-27 18:32 . 2013-05-27 18:32 -------- d-----w- c:\program files\Animake
2013-05-27 18:13 . 2013-05-27 18:13 -------- d-----w- c:\program files (x86)\IrfanView
2013-05-27 17:05 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-27 17:05 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-27 17:05 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-27 09:56 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-27 09:56 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-27 09:56 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-27 09:56 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-27 09:56 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-27 09:56 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-27 09:56 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-27 09:56 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-27 09:51 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-05-27 09:42 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-27 09:42 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-27 09:42 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-27 09:37 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-05-27 09:37 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-05-27 09:37 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-05-27 09:37 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-05-27 09:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-05-27 09:04 . 2013-05-27 09:04 -------- d-----w- c:\program files\VideoLAN
2013-05-27 08:20 . 2013-05-27 08:17 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-27 08:20 . 2013-05-27 08:17 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-05-27 08:20 . 2013-05-27 08:17 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-05-27 08:20 . 2013-05-27 08:09 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-27 08:17 . 2013-05-27 08:16 840264 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-05-26 14:59 . 2013-06-01 10:53 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-26 14:52 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-05-26 14:52 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-05-26 14:52 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-26 14:19 . 2013-05-26 14:19 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-05-26 13:54 . 2013-05-26 13:54 -------- d-----w- c:\windows\system32\SPReview
2013-05-26 13:54 . 2013-05-26 13:54 -------- d-----w- c:\windows\system32\EventProviders
2013-05-26 08:37 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2013-05-26 08:37 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-05-26 08:35 . 2010-11-20 13:25 1475584 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
2013-05-26 08:34 . 2010-11-20 13:27 769536 ----a-w- c:\windows\system32\sud.dll
2013-05-26 08:33 . 2010-11-20 13:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2013-05-26 08:33 . 2010-11-20 13:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2013-05-26 08:33 . 2010-11-20 13:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2013-05-26 08:33 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2013-05-26 08:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2013-05-26 08:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2013-05-26 08:33 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-05-26 08:33 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-05-26 08:33 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-05-26 08:31 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-05-26 08:31 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-05-26 08:30 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-05-25 12:25 . 2013-05-25 12:25 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-05-25 12:25 . 2013-05-25 12:25 -------- d-----w- c:\windows\system32\wbem\en-US
2013-05-24 14:34 . 2013-06-01 10:53 282472 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-24 14:33 . 2007-03-15 14:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll
2013-05-24 14:21 . 2013-05-24 14:21 -------- d-----w- c:\program files (x86)\Activision
2013-05-24 11:47 . 2013-05-24 11:48 -------- d-----w- c:\program files\WinRAR
2013-05-24 07:11 . 2013-05-24 07:11 -------- d-----w- C:\Graphics
2013-05-24 07:11 . 2009-03-10 21:25 191488 ------w- c:\windows\SysWow64\mwgfx.dll
2013-05-24 07:11 . 2008-10-20 11:44 237056 ------w- c:\windows\SysWow64\mwgfx24.dll
2013-05-24 07:11 . 2008-09-05 06:32 104960 ------w- c:\windows\SysWow64\mwdds.dll
2013-05-24 07:11 . 2007-08-19 07:37 28672 ------w- c:\windows\SysWow64\mwgfxcopy.exe
2013-05-24 07:11 . 2004-05-14 09:13 56832 ------w- c:\windows\SysWow64\mwace.dll
2013-05-24 04:56 . 2013-05-03 14:15 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-24 04:49 . 2013-05-24 04:49 -------- d-----w- c:\program files (x86)\LyricsFan
2013-05-23 20:32 . 2013-05-23 20:32 545 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-23 20:19 . 2013-05-23 20:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-23 20:18 . 2013-05-23 20:18 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-23 20:18 . 2013-05-23 20:18 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-23 20:18 . 2013-05-23 20:18 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-23 20:18 . 2013-05-23 20:18 -------- d-----w- c:\program files (x86)\Java
2013-05-23 20:15 . 2013-05-23 20:15 -------- d-----w- c:\program files (x86)\FileHippo.com
2013-05-23 19:56 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-05-23 19:56 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-23 19:56 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-23 19:56 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-05-23 19:48 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-05-23 19:39 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-05-23 19:39 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-05-23 19:39 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-05-23 19:39 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-05-23 19:39 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-05-23 19:39 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-05-23 19:38 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-05-23 19:38 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-05-23 19:38 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-05-23 19:38 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-05-23 19:38 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-05-23 19:38 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-05-23 19:38 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-05-23 19:36 . 2013-05-24 04:49 -------- d-----w- c:\program files (x86)\FindLyrics
2013-05-23 19:32 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-05-23 19:32 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-05-23 19:32 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-05-23 19:32 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-05-23 19:32 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-05-23 16:47 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-05-23 16:47 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-05-23 16:47 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-05-23 16:47 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-05-23 16:47 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-05-23 16:47 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-05-23 16:30 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-05-23 16:30 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-05-23 16:23 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-23 16:23 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-23 16:23 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-23 16:23 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-23 16:23 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-23 16:23 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-23 16:13 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-05-23 16:13 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-05-23 16:13 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-05-23 16:13 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-26 14:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-05-26 14:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-04-13 05:49 . 2013-05-27 09:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-27 09:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-27 09:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-27 09:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-27 09:57 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-27 09:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A8720491-9558-4C0D-9E35-30EED15DFB2B}]
2013-05-20 09:10 127488 ----a-w- c:\program files (x86)\LyricsFan\lrcfan.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R4 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-04-25 31000]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
R4 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-07-18 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-05-14 9216]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-23 13:20]
.
