| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige AbnormalitätenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2014, 09:20
| #1 |
 |  Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Hallo, erstmal vorab schon herzlichen Dank für eure Anleitung, ihr seid echt super! Seit gestern macht mich mein Computer fertig, den ich (leider) auch dringend zum Arbeiten benötige. Aufgetretene Probleme: 1) Haufenweise Autostart-Fehlermeldungen, Fehler beim Laden des Moduls XXX" etc; Malewarebytes drüberlaufen gelassen--> 616 Funde --> alle in Quarantäne; jetzt taucht nur noch eine Fehlermeldung beim Systemstart auf, die aber dauerhaft! 2) Passwort Manager startet immer automatisch (weiss nicht ob das der Lenovo ist oder ein gefakter Screen) und fordert zur Windows-Kennworteingabe (Fingerprint) auf 3) Das Bluetooth Lämpchen leuchte fortwährend, auch wenn ich es im Geräte-Manager deaktiviere 4) HighJackThis kann nicht vollständig ausgeführt werden und hängt dann in der Mitte des Prozesses an der Stelle: "O4 - System and Autostart" (oder so ähnlich); Hijackthis kann dann nur noch über den Task Manager beendet werden. 5) Bei Eingabe im Browser (Startseite ist Google) springt das Google Suchfeld nach links oben in die Adresszeile --> sehr seltsam?! 6) das wlan-Verbindungsicon rechts unten zeigt den Kreis (für Verbindungsaufbau) an obwohl schon längst verbunden ist, erst nach ca. 15 Minuten springt es auf das "verbunden"-Symbol um 7) Beim Laden von Superantispy kam plötzlich die Fehlermeldung "Server ausgelastet", hat dann aber nach nochmaligem Neustart funktioniert Meine Aktionen gestern: 0) Wise Registry Cleaner 1) Malewarebytes Anti-Malware --> siehe oben 2) SuperAntispy --> 118 Adware funde --> alle gelöscht 3) HiJackthis hat nicht funktioniert --> siehe oben 4) AVIRA-Komplettscan 5) Heute früh ihre Anleitung komplett abgearbeitet Deshalb hier die Logfiles im Einzelnen: a) GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-20 09:21:57
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0003 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\MARKUS~1\AppData\Local\Temp\kwroyuow.sys
---- System - GMER 2.1 ----
SSDT 90108486 ZwCreateSection
SSDT 90108490 ZwRequestWaitReplyPort
SSDT 9010848B ZwSetContextThread
SSDT 90108495 ZwSetSecurityObject
SSDT 9010849A ZwSystemDebugControl
SSDT 90108427 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C44A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7E212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C8558C 4 Bytes [86, 84, 10, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C858E8 4 Bytes CALL 934CE96F
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C8592C 4 Bytes [8B, 84, 10, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C859A8 4 Bytes [95, 84, 10, 90] {XCHG EBP, EAX; TEST [EAX], DL; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C859FC 4 Bytes JMP 934CF483
.text ...
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x9040C000, 0x2D27D6, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtCreateFile + 6 7710560E 4 Bytes [28, 88, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtCreateFile + B 77105613 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtMapViewOfSection + 6 77105C6E 4 Bytes [28, 8B, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtMapViewOfSection + B 77105C73 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenFile + 6 77105D1E 4 Bytes [68, 88, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenFile + B 77105D23 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcess + 6 77105DCE 4 Bytes [A8, 89, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcess + B 77105DD3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcessToken + 6 77105DDE 4 Bytes CALL 7610CB6C
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcessToken + B 77105DE3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcessTokenEx + 6 77105DEE 4 Bytes [A8, 8A, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcessTokenEx + B 77105DF3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThread + 6 77105E4E 4 Bytes [68, 89, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThread + B 77105E53 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThreadToken + 6 77105E5E 4 Bytes [68, 8A, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThreadToken + B 77105E63 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThreadTokenEx + 6 77105E6E 4 Bytes CALL 7610CBFD
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThreadTokenEx + B 77105E73 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtQueryAttributesFile + 6 77105F7E 4 Bytes [A8, 88, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtQueryAttributesFile + B 77105F83 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtQueryFullAttributesFile + 6 7710602E 4 Bytes CALL 7610CDBB
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtQueryFullAttributesFile + B 77106033 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtSetInformationFile + 6 7710667E 4 Bytes [28, 89, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtSetInformationFile + B 77106683 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtSetInformationThread + 6 771066DE 4 Bytes [28, 8A, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtSetInformationThread + B 771066E3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtUnmapViewOfSection + 6 771069FE 4 Bytes [68, 8B, 6D, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtUnmapViewOfSection + B 77106A03 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtMapViewOfSection + 6 77105C6E 4 Bytes [18, 00, E9, 72]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtMapViewOfSection + B 77105C73 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + 6 7710560E 4 Bytes [28, 58, 30, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + B 77105613 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + 6 77105C6E 4 Bytes [28, 5B, 30, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + B 77105C73 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + 6 77105D1E 4 Bytes [68, 58, 30, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + B 77105D23 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + 6 77105DCE 4 Bytes [A8, 59, 30, 00] {TEST AL, 0x59; XOR [EAX], AL}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + B 77105DD3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessToken + 6 77105DDE 4 Bytes CALL 76108E3C
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessToken + B 77105DE3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + 6 77105DEE 4 Bytes [A8, 5A, 30, 00] {TEST AL, 0x5a; XOR [EAX], AL}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + B 77105DF3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + 6 77105E4E 4 Bytes [68, 59, 30, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + B 77105E53 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + 6 77105E5E 4 Bytes [68, 5A, 30, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + B 77105E63 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadTokenEx + 6 77105E6E 4 Bytes CALL 76108ECD
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadTokenEx + B 77105E73 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + 6 77105F7E 4 Bytes [A8, 58, 30, 00] {TEST AL, 0x58; XOR [EAX], AL}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + B 77105F83 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryFullAttributesFile + 6 7710602E 4 Bytes CALL 7610908B
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryFullAttributesFile + B 77106033 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + 6 7710667E 4 Bytes [28, 59, 30, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + B 77106683 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + 6 771066DE 4 Bytes [28, 5A, 30, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + B 771066E3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + 6 771069FE 4 Bytes [68, 5B, 30, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + B 77106A03 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtCreateFile + 6 7710560E 4 Bytes [28, DC, CD, 00] {SUB AH, BL; INT 0x0}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtCreateFile + B 77105613 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtMapViewOfSection + 6 77105C6E 4 Bytes [28, DF, CD, 00] {SUB BH, BL; INT 0x0}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtMapViewOfSection + B 77105C73 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenFile + 6 77105D1E 4 Bytes [68, DC, CD, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenFile + B 77105D23 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcess + 6 77105DCE 4 Bytes [A8, DD, CD, 00] {TEST AL, 0xdd; INT 0x0}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcess + B 77105DD3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessToken + 6 77105DDE 4 Bytes CALL 76112BC0
