| |
| |||||||
Log-Analyse und Auswertung: HD-Total Addware in FirefoxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.03.2014, 18:49
| #1 |
 |  HD-Total Addware in Firefox Hallo Als ich mich vor gut einer Woche via Kabel mit dem Internet verbunden habe, hat Norton Alarm geschlagen (suspicious Cloud 9). Ich hatte mir das Programm Virtual Wifi Router installiert, da es mir nicht erlaubt ist einen Hardwarerouter zu benützen. Nun zu meinem Problem. In meinem Browser hat sich das Addon HD-Total eingenistet, welches mich mit zwielichtigen Seiten zu verbinden versucht. Ich hatte dann einen Scan mit HijackThis gemacht, das Addon deinstalliert und folgenden Registryeintrag gelöscht: O2 - BHO: CrossriderApp0053360 - {11111111-1111-1111-1111-110511331160} - C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-bho.dll Das Addon installiert sich aber immer wieder selbst und ist auch in den programfiles zu finden. Norton hatte vor geraumer Zeit auch mal den Zeustrojaner in einer Email gefunden und in die Quarantäne verschoben, falls sonst noch verdächtiges Zeug auftauchen sollte. Vielen Dank und hier noch die Logs Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:02:21, on 14.03.2014 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Users\*****\AppData\Local\FilesFrog Update Checker\update_checker.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = hxxp://pac.zhaw.ch/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: CrossriderApp0053360 - {11111111-1111-1111-1111-110511331160} - C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-bho.dll O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = *****\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr3.swh.mhn.de O17 - HKLM\System\CCS\Services\Tcpip\..\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr3.swh.mhn.de O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = zhaw.ch,sitecomwl351 O17 - HKLM\System\CS1\Services\Tcpip\..\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr3.swh.mhn.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = zhaw.ch,sitecomwl351 O17 - HKLM\System\CS2\Services\Tcpip\..\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = zhaw.ch,sitecomwl351 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP SkyRoom (Hp.Skyroom.Windows.Service) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Remote Graphics Sender Service (rgsender) - Hewlett-Packard, Inc. - c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe O23 - Service: SEB Windows Service (SebWindowsService) - ETH Zurich - C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16819 bytes Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:34 on 23/03/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ****** (administrator) on R108016 on 23-03-2014 17:37:48
Running from C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Solid Documents, LLC) C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe
(ETH Zurich) C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(PortableApps.com) E:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-18] (IDT, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2013-12-26] ()
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Smart File Advisor] - C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-17] (Power Software Ltd)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-10-28] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
IFEO\Utilman.exe: [Debugger]
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: [NameServer]10.148.96.2,10.156.33.53
Tcpip\..\Interfaces\{D15E7D67-71C5-48B9-8B7C-6F5D7C87E9C4}: [NameServer]160.85.192.100,160.85.193.100
FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default
FF user.js: detected! => C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\user.js
FF Homepage: www.google.ch
FF NetworkProxy: "autoconfig_url", "hxxp://pac.zhaw.ch/proxy.pac"
FF NetworkProxy: "backup.ftp", "46.163.66.107"
FF NetworkProxy: "backup.ftp_port", 1080
FF NetworkProxy: "backup.socks", "46.163.66.107"
FF NetworkProxy: "backup.socks_port", 1080
FF NetworkProxy: "backup.ssl", "46.163.66.107"
FF NetworkProxy: "backup.ssl_port", 1080
FF NetworkProxy: "ftp", "212.144.254.123"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.123"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.123"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.123"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HD-Total-1.1 - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com [2014-03-16]
FF Extension: Copy Links - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5} [2011-08-09]
FF Extension: WOT - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\admin@proxy-listen.de.xpi [2013-01-19]
FF Extension: Flagfox - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-09]
FF Extension: NoScript - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-20]
FF Extension: BugMeNot Plugin - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013-01-02]
FF Extension: DownThemAll! - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-23]
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124984 2009-11-20] (Hewlett-Packard)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 SCPDFReadSpool; C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [193392 2012-09-10] (Solid Documents, LLC)
R2 SebWindowsService; C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe [32256 2012-12-19] (ETH Zurich)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2009-11-18] (IDT, Inc.)