2013-06-01 c:\windows\Tasks\Lyrics Fan Update.job
- c:\program files (x86)\LyricsFan\LyricsFanUpdater.exe [2013-05-20 09:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-03 1425408]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\th39jonx.default\
FF - prefs.js: network.proxy.ftp - 172.19.1.150
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 172.19.1.150
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 172.19.1.150
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 172.19.1.150
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-23 22:27; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\th39jonx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-05-24 06:49; lrcfan@fansoft.br; c:\program files (x86)\LyricsFan\FF
FF - ExtSQL: 2013-06-01 13:25; fmdownloader@gmail.com; c:\program files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF - ExtSQL: 2013-06-01 13:25; ytfmdownloader@gmail.com; c:\program files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1992994291-2889284697-3986107553-1000\Software\SecuROM\License information*]
"datasecu"=hex:4a,b5,af,c0,0a,00,31,3f,7f,44,45,88,20,49,19,a7,3a,9b,0e,8d,8f,
e3,e6,19,3f,78,ef,01,ff,9d,fd,45,34,c7,5b,4d,a8,63,88,9d,7e,44,60,40,4f,75,\
"rkeysecu"=hex:86,51,4a,05,d3,99,29,80,53,83,6c,f7,70,e2,67,fa
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-01 20:25:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-01 18:25
.
Vor Suchlauf: 10 Verzeichnis(se), 399.088.373.760 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 398.416.289.792 Bytes frei
.
- - End Of File - - 6ED498320D763EDD54DECF5D1E55BA9C
Danke |
|
01.06.2013, 21:22
| #6 |
| /// the machine /// TB-Ausbilder | TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool Setze einen Haken bei folgenden Einträgen
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
Und ein frisches OTL log, dann sollten wir durch sein
__________________ --> TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. |
|
02.06.2013, 07:10
| #7 |
| | TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. So, ich hoffe das ist die richtige Reihenfolge: MiniToolbox Log: Code:
ATTFilter MiniToolBox by Farbar Version:21-04-2013
Ran by HP (administrator) on 02-06-2013 at 00:12:07
Running from "C:\Users\HP\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"network.proxy.backup.ftp", "172.19.1.150"
"network.proxy.backup.ftp_port", 3128
"network.proxy.backup.socks", "172.19.1.150"
"network.proxy.backup.socks_port", 3128
"network.proxy.backup.ssl", "172.19.1.150"
"network.proxy.backup.ssl_port", 3128
"network.proxy.ftp", "172.19.1.150"
"network.proxy.ftp_port", 3128
"network.proxy.http", "172.19.1.150"
"network.proxy.http_port", 3128
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "172.19.1.150"
"network.proxy.socks_port", 3128
"network.proxy.ssl", "172.19.1.150"
"network.proxy.ssl_port", 3128
"network.proxy.type", 0
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek PCIe GBE Family Controller = LAN-Verbindung (Connected)
Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter = Drahtlosnetzwerkverbindung (Connected)
# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# Ende der IPv4-Konfiguration
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : HP-PC
Prim„res DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : speedport.ip
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 02/06/2013 um 00:14:50 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : HP - HP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HP\Desktop\adwcleaner_2.3.0.1.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\th39jonx.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [9907 octets] - [23/05/2013 22:15:22]
AdwCleaner[R2].txt - [1279 octets] - [31/05/2013 18:29:16]
AdwCleaner[S1].txt - [358 octets] - [23/05/2013 22:15:36]
AdwCleaner[S2].txt - [11614 octets] - [23/05/2013 22:32:35]
AdwCleaner[S3].txt - [1251 octets] - [24/05/2013 15:58:36]
AdwCleaner[S4].txt - [1342 octets] - [31/05/2013 18:29:45]
AdwCleaner[S5].txt - [1079 octets] - [02/06/2013 00:14:50]
########## EOF - C:\AdwCleaner[S5].txt - [1139 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by HP on 02.06.2013 at 0:17:53,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\th39jonx.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.06.2013 at 0:20:44,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bb0098f3b3dba04dbb641880e11ddb22
# engine=13971
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-02 12:06:52
# local_time=2013-06-02 02:06:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1802 16775165 100 98 32589 140802915 0 0
# compatibility_mode=5893 16776574 66 85 552831 121761462 0 0
# scanned=200911
# found=4
# cleaned=0
# scan_time=4371
sh=B51F765D4C6F94FD7C06051AC36E8E03785A0EAC ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Program Files (x86)\LyricsFan\chrome.crx"
sh=A440DB719846223DB0E5E49625BD8648ADCD0C61 ft=1 fh=cc29963ebb4626a1 vn="Win32/Adware.AddLyrics.E application" ac=I fn="C:\Program Files (x86)\LyricsFan\lrcfan.dll"
sh=BF9B37C971E8F9A468FF32FB3B68240C1A8E766F ft=1 fh=45f21034eff58ce9 vn="Win32/Adware.AddLyrics.E application" ac=I fn="C:\Program Files (x86)\LyricsFan\LyricsFanUpdater.exe"
sh=F2C403E41500F698E5E725F3F8EC508CF328D5C8 ft=0 fh=0000000000000000 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Program Files (x86)\LyricsFan\FF\chrome\content\main.js"
Code:
ATTFilter Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter OTL logfile created on: 02.06.2013 07:50:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,95 Gb Total Physical Memory | 4,30 Gb Available Physical Memory | 72,34% Memory free 11,90 Gb Paging File | 10,12 Gb Available in Paging File | 85,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,59 Gb Total Space | 370,32 Gb Free Space | 82,74% Space Free | Partition Type: NTFS Drive D: | 17,87 Gb Total Space | 1,92 Gb Free Space | 10,76% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 77,78 Mb Free Space | 78,55% Space Free | Partition Type: FAT32 Drive F: | 269,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 14,42 Gb Total Space | 0,40 Gb Free Space | 2,80% Space Free | Partition Type: FAT32 Computer Name: HP-PC | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.02 00:09:04 | 000,890,839 | ---- | M] () -- C:\Users\HP\Desktop\SecurityCheck.exe PRC - [2013.06.01 13:54:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe PRC - [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.05.14 22:57:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012.07.18 18:08:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:08:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.07.18 18:08:01 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.07.18 18:08:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.18 18:08:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe PRC - [2011.08.09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.08.09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2013.06.02 00:09:04 | 000,890,839 | ---- | M] () -- C:\Users\HP\Desktop\SecurityCheck.exe MOD - [2013.05.28 08:14:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll MOD - [2013.05.28 08:14:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll MOD - [2013.05.27 19:23:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.05.27 19:23:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.27 19:22:53 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.05.27 19:22:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.27 19:22:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.05.27 19:22:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.05.27 19:22:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.27 19:22:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - [2012.04.25 14:02:52 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011.09.30 22:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.05.23 15:20:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.14 22:57:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.18 18:08:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:08:03 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.07.18 18:08:01 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.07.18 18:08:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012.01.04 00:37:16 | 000,311,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.12.11 03:48:26 | 000,260,424 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService) SRV - [2011.12.09 06:41:00 | 000,269,640 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\AuthenTec\TrueService.exe -- (TrueService) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.08.09 08:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.08.09 08:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.06.28 17:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.06.14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.23 09:59:53 | 004,747,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.07.18 18:08:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:08:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.07.18 18:08:31 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.25 14:02:52 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.04.25 14:02:52 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.10.01 00:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.30 21:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.09 08:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.06.10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.06.10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.06.09 18:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.05.30 16:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.20 07:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 5C 3D 97 B3 57 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: fmdownloader%40gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: ytfmdownloader%40gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.backup.ftp: "172.19.1.150" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "172.19.1.150" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "172.19.1.150" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "172.19.1.150" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "172.19.1.150" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "172.19.1.150" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "172.19.1.150" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013.06.01 13:25:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013.06.01 13:25:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcfan@fansoft.br: C:\Program Files (x86)\LyricsFan\FF\ [2013.05.24 06:49:40 | 000,000,000 | ---D | M] [2013.05.23 10:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions [2013.05.23 22:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\th39jonx.default\extensions [2013.05.23 22:27:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\th39jonx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.05.23 22:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013.05.23 10:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.23 10:37:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.01 13:25:01 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\FMDOWNLOADER@GMAIL.COM [2013.06.01 13:25:01 | 000,000,000 | ---D | M] (Freemake Youtube Download Button) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX\YTFMDOWNLOADER@GMAIL.COM O1 HOSTS File: ([2013.06.01 20:16:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O2 - BHO: (Lyrics Fan) - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Program Files (x86)\LyricsFan\lrcfan.dll (FAN Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = hxxp://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation) O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55361C37-6034-40CB-A8F1-DF445646E151}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E167851-AE3F-4DE5-8327-BC4871EAC5B3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.31 19:01:03 | 000,000,129 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.02 00:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.06.02 00:17:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.02 00:17:43 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.02 