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessToken + B 77105DE3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessTokenEx + 6 77105DEE 4 Bytes [A8, DE, CD, 00] {TEST AL, 0xde; INT 0x0}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessTokenEx + B 77105DF3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThread + 6 77105E4E 4 Bytes [68, DD, CD, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThread + B 77105E53 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadToken + 6 77105E5E 4 Bytes [68, DE, CD, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadToken + B 77105E63 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadTokenEx + 6 77105E6E 4 Bytes CALL 76112C51
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadTokenEx + B 77105E73 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryAttributesFile + 6 77105F7E 4 Bytes [A8, DC, CD, 00] {TEST AL, 0xdc; INT 0x0}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryAttributesFile + B 77105F83 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryFullAttributesFile + 6 7710602E 4 Bytes CALL 76112E0F
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryFullAttributesFile + B 77106033 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationFile + 6 7710667E 4 Bytes [28, DD, CD, 00] {SUB CH, BL; INT 0x0}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationFile + B 77106683 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationThread + 6 771066DE 4 Bytes [28, DE, CD, 00] {SUB DH, BL; INT 0x0}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationThread + B 771066E3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtUnmapViewOfSection + 6 771069FE 4 Bytes [68, DF, CD, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtUnmapViewOfSection + B 77106A03 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + 6 7710560E 4 Bytes [28, 6C, 75, 00] {SUB [EBP+ESI*2+0x0], CH}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + B 77105613 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + 6 77105C6E 4 Bytes [28, 6F, 75, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + B 77105C73 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + 6 77105D1E 4 Bytes [68, 6C, 75, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + B 77105D23 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + 6 77105DCE 4 Bytes [A8, 6D, 75, 00] {TEST AL, 0x6d; JNZ 0x4}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + B 77105DD3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessToken + 6 77105DDE 4 Bytes CALL 7610D350
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessToken + B 77105DE3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + 6 77105DEE 4 Bytes [A8, 6E, 75, 00] {TEST AL, 0x6e; JNZ 0x4}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + B 77105DF3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + 6 77105E4E 4 Bytes [68, 6D, 75, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + B 77105E53 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + 6 77105E5E 4 Bytes [68, 6E, 75, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + B 77105E63 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadTokenEx + 6 77105E6E 4 Bytes CALL 7610D3E1
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadTokenEx + B 77105E73 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + 6 77105F7E 4 Bytes [A8, 6C, 75, 00] {TEST AL, 0x6c; JNZ 0x4}
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + B 77105F83 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryFullAttributesFile + 6 7710602E 4 Bytes CALL 7610D59F
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryFullAttributesFile + B 77106033 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + 6 7710667E 4 Bytes [28, 6D, 75, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + B 77106683 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + 6 771066DE 4 Bytes [28, 6E, 75, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + B 771066E3 1 Byte [E2]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + 6 771069FE 4 Bytes [68, 6F, 75, 00]
.text C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + B 77106A03 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\78dd08b0d533
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\78dd08b0d533 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
b) defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:45 on 20/05/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
c) FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by ***** (administrator) on ***** on 20-05-2014 08:48:07
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
() C:\Windows\System32\DTS.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-20] (Lenovo Group Limited)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-08] (Lenovo.)
HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [709920 2009-08-23] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-11-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-23] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [sydausa] => regsvr32.exe "C:\ProgramData\sydausa.dat"
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\MountPoints2: {0d585298-0de9-11e0-a07b-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-24]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-06-05]
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] (SUPERAntiSpyware.com)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124192 2009-09-04] (Lenovo)
S2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [242976 2009-09-04] (Lenovo)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2009-09-01] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2009-09-01] ()
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
S2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-02-18] (Lenovo Group Limited)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S2 Winmgmt; C:\PROGRA~2\2992199F9A\0216.dll [X]
==================== Drivers (Whitelisted) ====================
R3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5073920 2009-08-24] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5924864 2009-08-24] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-20 08:48 - 2014-05-20 08:48 - 00020025 _____ () C:\Users\*****\Desktop\FRST.txt
2014-05-20 08:48 - 2014-05-20 08:48 - 00000000 ____D () C:\FRST
2014-05-20 08:47 - 2014-05-20 08:47 - 01056768 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-05-20 08:45 - 2014-05-20 08:46 - 00000490 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-05-20 08:45 - 2014-05-20 08:45 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-20 08:27 - 2014-05-20 08:27 - 00024262 _____ () C:\Users\*****\Desktop\AVSCAN-20140520-015400-125F951F.LOG
2014-05-20 01:52 - 2014-05-20 01:52 - 00001024 _____ () C:\.rnd
2014-05-20 00:45 - 2014-05-20 00:45 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-20 00:36 - 2014-05-20 01:52 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-19 23:30 - 2014-05-19 23:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\mia.exe
2014-05-19 22:45 - 2014-05-19 23:15 - 00000000 ____D () C:\Windows\pss
2014-05-19 21:29 - 2014-05-20 00:04 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-19 21:29 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 21:29 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-19 21:29 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-19 15:51 - 2014-05-19 15:51 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00061440 _____ () C:\Windows\system32\config\SAM.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00028672 _____ () C:\Windows\system32\config\SECURITY.rhk
2014-05-19 15:46 - 2014-05-19 15:51 - 56680448 _____ () C:\Windows\system32\config\SOFTWARE.rhk
2014-05-19 15:29 - 2014-05-19 15:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\Program Files\Wise
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth-Exchange-Ordner
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Broadcom
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\Documents\tradesignal
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\tradesignal
2014-05-16 17:20 - 2014-05-19 14:00 - 00000000 ___HD () C:\Windows\AxInstSV
2014-05-16 15:32 - 2014-05-19 16:01 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 19:31 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DropboxMaster