==================== Drivers (Whitelisted) ====================
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-23] (Symantec Corporation)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2010-10-18] (Ekahau Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\ENG64.SYS [126040 2014-03-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\EX64.SYS [2099288 2014-03-14] (Symantec Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-10-11] (Acronis)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-10-11] (Acronis)
U4 eabfiltr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-23 17:37 - 2014-03-23 17:37 - 00000000 ____D () C:\FRST
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-23 17:33 - 2014-03-23 17:37 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:45 - 2014-03-19 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-15 09:38 - 2014-03-15 12:41 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-14 10:41 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-14 10:41 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-14 10:41 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-14 10:41 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-14 10:41 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-14 10:41 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-14 10:41 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-14 10:41 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-14 10:41 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-14 10:41 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-14 10:41 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-14 10:41 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-14 10:41 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-14 10:41 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-14 10:41 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-14 10:41 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-14 10:41 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-14 10:41 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-14 07:45 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-14 07:45 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-14 07:45 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-14 07:45 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-14 07:45 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-14 07:45 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-14 07:44 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-14 07:44 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:49 - 2014-03-23 13:08 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-13 20:40 - 2014-03-23 14:45 - 00002528 _____ () C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00003090 _____ () C:\windows\Tasks\hdtotal1.1-chromeinstaller.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00001504 _____ () C:\windows\Tasks\hdtotal1.1-updater.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00001458 _____ () C:\windows\Tasks\hdtotal1.1-codedownloader.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00001358 _____ () C:\windows\Tasks\hdtotal1.1-enabler.job
2014-03-13 20:40 - 2014-03-18 14:41 - 00000000 ____D () C:\Program Files (x86)\hdtotal1.1
2014-03-13 20:40 - 2014-03-15 21:33 - 00000000 ____D () C:\Users\******\AppData\Local\FilesFrog Update Checker
2014-03-13 20:40 - 2014-03-13 20:40 - 00004534 _____ () C:\windows\System32\Tasks\hdtotal1.1-updater
2014-03-13 20:40 - 2014-03-13 20:40 - 00004488 _____ () C:\windows\System32\Tasks\hdtotal1.1-codedownloader
2014-03-13 20:40 - 2014-03-13 20:40 - 00004388 _____ () C:\windows\System32\Tasks\hdtotal1.1-enabler
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:40 - 2014-03-13 20:40 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2014-03-13 20:39 - 2014-03-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-06 09:51 - 2014-03-20 15:48 - 00000448 _____ () C:\windows\setupact.log
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:50 - 2014-03-06 09:50 - 00114018 _____ () C:\windows\PFRO.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip
==================== One Month Modified Files and Folders =======
2014-03-23 17:37 - 2014-03-23 17:37 - 00000000 ____D () C:\FRST
2014-03-23 17:37 - 2014-03-23 17:33 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-23 17:34 - 2010-09-30 16:14 - 00000000 ____D () C:\Users\******
2014-03-23 17:29 - 2012-07-28 17:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 17:02 - 2013-01-20 10:57 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job
2014-03-23 14:45 - 2014-03-13 20:40 - 00002528 _____ () C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00003090 _____ () C:\windows\Tasks\hdtotal1.1-chromeinstaller.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00001504 _____ () C:\windows\Tasks\hdtotal1.1-updater.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00001458 _____ () C:\windows\Tasks\hdtotal1.1-codedownloader.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00001358 _____ () C:\windows\Tasks\hdtotal1.1-enabler.job
2014-03-23 14:01 - 2010-09-03 23:09 - 01055857 _____ () C:\windows\WindowsUpdate.log
2014-03-23 13:08 - 2014-03-13 20:49 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-23 12:43 - 2014-03-13 20:39 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-23 11:35 - 2013-01-20 10:57 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job