00:04:18 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\HP\Desktop\JRT.exe [2013.06.01 23:56:43 | 002,347,384 | ---- | C] (ESET) -- C:\Users\HP\Desktop\esetsmartinstaller_enu.exe [2013.06.01 23:44:18 | 000,760,723 | ---- | C] (Farbar) -- C:\Users\HP\Desktop\MiniToolBox.exe [2013.06.01 21:04:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.01 20:58:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.01 20:09:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.01 20:09:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.01 20:09:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.01 20:09:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.01 20:08:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.01 19:58:37 | 005,076,199 | R--- | C] (Swearware) -- C:\Users\HP\Desktop\ComboFix.exe [2013.06.01 14:00:19 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Bereinigung [2013.06.01 13:54:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2013.06.01 13:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2013.06.01 13:25:03 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\Freemake [2013.06.01 13:25:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2013.06.01 13:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2013.06.01 13:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013.06.01 13:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2013.05.31 18:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.05.31 18:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.05.29 14:56:45 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Neuer Ordner [2013.05.29 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Audacity [2013.05.28 10:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2013.05.27 22:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acoustica MP3 To Wave Converter PLUS [2013.05.27 22:14:36 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\mp3DirectCut [2013.05.27 22:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2013.05.27 20:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RADVideo [2013.05.27 20:42:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker [2013.05.27 20:32:44 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Animake [2013.05.27 20:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Animake [2013.05.27 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013.05.27 20:13:06 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\IrfanView [2013.05.27 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013.05.27 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\vlc [2013.05.27 11:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.27 11:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.05.26 15:54:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.05.26 15:54:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.05.26 10:35:09 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.05.26 10:34:50 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.05.24 16:37:12 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\PunkBuster [2013.05.24 16:35:22 | 000,000,000 | RH-D | C] -- C:\Users\HP\AppData\Roaming\SecuROM [2013.05.24 16:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2013.05.24 16:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2013.05.24 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\WinRAR [2013.05.24 13:48:05 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.24 13:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.05.24 13:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.05.24 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Hewlett-Packard [2013.05.24 09:23:58 | 000,000,000 | ---D | C] -- C:\Users\HP\.thumbnails [2013.05.24 09:22:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\fontconfig [2013.05.24 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\gegl-0.2 [2013.05.24 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\HP\.gimp-2.8 [2013.05.24 09:21:21 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\schrott [2013.05.24 09:11:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW Graphics [2013.05.24 09:11:01 | 000,237,056 | ---- | C] (MW Publishing) -- C:\Windows\SysWow64\mwgfx24.dll [2013.05.24 09:11:01 | 000,191,488 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfx.dll [2013.05.24 09:11:01 | 000,104,960 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwdds.dll [2013.05.24 09:11:01 | 000,056,832 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwace.dll [2013.05.24 09:11:01 | 000,028,672 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfxcopy.exe [2013.05.24 09:11:01 | 000,000,000 | ---D | C] -- C:\Graphics [2013.05.24 06:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFan [2013.05.23 22:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.05.23 22:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.23 22:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.23 22:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com [2013.05.23 21:58:57 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Adobe [2013.05.23 21:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FindLyrics [2013.05.23 21:33:23 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.23 16:32:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.23 15:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.05.23 15:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.05.23 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Macromedia [2013.05.23 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Macromedia [2013.05.23 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Adobe [2013.05.23 15:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.05.23 15:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2013.05.23 15:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations [2013.05.23 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\HpUpdate [2013.05.23 15:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.05.23 15:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013.05.23 15:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.05.23 