2014-05-15 10:24 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:24 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:24 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:51 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:51 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:51 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:51 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:51 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:51 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:51 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:51 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 08:51 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:51 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:51 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-06 17:49 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 17:49 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 17:49 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 17:49 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 17:49 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 17:49 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 17:49 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 17:49 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 17:49 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 17:49 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 17:49 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 17:49 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 17:49 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 17:49 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 17:49 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 17:49 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 17:49 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 17:49 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 17:49 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 17:49 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 17:49 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 17:49 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 17:49 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 17:49 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-24 09:07 - 2014-04-24 09:07 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-24 09:07 - 2014-04-24 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 09:07 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-24 09:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-24 09:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-24 09:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
==================== One Month Modified Files and Folders =======
2014-05-20 08:48 - 2014-05-20 08:48 - 00020025 _____ () C:\Users\*****\Desktop\FRST.txt
2014-05-20 08:48 - 2014-05-20 08:48 - 00000000 ____D () C:\FRST
2014-05-20 08:47 - 2014-05-20 08:47 - 01056768 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-05-20 08:46 - 2014-05-20 08:45 - 00000490 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-05-20 08:45 - 2014-05-20 08:45 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-20 08:45 - 2010-12-23 13:32 - 00000000 ____D () C:\Users\*****
2014-05-20 08:41 - 2010-12-24 17:51 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 08:31 - 2012-04-07 20:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 08:27 - 2014-05-20 08:27 - 00024262 _____ () C:\Users\*****\Desktop\AVSCAN-20140520-015400-125F951F.LOG
2014-05-20 08:27 - 2010-12-24 18:44 - 00000000 ____D () C:\Users\*****\Salomon
2014-05-20 08:20 - 2013-07-23 20:41 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job
2014-05-20 04:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-20 03:00 - 2010-12-22 18:47 - 01085606 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 02:00 - 2009-07-14 06:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 02:00 - 2009-07-14 06:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 01:54 - 2012-08-04 15:32 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-05-20 01:54 - 2012-08-04 15:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-05-20 01:52 - 2014-05-20 01:52 - 00001024 _____ () C:\.rnd
2014-05-20 01:52 - 2014-05-20 00:36 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-20 01:52 - 2013-09-17 12:49 - 00020417 _____ () C:\Windows\setupact.log
2014-05-20 01:52 - 2010-12-24 17:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-20 01:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 00:45 - 2014-05-20 00:45 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-20 00:04 - 2014-05-19 21:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 23:30 - 2014-05-19 23:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\mia.exe
2014-05-19 23:15 - 2014-05-19 22:45 - 00000000 ____D () C:\Windows\pss
2014-05-19 22:09 - 2010-12-22 18:42 - 00094430 _____ () C:\Windows\PFRO.log
2014-05-19 22:09 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-19 16:01 - 2014-05-16 15:32 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-19 15:51 - 2014-05-19 15:51 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00061440 _____ () C:\Windows\system32\config\SAM.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00028672 _____ () C:\Windows\system32\config\SECURITY.rhk
2014-05-19 15:51 - 2014-05-19 15:46 - 56680448 _____ () C:\Windows\system32\config\SOFTWARE.rhk
2014-05-19 15:34 - 2014-05-19 15:29 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\Program Files\Wise
2014-05-19 14:26 - 2010-12-23 13:32 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth-Exchange-Ordner
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Broadcom
2014-05-19 14:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-05-19 14:00 - 2014-05-16 17:20 - 00000000 ___HD () C:\Windows\AxInstSV
2014-05-19 14:00 - 2012-05-25 08:22 - 00000000 ____D () C:\Program Files\Tradesignal Online Chart
2014-05-19 14:00 - 2010-12-25 17:46 - 00000000 ____D () C:\Users\Test
2014-05-19 14:00 - 2010-12-23 03:04 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-19 14:00 - 2009-07-21 13:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-19 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-05-19 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\Documents\tradesignal
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\tradesignal
2014-05-15 20:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 19:31 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DropboxMaster
2014-05-15 19:30 - 2012-08-04 15:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-15 19:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 10:28 - 2013-07-11 23:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 10:26 - 2010-12-24 12:20 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 09:20 - 2013-07-23 20:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job
2014-05-14 14:28 - 2012-04-07 20:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 14:28 - 2011-05-16 07:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 14:28 - 2010-12-24 18:43 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-05-09 17:27 - 2009-07-21 07:30 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-06 05:25 - 2014-05-15 10:24 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 10:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 10:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-24 09:08 - 2013-11-06 09:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-24 09:07 - 2014-04-24 09:07 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-24 09:07 - 2014-04-24 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 09:07 - 2012-02-23 09:27 - 00000000 ____D () C:\Program Files\Java
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg5hscb.dll
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 08:51] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 12:30
==================== End Of Log ============================
--- --- --- d) Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by ***** at 2014-05-20 08:49:09
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Acrobat X Suite (HKLM\...\{3F41BA46-09C3-4500-96D7-DC4390AD0124}) (Version: 1.0 - Adobe Systems Incorporated)
ActiveTrader 5.0.0_b15 (HKCU\...\ActiveTrader 5.0.0_b15) (Version: - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Captivate Quiz Results Analyzer (HKLM\...\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Captivate Quiz Results Analyzer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Captivate Reviewer (HKLM\...\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Captivate Reviewer (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.4.6 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
ATI Catalyst Install Manager (HKLM\...\{10EBB6AD-673B-EE60-7D3D-7C438E5F9BE5}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.641.1-090825m-087782C-Lenovo - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0825.2146.37269 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0825.2146.37269 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Dutch (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help English (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help French (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help German (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Italian (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Japanese (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Korean (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Spanish (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Swedish (Version: 2009.0825.2145.37269 - ATI) Hidden