2014-03-22 15:18 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 15:18 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 01:22 - 2012-04-20 17:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-03-21 22:56 - 2012-03-11 15:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-03-21 20:42 - 2010-09-03 21:29 - 00723100 _____ () C:\windows\system32\perfh007.dat
2014-03-21 20:42 - 2010-09-03 21:29 - 00158370 _____ () C:\windows\system32\perfc007.dat
2014-03-21 20:42 - 2009-07-14 06:13 - 01667084 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:49 - 2012-03-11 15:40 - 00000000 ___RD () C:\Users\******\Dropbox
2014-03-20 15:49 - 2010-09-03 21:30 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-03-20 15:48 - 2014-03-06 09:51 - 00000448 _____ () C:\windows\setupact.log
2014-03-20 15:48 - 2012-05-08 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 15:48 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-20 15:40 - 2012-09-10 12:44 - 00001370 _____ () C:\Users\******\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-03-20 08:37 - 2013-05-17 11:02 - 00000000 ____D () C:\Users\******\Documents\Kochen
2014-03-19 22:57 - 2014-03-19 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:06 - 2013-10-03 20:44 - 00000000 ____D () C:\Users\******\Documents\Arbeitspläne, Erzbierschof
2014-03-19 08:50 - 2010-09-30 16:44 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-19 08:46 - 2012-12-07 15:25 - 00000039 _____ () C:\windows\vbaddin.ini
2014-03-19 08:46 - 2012-09-08 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 08:45 - 2013-07-28 20:59 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 08:42 - 2010-10-05 21:46 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-18 14:41 - 2014-03-13 20:40 - 00000000 ____D () C:\Program Files (x86)\hdtotal1.1
2014-03-18 08:04 - 2011-11-08 21:29 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-18 08:04 - 2010-10-08 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-03-15 22:52 - 2012-05-28 14:09 - 00000000 ____D () C:\Users\******\Documents\Studium
2014-03-15 21:33 - 2014-03-13 20:40 - 00000000 ____D () C:\Users\******\AppData\Local\FilesFrog Update Checker
2014-03-15 20:09 - 2013-10-21 14:28 - 00000000 ____D () C:\Users\******\Documents\Bier
2014-03-15 12:41 - 2014-03-15 09:38 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-15 11:53 - 2009-07-14 05:45 - 00422576 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-13 20:40 - 2014-03-13 20:40 - 00004534 _____ () C:\windows\System32\Tasks\hdtotal1.1-updater
2014-03-13 20:40 - 2014-03-13 20:40 - 00004488 _____ () C:\windows\System32\Tasks\hdtotal1.1-codedownloader
2014-03-13 20:40 - 2014-03-13 20:40 - 00004388 _____ () C:\windows\System32\Tasks\hdtotal1.1-enabler
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:40 - 2014-03-13 20:40 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-12 10:30 - 2012-07-28 17:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 10:30 - 2012-04-24 19:51 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:30 - 2011-07-18 18:44 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-06 23:10 - 2014-02-02 17:19 - 00000000 ____D () C:\Users\******\AppData\Local\JDownloader v2.0
2014-03-06 23:03 - 2011-07-17 13:08 - 00000000 ____D () C:\Users\******\Downloads\jdownloader
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:50 - 2014-03-06 09:50 - 00114018 _____ () C:\windows\PFRO.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-03-01 10:47 - 2010-10-09 19:10 - 01612384 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-14 10:41 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-14 10:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-14 10:41 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-14 10:41 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-14 10:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-14 10:41 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-14 10:41 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-14 10:41 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-14 10:41 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-14 10:41 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-14 10:41 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-14 10:41 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-14 10:41 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-14 10:41 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-14 10:41 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-14 10:41 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-14 10:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-14 10:41 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 10:41 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-14 10:41 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-14 10:41 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-14 10:41 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-14 10:41 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-14 10:41 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-14 10:41 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-14 10:41 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-14 10:41 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 10:41 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 10:41 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 10:41 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 10:41 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 10:41 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 10:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 10:41 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-25 13:49 - 2010-10-01 01:06 - 00000000 ____D () C:\windows\rescache