15:29:10 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\HP [2013.05.23 15:20:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.05.23 15:20:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.05.23 14:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.05.23 14:42:48 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs [2013.05.23 12:13:41 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\TmForever [2013.05.23 12:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever [2013.05.23 12:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever [2013.05.23 12:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever [2013.05.23 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Avira [2013.05.23 11:03:45 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Nexway [2013.05.23 10:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.23 10:52:49 | 000,140,936 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2013.05.23 10:52:49 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.23 10:52:49 | 000,114,168 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2013.05.23 10:52:49 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.23 10:52:49 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.23 10:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.23 10:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.05.23 10:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.05.23 10:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.05.23 10:45:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.05.23 10:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.05.23 10:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.05.23 10:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.05.23 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Microsoft Help [2013.05.23 10:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.05.23 10:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.05.23 10:42:31 | 000,000,000 | R--D | C] -- C:\MSOCache [2013.05.23 10:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.05.23 10:37:23 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Mozilla [2013.05.23 10:37:23 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Mozilla [2013.05.23 10:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.23 10:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.23 10:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.23 10:33:58 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\AuthenTec [2013.05.23 10:33:50 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Schule [2013.05.23 10:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.05.23 10:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP SimplePass [2013.05.23 10:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AuthenTec [2013.05.23 10:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AuthenTec [2013.05.23 10:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.05.23 10:32:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat [2013.05.23 10:32:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YouCam [2013.05.23 10:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2013.05.23 10:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.05.23 10:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Telespree [2013.05.23 10:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2013.05.23 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Hewlett-Packard [2013.05.23 10:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [2013.05.23 10:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2013.05.23 10:24:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\hpqLog [2013.05.23 10:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} [2013.05.23 10:23:36 | 000,000,000 | ---D | C] -- C:\HP [2013.05.23 10:22:10 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2013.05.23 10:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.05.23 10:20:39 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Intel Corporation [2013.05.23 10:20:27 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Synaptics [2013.05.23 10:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics [2013.05.23 10:14:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.05.23 10:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp60655 [2013.05.23 10:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2013.05.23 10:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Validity Sensors [2013.05.23 10:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013.05.23 10:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda [2013.05.23 10:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.05.23 10:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom [2013.05.23 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\InstallShield [2013.05.23 09:58:13 | 000,428,136 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013.05.23 09:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.05.23 09:56:17 | 000,000,000 | ---D | C] -- C:\Windows\HPQ [2013.05.23 09:55:45 | 006,344,704 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe [2013.05.23 09:55:45 | 005,298,688 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll [2013.05.23 09:55:45 | 004,444,672 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2013.05.23 09:55:45 | 001,819,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl [2013.05.23 09:55:45 | 001,425,408 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe [2013.05.23 09:55:45 | 001,085,440 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll [2013.05.23 09:55:45 | 000,249,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe [2013.05.23 09:55:45 | 000,223,744 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll [2013.05.23 09:55:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2013.05.23 09:55:14 | 000,251,904 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll [2013.05.23 09:55:13 | 001,987,072 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll [2013.05.23 09:55:13 | 000,654,336 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll [2013.05.23 09:55:13 | 000,535,552 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys [2013.05.23 09:55:13 | 000,448,512 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll [2013.05.23 09:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\IDT [2013.05.23 09:34:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\ATI [2013.05.23 09:34:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\ATI [2013.05.23 09:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.05.23 09:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2013.05.23 09:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2013.05.23 09:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.05.23 09:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.05.23 09:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.05.23 09:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.05.23 09:28:37 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.05.23 09:28:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.05.23 09:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.05.23 09:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.05.23 09:27:56 | 000,000,000 | ---D | C] -- C:\Intel [2013.05.23 09:27:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.05.23 09:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics [2013.05.23 09:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics [2013.05.23 09:26:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.05.23 09:26:54 | 000,000,000 | ---D | C] -- C:\SWsetup [2013.05.23 09:24:17 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.05.23 09:24:17 | 000,000,000 | R--D | C] -- C:\Users\HP\Searches [2013.05.23 09:24:17 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.05.23 09:24:07 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Identities [2013.05.23 09:24:04 | 000,000,000 | R--D | C] -- C:\Users\HP\Contacts [2013.05.23 09:24:02 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\VirtualStore [2013.05.23 09:23:51 | 000,000,000 | --SD | C] -- C:\Users\HP\AppData\Roaming\Microsoft [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Videos [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Saved Games [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Pictures [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Music [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Links [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Favorites [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Downloads [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Documents [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\Desktop [2013.05.23 09:23:51 | 000,000,000 | R--D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Vorlagen [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\AppData\Local\Verlauf [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\AppData\Local\Temporary Internet Files [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Startmenü [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\SendTo [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Recent [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Netzwerkumgebung [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Lokale Einstellungen [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Documents\Eigene Videos [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Documents\Eigene Musik [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Eigene Dateien [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Documents\Eigene Bilder [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Druckumgebung [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Cookies [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\AppData\Local\Anwendungsdaten [2013.05.23 09:23:51 | 000,000,000 | -HSD | C] -- C:\Users\HP\Anwendungsdaten [2013.05.23 09:23:51 | 000,000,000 | -H-D | C] -- C:\Users\HP\AppData [2013.05.23 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Temp [2013.05.23 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Microsoft [2013.05.23 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Media Center Programs [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Programme [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.05.23 09:23:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.05.23 09:23:44 | 000,000,000 | ---D | C] -- C:\Recovery [2013.05.23 09:18:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.05.23 09:16:15 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.05.23 09:15:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2013.06.02 07:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.02 06:39:05 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\Lyrics Fan Update.job [2013.06.02 00:34:33 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 00:34:33 | 000,018,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 00:31:24 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.02 00:31:24 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.02 00:31:24 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.02 00:31:24 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.02 00:31:24 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.02 00:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.02 00:26:45 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 00:09:04 | 000,890,839 | ---- | M] () -- C:\Users\HP\Desktop\SecurityCheck.exe [2013.06.02 00:04:30 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\HP\Desktop\JRT.exe [2013.06.01 23:57:43 | 002,347,384 | ---- | M] (ESET) -- C:\Users\HP\Desktop\esetsmartinstaller_enu.exe [2013.06.01 23:44:31 | 000,760,723 | ---- | M] (Farbar) -- C:\Users\HP\Desktop\MiniToolBox.exe [2013.06.01 21:11:12 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.06.01 21:11:12 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.06.01 20:16:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.01 20:00:52 | 005,076,199 | R--- | M] (Swearware) -- C:\Users\HP\Desktop\ComboFix.exe [2013.06.01 14:37:35 | 000,000,000 | ---- | M] () -- C:\Users\HP\defogger_reenable [2013.06.01 13:54:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2013.06.01 13:25:02 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2013.06.01 