ccc-core-static (Version: 2009.0825.2146.37269 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0825.2146.37269 - ATI) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Privatanwender 12.2.2.6665p) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
Eraser 6.0.8.2273 (HKLM\...\{392A74D0-4DFE-49F7-87C3-8A61708F8856}) (Version: 6.0.2273 - The Eraser Project)
Free Fire Screensaver (HKLM\...\Free Fire Screensaver) (Version: - Laconic Software)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Integrated Camera Driver Installer Package Ver.1.27.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.27.500.0 - RICOH)
Integrated Camera TWAIN (HKLM\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.7.331 - Chicony Electronics Co.,Ltd.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Lenovo Fingerprint Software (HKLM\...\{2D440AF4-7330-43F0-A085-35DE1A90E703}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.13 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.018.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Search Enhancement Pack (Version: 1.2.121.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mobile Broadband Connect (HKLM\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business Edition (Version: 10.3.081 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Skype™ 6.10 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0046 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.40 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
Tradesignal Online Chart (HKLM\...\{2735AEFA-57A5-44AD-81B6-BE30CA07C066}) (Version: 6.3.7.117 - Tradesignal GmbH)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Live Anmelde-Assistent (HKLM\...\{B5BCBD49-202F-4238-8398-D83D423A48B4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Toolbar (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows-Treiberpaket - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0) (HKLM\...\E59560E2F5B162D40255FCD327ACA5E989D995D2) (Version: 07/08/2009 1.27.500.0 - Ricoh)
Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc (06/25/2009 6.10.01.03) (HKLM\...\D91056A9B3130B90EC1BB37F232FA5C4D61DF66F) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company (rismxdp) hdc (06/25/2009 6.10.01.04) (HKLM\...\414685941AB074B2478B18498E0CCA85F81CCBE6) (Version: 06/25/2009 6.10.01.04 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company MMC Host Controller (06/25/2009 6.10.01.03) (HKLM\...\6F84AC23718E31DE66E2EBEDAE047257F4E785D0) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Wise Registry Cleaner 8.11 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.11 - WiseCleaner.com, Inc.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2011-06-05 13:28 - 00000854 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {0DEE7595-F069-449D-B9C9-FC3C78F2B6DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {36991A1E-6A6C-487A-8A5D-8B38DB72BB0D} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
Task: {3CFBA15D-48A7-4242-8658-D2779DA6F044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {5245162F-8F9D-42AD-A58A-C31EE8FEE18E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {6AF8D474-2932-4846-9749-69375C8508E5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-08-26] (PC-Doctor, Inc.)
Task: {6B4630C1-04C0-40E6-A068-29B93D900C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {96BA89CD-37E1-4951-8F32-BA6A465FE18F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {97901924-BA6B-4546-894C-D4FBDE36A724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {97AC3792-9BD1-45B3-A57F-6EF4DB6B4447} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {B96F4CCE-CE64-4CAD-B9AE-269275568224} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D5B4032B-7340-4B43-893C-B753E7A189F5} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {ECBDB0F4-042F-46A8-9858-1A58318FF095} - System32\Tasks\AdobeAAMUpdater-1.0-*****-***** => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-08] (Adobe Systems Incorporated)
Task: {EF3D195A-B55E-4A5B-8E41-E27B949690AC} - System32\Tasks\{49C7F31D-7E66-4DDB-A4B5-F1BF4327AFC7} => C:\Program Files\Skype\\Phone\Skype.exe [2013-10-21] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
==================== Loaded Modules (whitelisted) =============
2009-09-01 00:32 - 2009-09-01 00:32 - 00098304 ____N () C:\Windows\system32\DTS.exe
2013-07-09 10:34 - 2013-07-09 10:29 - 00394824 ____N () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-22 18:42 - 2009-08-23 20:04 - 00037888 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2011-09-05 19:05 - 2011-09-05 19:05 - 00019968 ____N () C:\Program Files\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2014-05-20 01:54 - 2014-05-20 01:54 - 00041984 _____ () C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg5hscb.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00065352 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00674632 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00093000 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 04081480 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00390472 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 01647432 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 13695816 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk => C:\Windows\pss\RCIMGDIR.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6120.lnk => C:\Windows\pss\6120.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aj7zfy.lnk => C:\Windows\pss\aj7zfy.lnk.Startup
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/20/2014 01:46:47 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/20/2014 01:44:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/19/2014 03:54:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1440
Startzeit: 01cf7369906005d8
Endzeit: 5
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 03:28:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5e98
Startzeit: 01cf73660a83ef3b
Endzeit: 0
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 03:05:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1370
Startzeit: 01cf7362956681bb
Endzeit: 16
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 03:01:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ca0
Startzeit: 01cf736206978372
Endzeit: 15
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 02:53:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2c14
Startzeit: 01cf736124bfad37
Endzeit: 16
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 02:51:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2610
Startzeit: 01cf736090a0f84c
Endzeit: 15
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 02:45:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1064
Startzeit: 01cf73601f47ebad
Endzeit: 15
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 02:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1c88
Startzeit: 01cf735f2656b684
Endzeit: 32
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
System errors:
=============
Error: (05/20/2014 08:51:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/20/2014 08:50:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/20/2014 08:50:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/20/2014 08:49:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/20/2014 08:49:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/20/2014 08:46:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/20/2014 08:29:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/20/2014 08:28:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/20/2014 08:28:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/20/2014 08:27:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
Error: (12/10/2013 10:04:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 283 seconds with 180 seconds of active time. This session ended with a crash.
Error: (10/30/2013 03:35:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 138 seconds with 120 seconds of active time. This session ended with a crash.
Error: (10/30/2013 03:32:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/30/2013 03:30:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21691 seconds with 2880 seconds of active time. This session ended with a crash.
Error: (02/11/2013 11:50:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4233 seconds with 2520 seconds of active time. This session ended with a crash.