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip
Files to move or delete:
====================
C:\Users\******\ptw12.exe
Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\setup.exe
C:\Users\******\AppData\Local\Temp\UpdateCheckerSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-22 15:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ***** at 2014-03-23 17:38:22
Running from C:\Users\*****\Documents\Toolsammlung_fuer_Virusscan
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Acronis*True*Image*Home (HKLM-x32\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9646.4 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Album Art Downloader XUI 0.45 (HKLM-x32\...\Album Art Downloader XUI) (Version: 0.45 - hxxp://sourceforge.net/projects/album-art)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Cambridge Advanced Learner's Dictionary - 2nd edition (HKLM-x32\...\cald2) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.36 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Cisco AnyConnect VPN Client (HKLM-x32\...\{835A6F5F-BC13-48DF-BEBE-8D80B419D145}) (Version: 2.5.0217 - Cisco Systems, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft)
Drive Encryption for HP ProtectTools (HKLM\...\{D6782B98-BDC0-45F4-A046-9D26C475CBF8}) (Version: 5.0.2.10 - Hewlett-Packard)
Duplicate Music Files Finder 1.5.5 (HKLM-x32\...\Duplicate Music Files Finder_is1) (Version: - LC IBros Solutions S.R.L.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Ekahau HeatMapper (HKLM\...\${PRODUCT_ID}-1.1.1.37697) (Version: 1.1.1.37697 - Ekahau Inc.)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
hdtotal1.1 (HKLM-x32\...\hdtotal1.1) (Version: 1.34.3.6 - hdtotal)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP 3D DriveGuard (HKLM\...\{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Business Card Reader (HKLM-x32\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.3.0 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{B1FE3DA1-15C1-4AEB-85A6-883F8C4AFD42}) (Version: 2.0.2.1 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (HKLM\...\{BD7AB0B9-4491-4642-B6BB-2560648A0A22}) (Version: 1.0.2.4 - Hewlett-Packard)
HP Power Data (HKLM\...\{DC80F597-39DD-4C32-923E-EDF332E02820}) (Version: 1.0.5.74 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.12.754 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.12.754 - Hewlett-Packard Company) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F484B}) (Version: 1.0.1.48 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SkyRoom (HKLM-x32\...\InstallShield_{17DA6412-EC90-42D1-A9A4-661416750025}) (Version: 1.1.4.4794. - Hewlett-Packard)
HP SkyRoom (x32 Version: 1.1.4.4794. - Hewlett-Packard) Hidden
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Wallpaper (HKLM-x32\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.3 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix)
HP Wireless Assistant (HKLM\...\{518C838E-A21C-40BE-B844-648040C2491D}) (Version: 4.0.2.4 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6257.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
iTunes (HKLM\...\{B613A9BB-2B34-4824-A4BE-2427653D59D6}) (Version: 10.4.0.80 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KaloMa 4.78 (HKLM-x32\...\KaloMa_is1) (Version: - Frank Böpple)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.4.0.5 - Logitech) Hidden
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Mp3tag v2.46a (HKLM-x32\...\Mp3tag) (Version: v2.46a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Grafiktreiber 296.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.67 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation)
NVIDIA Systemsteuerung 296.67 (Version: 296.67 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Private Tax 2011 1.5 (HKLM-x32\...\4095-7861-2728-4611) (Version: 1.5 - Information Factory AG)
Private Tax 2012 2.7 (HKLM-x32\...\6753-7911-9438-6061) (Version: 2.7 - Information Factory AG)
Private Tax 2013 1.3.0 (HKLM-x32\...\0579-4231-5684-8562) (Version: 1.3.0 - Information Factory AG)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QUICKfind (HKLM-x32\...\{593AFFA4-D08E-4272-BABB-420949D32A10}) (Version: - )
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.3.2 - Hewlett-Packard)
Remote Graphics Receiver (x32 Version: 5.3.2 - Hewlett-Packard) Hidden
Remote Graphics Sender (HKLM-x32\...\{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}) (Version: 5.3.2 - Hewlett-Packard)
Remote Graphics Sender (x32 Version: 5.3.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SEB Windows 1.9.1 (HKLM-x32\...\{8CFB86C5-1505-4044-B10B-2790CBFB8C3E}) (Version: 1.9.1 - ETH Zuerich)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{DC528101-617D-4E9F-B131-F8F8C52E649B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Smart File Advisor 1.1.1 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.1 - Filefacts.net)