12:53:22 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.31 18:29:43 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.28 11:50:35 | 000,018,785 | ---- | M] () -- C:\Users\HP\AppData\Local\recently-used.xbel [2013.05.27 22:27:45 | 000,001,072 | ---- | M] () -- C:\Users\HP\Desktop\TmForever - Verknüpfung.lnk [2013.05.27 22:23:51 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2013.05.27 22:11:00 | 000,001,059 | ---- | M] () -- C:\Users\HP\Desktop\mp3DirectCut.lnk [2013.05.27 20:13:06 | 000,001,002 | ---- | M] () -- C:\Users\HP\Desktop\IrfanView.lnk [2013.05.27 19:20:49 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.27 16:10:33 | 001,543,079 | ---- | M] () -- C:\Users\HP\Desktop\Djangoooo.zip [2013.05.27 11:04:34 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.27 11:01:47 | 000,001,298 | ---- | M] () -- C:\Users\HP\Desktop\iw3mp - Verknüpfung.lnk [2013.05.27 10:17:20 | 000,189,248 | ---- | M] () -- C:\Windows\SysNative\PnkBstrB.exe [2013.05.27 10:17:05 | 000,189,248 | ---- | M] () -- C:\Windows\SysNative\PnkBstrB.ex0 [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.05.27 10:17:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysNative\PnkBstrA.exe [2013.05.27 10:16:38 | 000,840,264 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2013.05.27 10:09:20 | 000,281,768 | ---- | M] () -- C:\Windows\SysNative\PnkBstrB.xtr [2013.05.24 17:16:19 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 17:16:19 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.24 09:21:14 | 000,001,442 | ---- | M] () -- C:\Users\HP\Desktop\gimp-2.8 - Verknüpfung.lnk [2013.05.23 22:32:49 | 000,000,545 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.23 22:13:46 | 000,632,031 | ---- | M] () -- C:\Users\HP\Desktop\adwcleaner_2.3.0.1.exe [2013.05.23 15:29:30 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.05.23 15:19:39 | 000,140,936 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys [2013.05.23 15:19:39 | 000,114,168 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys [2013.05.23 14:35:05 | 000,007,597 | ---- | M] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg [2013.05.23 11:50:58 | 000,001,275 | ---- | M] () -- C:\Users\HP\Desktop\Raumtausch.lnk [2013.05.23 10:52:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.23 10:37:15 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.23 10:32:12 | 000,001,365 | ---- | M] () -- C:\Users\HP\Documents\CyberLink YouCam.lnk [2013.05.23 10:25:26 | 000,002,173 | ---- | M] () -- C:\Users\HP\Documents\HP Connection Manager.lnk [2013.05.23 10:24:25 | 000,002,179 | ---- | M] () -- C:\Users\HP\Documents\HP Support Assistant.lnk [2013.05.23 10:11:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf [2013.05.23 10:09:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.05.23 10:02:00 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.05.23 10:00:41 | 001,089,238 | ---- | M] () -- C:\Windows\SysNative\oem13.inf [2013.05.23 09:59:53 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll [2013.05.23 09:19:15 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.05.23 09:19:15 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.05.23 09:17:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf ========== Files Created - No Company Name ========== [2013.06.02 00:07:22 | 000,890,839 | ---- | C] () -- C:\Users\HP\Desktop\SecurityCheck.exe [2013.06.01 20:09:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.01 20:09:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.01 20:09:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.01 20:09:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.01 20:09:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.01 14:37:35 | 000,000,000 | ---- | C] () -- C:\Users\HP\defogger_reenable [2013.06.01 13:25:02 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2013.05.31 18:29:43 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.28 11:50:35 | 000,018,785 | ---- | C] () -- C:\Users\HP\AppData\Local\recently-used.xbel [2013.05.28 10:11:57 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.05.27 22:27:45 | 000,001,072 | ---- | C] () -- C:\Users\HP\Desktop\TmForever - Verknüpfung.lnk [2013.05.27 22:23:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2013.05.27 22:11:00 | 000,001,059 | ---- | C] () -- C:\Users\HP\Desktop\mp3DirectCut.lnk [2013.05.27 22:01:03 | 001,543,079 | ---- | C] () -- C:\Users\HP\Desktop\Djangoooo.zip [2013.05.27 20:13:06 | 000,001,002 | ---- | C] () -- C:\Users\HP\Desktop\IrfanView.lnk [2013.05.27 11:04:33 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.27 11:01:47 | 000,001,298 | ---- | C] () -- C:\Users\HP\Desktop\iw3mp - Verknüpfung.lnk [2013.05.27 10:20:58 | 000,281,768 | ---- | C] () -- C:\Windows\SysNative\PnkBstrB.xtr [2013.05.27 10:20:58 | 000,189,248 | ---- | C] () -- C:\Windows\SysNative\PnkBstrB.exe [2013.05.27 10:20:58 | 000,189,248 | ---- | C] () -- C:\Windows\SysNative\PnkBstrB.ex0 [2013.05.27 10:20:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysNative\PnkBstrA.exe [2013.05.27 10:17:01 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.05.26 16:59:12 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.26 10:36:17 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.05.26 10:34:34 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.05.26 10:34:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.05.26 10:34:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.05.26 10:33:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.05.24 17:16:19 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.24 17:16:19 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.24 16:34:29 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.24 16:34:29 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.24 16:34:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.05.24 09:21:14 | 000,001,442 | ---- | C] () -- C:\Users\HP\Desktop\gimp-2.8 - Verknüpfung.lnk [2013.05.24 06:49:41 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\Lyrics Fan Update.job [2013.05.23 22:32:39 | 000,000,545 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.05.23 22:15:16 | 000,002,003 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk [2013.05.23 22:13:19 | 000,632,031 | ---- | C] () -- C:\Users\HP\Desktop\adwcleaner_2.3.0.1.exe [2013.05.23 21:56:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.05.23 21:38:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.05.23 15:56:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.05.23 15:29:30 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.05.23 15:20:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 14:43:14 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.05.23 14:35:05 | 000,007,597 | ---- | C] () -- C:\Users\HP\AppData\Local\Resmon.ResmonCfg [2013.05.23 11:50:38 | 000,001,275 | ---- | C] () -- C:\Users\HP\Desktop\Raumtausch.lnk [2013.05.23 10:52:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.23 10:37:15 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.23 10:37:14 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.23 10:32:12 | 000,001,365 | ---- | C] () -- C:\Users\HP\Documents\CyberLink YouCam.lnk [2013.05.23 10:25:26 | 000,002,173 | ---- | C] () -- C:\Users\HP\Documents\HP Connection Manager.lnk [2013.05.23 10:24:25 | 000,002,179 | ---- | C] () -- C:\Users\HP\Documents\HP Support Assistant.lnk [2013.05.23 10:11:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf [2013.05.23 10:09:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.05.23 10:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.05.23 10:00:47 | 001,089,238 | ---- | C] () -- C:\Windows\SysNative\oem13.inf [2013.05.23 10:00:10 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll [2013.05.23 09:58:13 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013.05.23 09:32:59 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2013.05.23 09:32:59 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat [2013.05.23 09:28:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.05.23 09:24:59 | 000,001,409 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.05.23 09:24:55 | 000,001,443 | ---- | C] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.05.23 09:19:09 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.05.23 09:19:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.05.23 09:17:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.05.23 09:15:25 | 495,865,855 | -HS- | C] () -- C:\hiberfil.sys [2011.09.30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.08.09 08:30:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.09 08:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.09 08:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.09 08:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.06.09 18:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== P.S. Wäre ganz gut wenn der Thread erstmal 2-3 Tage offen bleiben würde, falls sich diese Pop Up Fenster weiterhin öffnen sollten. Danke, Danke, Danke Gruß, Bagusto |
|
02.06.2013, 07:41
| #8 |
| /// the machine /// TB-Ausbilder | TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. Der Thread bleibt immer offen Adware-Kram, sonst nix. Schau mal ob Du LyricFan unter Software findest, wenn ja deinstallieren. Antivir brauch en Update. Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.backup.ftp: "172.19.1.150"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "172.19.1.150"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "172.19.1.150"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "172.19.1.150"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "172.19.1.150"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.19.1.150"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "172.19.1.150"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
:Files
C:\Program Files (x86)\LyricsFan
:Commands
[emptytemp]
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.06.2013, 07:53
| #9 |
| | TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. Ich weis nicht, warum das Programm meckert. Antivir ist auf dem neusten Stand. Lyrics-Fan hab ich manuell deinstalliert und hier das Log vom Fix Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "172.19.1.150" removed from network.proxy.backup.ftp
Prefs.js: 3128 removed from network.proxy.backup.ftp_port
Prefs.js: "172.19.1.150" removed from network.proxy.backup.socks
Prefs.js: 3128 removed from network.proxy.backup.socks_port
Prefs.js: "172.19.1.150" removed from network.proxy.backup.ssl
Prefs.js: 3128 removed from network.proxy.backup.ssl_port
Prefs.js: "172.19.1.150" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "172.19.1.150" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "172.19.1.150" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "172.19.1.150" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
========== FILES ==========
File\Folder C:\Program Files (x86)\LyricsFan not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: HP
->Temp folder emptied: 174114 bytes
->Temporary Internet Files folder emptied: 33604 bytes
->Java cache emptied: 91113 bytes
->FireFox cache emptied: 21807191 bytes
->Flash cache emptied: 506 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6548 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36147989 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 56,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06022013_084443
Files\Folders moved on Reboot...
C:\Users\HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Gruß Bagusto, und nochmal Danke dafür, dass du dir hier freiwillig so eine Mühe machst!  |
|
02.06.2013, 07:54
| #10 |
| /// the machine /// TB-Ausbilder | TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob/Kritik loswerden möchtest: http://www.trojaner-board.de/lob-kritik-wuensche/ Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu TR/Strictor.29593 und dauerhaft öffnende Pop-Up Fenster. |
| antivir, avira, bho, bingbar, converter, desktop, error, fehler, firefox, flash player, helper, hewlett packard, home, iexplore.exe, igdpmd64.sys, install.exe, launch, logfile, mozilla, mp3, ntdll.dll, object, plug-in, pop up fenster, pop-up fenster, realtek, registry, scan, security, senden, svchost.exe, trojaner, windows, windows xp |
Textbox. 
Linear-Darstellung