Solid Converter PDF (HKLM-x32\...\{56BFAA6E-2BCC-4AED-9233-84731E66B205}) (Version: 7.3.1541.0 - SolidDocuments)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.VISIOR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPROR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version: - Microsoft)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
Virtual WiFi Router version 3.0 (HKLM-x32\...\{F5F33265-5CAA-4F12-AA8F-7F8384BF2A57}_is1) (Version: 3.0 - Virtual WiFi Router, Inc.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.4 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)
XLSTAT 2013 (HKLM-x32\...\{68B36FA5-E276-4C03-A56C-EC25717E1668}) (Version: 15.2.06.755 - Addinsoft)
==================== Restore Points =========================
15-03-2014 08:19:47 Windows Update
19-03-2014 07:41:03 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1CA58B1F-2360-4945-A411-831DB15DE130} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {3422D09C-92E9-4EAB-888B-57314CAEAF4D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.)
Task: {375B520F-240F-4DA9-AE3A-C82889182FD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {452A4DBB-C41B-4966-B439-63E2BD931246} - System32\Tasks\hdtotal1.1-firefoxinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe [2014-03-13] (hdtotal)
Task: {596EAFF8-346A-4F4C-8CCA-58E0C2018305} - System32\Tasks\hdtotal1.1-enabler => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe [2014-03-13] (hdtotal)
Task: {5C13A787-1E8D-46FD-91D6-F5B69D7B2300} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\*****\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION
Task: {645AD520-1C63-4B2D-A2B8-5F24A1AAE587} - System32\Tasks\hdtotal1.1-chromeinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe [2014-03-13] (hdtotal)
Task: {769B666A-6BED-4222-B7A0-3320FAA67A1D} - System32\Tasks\hdtotal1.1-codedownloader => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe [2014-03-13] (hdtotal)
Task: {770E6956-822B-407A-8687-7040078A5754} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A3627E6A-73BC-43C8-8649-0BDDDA336C21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A48CC206-0C44-4EC0-BA63-94E7E73426F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.)
Task: {A9A92F0C-2200-41A9-9E25-6E60B046A59B} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {B76BAB7C-26C4-4837-A847-7695AE2AA6F4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {B8F34854-B014-4987-8851-3772EE8209B9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E131F5D2-257E-4882-8D6C-B49CCD8B04EF} - System32\Tasks\hdtotal1.1-updater => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exe [2014-03-13] (hdtotal)
Task: {F8324986-122F-4DCF-8D8B-C15FC68D62B5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\hdtotal1.1-chromeinstaller.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe
Task: C:\windows\Tasks\hdtotal1.1-codedownloader.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe
Task: C:\windows\Tasks\hdtotal1.1-enabler.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe
Task: C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe
Task: C:\windows\Tasks\hdtotal1.1-updater.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exe
==================== Loaded Modules (whitelisted) =============
2012-10-23 16:24 - 2012-09-10 20:47 - 00030576 _____ () C:\windows\System32\solidlocalmon.dll
2010-04-20 08:10 - 2010-04-20 08:10 - 00100352 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-09-04 21:35 - 2009-09-04 21:35 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-11-19 23:14 - 2009-11-19 23:14 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2009-11-19 23:14 - 2009-11-19 23:14 - 00055352 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2009-11-19 23:11 - 2009-11-19 23:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-11-19 23:11 - 2009-11-19 23:11 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2009-07-01 23:44 - 2009-07-01 23:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-06-19 17:21 - 2009-06-19 17:21 - 01249280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\ice32.dll
2009-06-19 17:21 - 2009-06-19 17:21 - 00159744 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\iceutil32.dll
2009-06-19 17:21 - 2009-06-19 17:21 - 00065536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\bzip2.dll
2009-06-19 17:21 - 2009-06-19 17:21 - 00167936 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\IceSSL32.dll
2010-09-03 23:24 - 2009-07-24 20:10 - 02199552 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
2010-09-03 23:24 - 2009-07-24 20:10 - 08024064 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
2010-09-03 23:24 - 2008-01-09 19:08 - 01245184 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
2010-09-03 23:24 - 2008-01-09 19:10 - 00159744 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
2010-09-03 23:24 - 2008-01-09 19:06 - 00065536 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll
2010-09-03 23:24 - 2008-01-09 19:10 - 00167936 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\IceSSL32.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 01249280 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\ice32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00159744 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\iceutil32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00065536 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\bzip2.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00167936 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\IceSSL32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 01249280 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\ice32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00159744 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\iceutil32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00065536 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\bzip2.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00167936 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\IceSSL32.dll
2013-12-18 19:42 - 2013-12-18 19:42 - 00057344 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
2012-10-07 21:14 - 2014-02-13 20:44 - 09490944 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2013-12-18 19:42 - 2013-12-18 19:42 - 00305520 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2012-10-08 19:57 - 2014-02-13 20:45 - 00014336 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2012-10-08 20:20 - 2014-02-13 20:44 - 00045568 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 00100352 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2012-12-08 10:27 - 2014-02-12 22:22 - 00025600 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_SaveAsRTF.DEU
2012-10-09 18:55 - 2014-02-13 20:44 - 00053248 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Search.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 03065856 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
2012-10-09 15:29 - 2014-02-13 20:45 - 00075264 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Accessibility.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 01319424 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 00316416 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 01180160 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU
2012-10-09 19:02 - 2014-02-19 12:57 - 00012800 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PDDom.DEU
2014-02-16 11:55 - 2014-02-16 11:55 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\*****\Desktop\Video Sushi.mov:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 06:20:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 06:20:28 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
System errors:
=============
Error: (03/23/2014 05:06:21 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 02:18:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 01:42:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 01:30:17 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 01:18:18 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (03/23/2014 01:08:24 PM) (Source: ipnathlp) (User: )
Description:
Error: (03/23/2014 01:07:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (03/23/2014 01:07:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (03/23/2014 01:07:55 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error: (03/23/2014 01:06:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 06:20:29 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (03/21/2014 06:20:28 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 3953.8 MB
Available physical RAM: 1712.85 MB
Total Pagefile: 7905.79 MB
Available Pagefile: 4606.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:448.46 GB) (Free:33.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:7.49 GB) (Free:4.29 GB) FAT32
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.43 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 350C3B39)
Partition 1: (Active) - (Size=298 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-23 17:54:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0006 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\******\AppData\Local\Temp\fwrdrpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b0000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035b002f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- Processes - GMER 2.1 ----
Library C:\Users\******\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980](2014-01-03 00:45:04) 0000000004180000
Library C:\Users\******\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980](2013-10-18 23:55:02) 000000006a110000
Library C:\Users\******\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 00000000724f0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395825769
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395825769@000d44dd9493 0xF7 0xD6 0x99 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395825769 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395825769@000d44dd9493 0xF7 0xD6 0x99 0x36 ...
---- EOF - GMER 2.1 ----
|
| Themen zu HD-Total Addware in Firefox |
| acrobat update, bho, bonjour, browser, desktop, device driver, email, firefox, flash player, helper, hijack, hijackthis, homepage, internet, internet explorer, launch, logfile, monitor, mozilla, object, poweriso, programm, scan, security, software, svchost.exe, symantec, usb, windows |
Baum-Darstellung