Error: (05/24/2012 06:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1365 seconds with 420 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 2520.03 MB
Available physical RAM: 950.12 MB
Total Pagefile: 5038.34 MB
Available Pagefile: 3014.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.63 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:125.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 504A2363)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
==================== End Of Log ============================
e) AVSCAN (Avira Free) Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 20. Mai 2014 01:54
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : *****
Versionsinformationen:
BUILD.DAT : 14.0.3.350 56624 Bytes 25.02.2014 11:41:00
AVSCAN.EXE : 14.0.3.332 1058384 Bytes 20.02.2014 17:28:37
AVSCANRC.DLL : 14.0.2.292 62008 Bytes 18.02.2014 17:28:45
LUKE.DLL : 14.0.3.336 65616 Bytes 20.02.2014 17:28:54
AVSCPLR.DLL : 14.0.3.336 124496 Bytes 20.02.2014 17:28:38
AVREG.DLL : 14.0.3.336 250448 Bytes 20.02.2014 17:28:35
avlode.dll : 14.0.3.336 544848 Bytes 20.02.2014 17:28:34
avlode.rdf : 14.0.4.22 64276 Bytes 15.05.2014 17:27:00
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 16:41:01
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 07:22:54
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 11:56:37
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 06:42:57
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 15:30:46
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 06:33:26
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 17:06:01
VBASE007.VDF : 7.11.145.136 2117120 Bytes 28.04.2014 12:17:26
VBASE008.VDF : 7.11.145.137 2048 Bytes 28.04.2014 12:17:26
VBASE009.VDF : 7.11.145.138 2048 Bytes 28.04.2014 12:17:26
VBASE010.VDF : 7.11.145.139 2048 Bytes 28.04.2014 12:17:26
VBASE011.VDF : 7.11.145.140 2048 Bytes 28.04.2014 12:17:26
VBASE012.VDF : 7.11.145.141 2048 Bytes 28.04.2014 12:17:26
VBASE013.VDF : 7.11.146.20 166912 Bytes 29.04.2014 16:40:08
VBASE014.VDF : 7.11.146.131 194048 Bytes 01.05.2014 16:49:39
VBASE015.VDF : 7.11.146.243 167936 Bytes 03.05.2014 20:43:40
VBASE016.VDF : 7.11.147.97 122368 Bytes 05.05.2014 14:40:06
VBASE017.VDF : 7.11.147.207 169472 Bytes 06.05.2014 15:02:30
VBASE018.VDF : 7.11.148.61 174080 Bytes 08.05.2014 07:04:01
VBASE019.VDF : 7.11.148.149 257024 Bytes 09.05.2014 07:06:14
VBASE020.VDF : 7.11.148.241 135168 Bytes 12.05.2014 07:06:15
VBASE021.VDF : 7.11.149.61 139264 Bytes 13.05.2014 06:56:54
VBASE022.VDF : 7.11.149.169 160256 Bytes 15.05.2014 06:47:30
VBASE023.VDF : 7.11.150.31 189440 Bytes 17.05.2014 07:46:20
VBASE024.VDF : 7.11.150.32 2048 Bytes 17.05.2014 07:46:20
VBASE025.VDF : 7.11.150.33 2048 Bytes 17.05.2014 07:46:20
VBASE026.VDF : 7.11.150.34 2048 Bytes 17.05.2014 07:46:20
VBASE027.VDF : 7.11.150.35 2048 Bytes 17.05.2014 07:46:20
VBASE028.VDF : 7.11.150.36 2048 Bytes 17.05.2014 07:46:20
VBASE029.VDF : 7.11.150.37 2048 Bytes 17.05.2014 07:46:21
VBASE030.VDF : 7.11.150.38 2048 Bytes 17.05.2014 07:46:21
VBASE031.VDF : 7.11.150.104 252928 Bytes 19.05.2014 19:45:39
Engineversion : 8.3.18.22
AEVDF.DLL : 8.3.0.4 118976 Bytes 20.03.2014 19:41:43
AESCRIPT.DLL : 8.1.4.204 528584 Bytes 15.05.2014 17:26:59
AESCN.DLL : 8.3.0.2 135360 Bytes 20.03.2014 19:41:43
AESBX.DLL : 8.2.20.24 1409224 Bytes 09.05.2014 07:04:00
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 14:30:08
AEPACK.DLL : 8.4.0.24 778440 Bytes 14.05.2014 06:56:53
AEOFFICE.DLL : 8.3.0.4 205000 Bytes 17.04.2014 17:00:51
AEHEUR.DLL : 8.1.4.1066 6705352 Bytes 15.05.2014 17:26:59
AEHELP.DLL : 8.3.0.0 274808 Bytes 13.03.2014 08:28:33
AEGEN.DLL : 8.1.7.26 450752 Bytes 17.04.2014 17:00:51
AEEXP.DLL : 8.4.1.312 569544 Bytes 30.04.2014 14:41:20
AEEMU.DLL : 8.1.3.2 393587 Bytes 12.07.2012 06:08:43
AECORE.DLL : 8.3.0.6 241864 Bytes 19.03.2014 13:45:06
AEBB.DLL : 8.1.1.4 53619 Bytes 10.11.2012 10:57:42
AVWINLL.DLL : 14.0.3.252 23608 Bytes 20.02.2014 17:28:30
AVPREF.DLL : 14.0.3.252 48696 Bytes 20.02.2014 17:28:35
AVREP.DLL : 14.0.3.252 175672 Bytes 20.02.2014 17:28:35
AVARKT.DLL : 14.0.3.336 256080 Bytes 20.02.2014 17:28:31
AVEVTLOG.DLL : 14.0.3.336 165968 Bytes 20.02.2014 17:28:33
SQLITE3.DLL : 3.7.0.1 394824 Bytes 09.07.2013 08:29:15
AVSMTP.DLL : 14.0.3.252 60472 Bytes 20.02.2014 17:28:38
NETNT.DLL : 14.0.3.252 13368 Bytes 20.02.2014 17:28:54
RCIMAGE.DLL : 14.0.3.260 4979256 Bytes 20.02.2014 17:28:30
RCTEXT.DLL : 14.0.3.282 72760 Bytes 20.02.2014 17:28:30
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 20. Mai 2014 01:54
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, Q:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvt_reg_monitor_svc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'Eraser.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpScrex.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'cssauth.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpfnf6r.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPOSDSVC.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '173' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'AtService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTS.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2705' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows7_OS>
Beginne mit der Suche in 'Q:\' <Lenovo_Recovery>
Ende des Suchlaufs: Dienstag, 20. Mai 2014 04:44
Benötigte Zeit: 2:49:47 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
29666 Verzeichnisse wurden überprüft
761253 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
761253 Dateien ohne Befall
33652 Archive wurden durchsucht
0 Warnungen
0 Hinweise
836661 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
20.05.2014, 15:14
| #2 |
| | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten und hier noch das letzte Logfile:
__________________f) Malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 19.05.2014 Scan Time: 21:44:55 Logfile: Malware.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.19.10 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: ***** Scan Type: Threat Scan Result: Completed Objects Scanned: 281772 Time Elapsed: 15 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [5de9da793744ac8ade27ffb709fab848], PUP.Optional.Softonic.A, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [47ff75de56257bbb072ccbc2bd45db25], Registry Values: 240 Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sydausa, regsvr32.exe "C:\ProgramData\sydausa.dat", , [5ee83221413a89adf4f114f648b942be] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|opvrze, regsvr32.exe "C:\ProgramData\opvrze.dat", , [d175f162e398ce6806df5ab0659c6b95] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xoulwl, regsvr32.exe "C:\ProgramData\xoulwl.dat", , [2d19a5aeff7c03335095e7230bf69d63] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yvcdlk, regsvr32.exe "C:\ProgramData\yvcdlk.dat", , [3e0856fd6516a5915a8bcd3d7e83bd43] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rqlelq, regsvr32.exe "C:\ProgramData\rqlelq.dat", , [68de68ebf58696a03baa81890ef3fe02] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ghmdjzbf, regsvr32.exe "C:\ProgramData\ghmdjzbf.dat", , [e36330239ae1dd595590bf4bcd34dc24] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|orjppey, regsvr32.exe "C:\ProgramData\orjppey.dat", , [1e285cf7ceade650bf26ea20689930d0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|akwmruy, regsvr32.exe "C:\ProgramData\akwmruy.dat", , [dc6a87cc3f3cc76fb92cf713c140ec14] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wbkzscr, regsvr32.exe "C:\ProgramData\wbkzscr.dat", , [bb8baea5f4870f27ca1b49c128d9f808] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rkhruab, regsvr32.exe "C:\ProgramData\rkhruab.dat", , [93b33e15abd069cdda0bf01a0cf5c937] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tswywbr, regsvr32.exe "C:\ProgramData\tswywbr.dat", , [ac9a70e3cab191a5925368a2b1506799] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gtsttr, regsvr32.exe "C:\ProgramData\gtsttr.dat", , [af97d083dd9ea393ecf95cae48b92bd5] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qlbzsuz, regsvr32.exe "C:\ProgramData\qlbzsuz.dat", , [083e32214b30340200e58c7ee918a858] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hopkpyk, regsvr32.exe "C:\ProgramData\hopkpyk.dat", , [2c1a3c177704bb7bc1247694ba477789] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ywaqjrvk, regsvr32.exe "C:\ProgramData\ywaqjrvk.dat", , [4bfbd182384374c2786db05a8f7224dc] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ytdxmcy, regsvr32.exe "C:\ProgramData\ytdxmcy.dat", , [11358cc74b30be78e1048882c9388779] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fkexkl, regsvr32.exe "C:\ProgramData\fkexkl.dat", , [85c15bf8106b1e18e1042bdf7988b050] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kewkgat, regsvr32.exe "C:\ProgramData\kewkgat.dat", , [52f4084b93e894a2499cc545e41dc838] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nakfxw, regsvr32.exe "C:\ProgramData\nakfxw.dat", , [e4622d26245794a2eef73ad0a65b649c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dybfld, regsvr32.exe "C:\ProgramData\dybfld.dat", , [0640ef64413a5adc21c4d33709f83dc3] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qiudzu, regsvr32.exe "C:\ProgramData\qiudzu.dat", , [ce785cf7314abd79e401050525dc4db3] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|augkjmhx, regsvr32.exe "C:\ProgramData\augkjmhx.dat", , [3f071c37c9b296a0de0799719c65f20e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wvlgfya, regsvr32.exe "C:\ProgramData\wvlgfya.dat", , [fe4854ffd6a5231337aed9310ef3ff01] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zfsgiz, regsvr32.exe "C:\ProgramData\zfsgiz.dat", , [1036d47f93e8be7808dd5fab29d87090] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wxzstt, regsvr32.exe "C:\ProgramData\wxzstt.dat", , [a5a199ba413a4fe7885d50ba000136ca] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fxhexose, regsvr32.exe "C:\ProgramData\fxhexose.dat", , [c4821b380774a4925a8b6f9b0100f40c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kbrahtb, regsvr32.exe "C:\ProgramData\kbrahtb.dat", , [b78f371c6219360062838486e31eb050] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xcvuiwc, regsvr32.exe "C:\ProgramData\xcvuiwc.dat", , [0442322135460a2c33b27b8f9071a25e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cxohfsbs, regsvr32.exe "C:\ProgramData\cxohfsbs.dat", , [172fdc7777042e084c99c34791702ed2] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|unyfcs, regsvr32.exe "C:\ProgramData\unyfcs.dat", , [0f375af94239c67000e55ab0e021817f] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dkngshje, regsvr32.exe "C:\ProgramData\dkngshje.dat", , [004674df671488aeb431ef1bac55758b] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wpuohqtl, regsvr32.exe "C:\ProgramData\wpuohqtl.dat", , [01450c47cfac0e280ed765a5837e847c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zglrtzrh, regsvr32.exe "C:\ProgramData\zglrtzrh.dat", , [c77fe27190ebf2448065878354adc13f] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zmjuaans, regsvr32.exe "C:\ProgramData\zmjuaans.dat", , [3f07d47fa7d4ea4c915403070001eb15] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kekoowoq, regsvr32.exe "C:\ProgramData\kekoowoq.dat", , [271f94bfe497a49212d3c64437ca6898] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kibsfrj, regsvr32.exe "C:\ProgramData\kibsfrj.dat", , [b98dc58e86f5ed4932b322e8679a43bd] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|scqnznx, regsvr32.exe "C:\ProgramData\scqnznx.dat", , [80c6da795724da5c0bdae4262cd5ff01] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nwcoqat, regsvr32.exe "C:\ProgramData\nwcoqat.dat", , [3016cd8677040b2be7fe7793ad54728e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tmiwwy, regsvr32.exe "C:\ProgramData\tmiwwy.dat", , [2e180a498bf084b2e4018e7c6d94dd23] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kduphzwp, regsvr32.exe "C:\ProgramData\kduphzwp.dat", , [43031e35136804323ea76d9d8081fa06] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rotsbzl, regsvr32.exe "C:\ProgramData\rotsbzl.dat", , [b6907fd492e99f9729bc63a7a06145bb] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|chvsqih, regsvr32.exe "C:\ProgramData\chvsqih.dat", , [52f4b1a21f5c15219c492bdfb051a957] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pdwayvtf, regsvr32.exe "C:\ProgramData\pdwayvtf.dat", , [91b5163d5f1c221436afb05aea1704fc] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vvezpepa, regsvr32.exe "C:\ProgramData\vvezpepa.dat", , [f3534a0935463bfb60857f8be61b8977] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vmsglua, regsvr32.exe "C:\ProgramData\vmsglua.dat", , [c284b59e1269db5b875e50ba8e73a060] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ldbrizde, regsvr32.exe "C:\ProgramData\ldbrizde.dat", , [0d39de75c0bb65d1469f8f7bcc352ed2] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yrynwoq, regsvr32.exe "C:\ProgramData\yrynwoq.dat", , [cd79361dfb80a88ec32268a22fd2e21e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vvpmizwr, regsvr32.exe "C:\ProgramData\vvpmizwr.dat", , [83c3b2a11c5f55e1568fd23831d02cd4] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zfxqmbq, regsvr32.exe "C:\ProgramData\zfxqmbq.dat", , [e462c48f8eed53e38e57eb1f2cd5cc34] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kqyqbr, regsvr32.exe "C:\ProgramData\kqyqbr.dat", , [4df9322190ebc07605e00dfd26db55ab] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xstxowvm, regsvr32.exe "C:\ProgramData\xstxowvm.dat", , [e264c291314a320471748486cf3250b0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|jlfumjo, regsvr32.exe "C:\ProgramData\jlfumjo.dat", , [c581be952f4c64d2c1246e9c659c748c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sbtnaz, regsvr32.exe "C:\ProgramData\sbtnaz.dat", , [bb8b470c8af1ac8a7d68f01a4ab7be42] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xgabaei, regsvr32.exe "C:\ProgramData\xgabaei.dat", , [3a0cc88ba0db50e6ad38b6542fd257a9] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|jymvycl, regsvr32.exe "C:\ProgramData\jymvycl.dat", , [ef57ca893a41092d08dd8a80ce33a45c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xipthfq, regsvr32.exe "C:\ProgramData\xipthfq.dat", , [ca7c69ea6c0f72c4b92c2edc5fa2bf41] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qumhbg, regsvr32.exe "C:\ProgramData\qumhbg.dat", , [c284242fd9a260d618cd59b1768b1be5] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xklrmbw, regsvr32.exe "C:\ProgramData\xklrmbw.dat", , [71d5b49fb0cb2313a1446f9bed147a86] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wujwtt, regsvr32.exe "C:\ProgramData\wujwtt.dat", , [43039eb5bfbc62d4a73eee1c778a8a76] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nqisauz, regsvr32.exe "C:\ProgramData\nqisauz.dat", , [d373c48f0e6d53e373720a0018e906fa] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|txvlfjft, regsvr32.exe "C:\ProgramData\txvlfjft.dat", , [91b5d2811e5d0630d510e8227b860cf4] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sptrub, regsvr32.exe "C:\ProgramData\sptrub.dat", , [a1a564ef4635360026bfd5359e63d030] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|echlzrq, regsvr32.exe "C:\ProgramData\echlzrq.dat", , [ef575201c1baab8b727345c531d0748c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yjtipmpf, regsvr32.exe "C:\ProgramData\yjtipmpf.dat", , [92b4054e621957df984d65a5da2739c7] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|eslazdhm, regsvr32.exe "C:\ProgramData\eslazdhm.dat", , [a5a1d182661579bd12d3ed1d1ee316ea] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xtxlqa, regsvr32.exe "C:\ProgramData\xtxlqa.dat", , [9aaca3b0413a7bbbeff622e8dd248779] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xcvqnge, regsvr32.exe "C:\ProgramData\xcvqnge.dat", , [de68b99a4734d85e22c3ea20dd2428d8] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ontimht, regsvr32.exe "C:\ProgramData\ontimht.dat", , [ef575201e39847efebfaa8629c6560a0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lralplxh, regsvr32.exe "C:\ProgramData\lralplxh.dat", , [8db9f45fa6d52e08b3328882e31ea35d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qnpvlx, regsvr32.exe "C:\ProgramData\qnpvlx.dat", , [96b0ee654932d95d13d2c24878894db3] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yojgvmdf, regsvr32.exe "C:\ProgramData\yojgvmdf.dat", , [bf873320fe7dbc7a7273b45602ffd52b] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|odkixd, regsvr32.exe "C:\ProgramData\odkixd.dat", , [ac9af75c5229fc3ab62f000aa45d8d73] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ozkvvh, regsvr32.exe "C:\ProgramData\ozkvvh.dat", , [6bdb9eb5dba078bef0f5a5655da414ec] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cvcpio, regsvr32.exe "C:\ProgramData\cvcpio.dat", , [e95d8fc484f788ae994cfc0e6f929d63] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lefpnu, regsvr32.exe "C:\ProgramData\lefpnu.dat", , [232330236b10c96d568f56b46a97be42] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ftghazg, regsvr32.exe "C:\ProgramData\ftghazg.dat", , [65e197bcc2b950e645a0f218d52c966a] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qkibmruv, regsvr32.exe "C:\ProgramData\qkibmruv.dat", , [5ee81c370774082e677e759530d1cf31] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fpgofrm, regsvr32.exe "C:\ProgramData\fpgofrm.dat", , [3d0969ea2e4dd3636e77f515e02138c8] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|oeqrpt, regsvr32.exe "C:\ProgramData\oeqrpt.dat", , [5aec183b0a71e353a243e822cb36a858] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|egchjwb, regsvr32.exe "C:\ProgramData\egchjwb.dat", , [d76f6ae9a2d961d520c5739750b1758b] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sioksamm, regsvr32.exe "C:\ProgramData\sioksamm.dat", , [72d450030f6ce155b1345cae2ed302fe] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kiskitj, regsvr32.exe "C:\ProgramData\kiskitj.dat", , [82c4b1a2215a9d99ecf9b05a9c659769] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qxhoydtq, regsvr32.exe "C:\ProgramData\qxhoydtq.dat", , [d96d4b089ddec47202e34bbf7e83b848] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wxxcbpfg, regsvr32.exe "C:\ProgramData\wxxcbpfg.dat", , [fc4afc57483359ddca1b7d8d7d8402fe] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bowflvd, regsvr32.exe "C:\ProgramData\bowflvd.dat", , [a0a623306d0eaa8c70752bdfe61b9b65] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lzxebdq, regsvr32.exe "C:\ProgramData\lzxebdq.dat", , [00466ee51d5e61d59550ae5c44bdbf41] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hcpter, regsvr32.exe "C:\ProgramData\hcpter.dat", , [59edc291d2a9ef47ebfab05ab9487c84] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|thqvrw, regsvr32.exe "C:\ProgramData\thqvrw.dat", , [301688cbc1ba7bbb21c40604e120ab55] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ctbtzh, regsvr32.exe "C:\ProgramData\ctbtzh.dat", , [68deaea50279a78f11d4050549b80cf4] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wguzsgs, regsvr32.exe "C:\ProgramData\wguzsgs.dat", , [58ee22312b504ee8c61f62a850b1e31d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nwjcis, regsvr32.exe "C:\ProgramData\nwjcis.dat", , [a0a6f360e992ee48994cf911cd347c84] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xrclurq, regsvr32.exe "C:\ProgramData\xrclurq.dat", , [d6707fd4e6959a9cbe27d03a09f8fd03] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zzqkwk, regsvr32.exe "C:\ProgramData\zzqkwk.dat", , [0c3aef643942310501e412f8df2250b0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qbkkdyd, regsvr32.exe "C:\ProgramData\qbkkdyd.dat", , [31150152215a94a2e203ab5fa45daf51] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tzfzdm, regsvr32.exe "C:\ProgramData\tzfzdm.dat", , [15317bd8a1daa1953aabd53560a14bb5] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fyjcruhg, regsvr32.exe "C:\ProgramData\fyjcruhg.dat", , [370f282b215a62d42abbe327c63ba759] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|czmsejka, regsvr32.exe "C:\ProgramData\czmsejka.dat", , [26201d3679026fc7faebe5259071a060] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ofpuzzbl, regsvr32.exe "C:\ProgramData\ofpuzzbl.dat", , [7dc9054e4c2f85b1f9ec20eade23c838] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|alqeve, regsvr32.exe "C:\ProgramData\alqeve.dat", , [de68322118635ed8a63fde2c05fced13] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mnfosn, regsvr32.exe "C:\ProgramData\mnfosn.dat", , [6fd7ce85e09bea4ca243fd0d0ff247b9] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dnjdhfk, regsvr32.exe "C:\ProgramData\dnjdhfk.dat", , [58ee1d367407a195c61f2fdb25dc6b95] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|crbijv, regsvr32.exe "C:\ProgramData\crbijv.dat", , [2d190b48d4a7e94d07dea06ac23fae52] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nesoygi, regsvr32.exe "C:\ProgramData\nesoygi.dat", , [59edc68d661575c106df9674b948649c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ztxgjbe, regsvr32.exe "C:\ProgramData\ztxgjbe.dat", , [0442b2a1443789add80d7c8eaa57b34d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yrgelpur, regsvr32.exe "C:\ProgramData\yrgelpur.dat", , [db6b7ad906750333d01529e149b8fb05] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ikfttudu, regsvr32.exe "C:\ProgramData\ikfttudu.dat", , [242294bf32496dc945a029e1b8491ae6] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ocxmdlec, regsvr32.exe "C:\ProgramData\ocxmdlec.dat", , [72d4084baad12f079352808a01003dc3] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|frxille, regsvr32.exe "C:\ProgramData\frxille.dat", , [81c5e76c5d1e56e07d6842c810f16997] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zydnsex, regsvr32.exe "C:\ProgramData\zydnsex.dat", , [b78ff063b2c980b6cd18a26830d13dc3] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rdaeygu, regsvr32.exe "C:\ProgramData\rdaeygu.dat", , [7acc4c07ef8cf14520c5907a5ea3f40c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lcpuvgr, regsvr32.exe "C:\ProgramData\lcpuvgr.dat", , [c581391a44373bfbb134ae5cc33e41bf] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lsobjw, regsvr32.exe "C:\ProgramData\lsobjw.dat", , [2c1a72e189f275c1a93c51b9d42d7a86] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|acdjwcld, regsvr32.exe "C:\ProgramData\acdjwcld.dat", , [7ec8c78c1566ad890ed718f2d82939c7] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hottri, regsvr32.exe "C:\ProgramData\hottri.dat", , [59ed41129fdc2e08cc197f8bc63b04fc] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fsnfye, regsvr32.exe "C:\ProgramData\fsnfye.dat", , [0343bf94a9d251e5a93c55b5e41d17e9] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nbegcw, regsvr32.exe "C:\ProgramData\nbegcw.dat", , [84c264ef146745f15e87080241c09b65] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|owoizvw, regsvr32.exe "C:\ProgramData\owoizvw.dat", , [93b395bed6a591a55a8ba169a45d55ab] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uccfuha, regsvr32.exe "C:\ProgramData\uccfuha.dat", , [f650b49f413a1422d80d0406ba47966a] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zpnbop, regsvr32.exe "C:\ProgramData\zpnbop.dat", , [6bdbc093582357df35b064a6f50c2dd3] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hgkmpn, regsvr32.exe "C:\ProgramData\hgkmpn.dat", , [a5a17bd894e7e353727311f9699837c9] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lpxnfzff, regsvr32.exe "C:\ProgramData\lpxnfzff.dat", , [1a2cb69d4b30a2945a8bae5c0bf69f61] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wggbaep, regsvr32.exe "C:\ProgramData\wggbaep.dat", , [cf77b79c09724beb776edf2b1be6ec14] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lrbbjx, regsvr32.exe "C:\ProgramData\lrbbjx.dat", , [a6a060f31c5f3df9f4f18288639e639d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fmodhpc, regsvr32.exe "C:\ProgramData\fmodhpc.dat", , [57ef084b7ffc77bf875e48c2a75a50b0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xzeisgli, regsvr32.exe "C:\ProgramData\xzeisgli.dat", , [212599ba6912d95d15d0ba50b44dae52] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|efqiij, regsvr32.exe "C:\ProgramData\efqiij.dat", , [46000f4482f9fd3905e056b4e71a649c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbrdjg, regsvr32.exe "C:\ProgramData\mbrdjg.dat", , [ad99cc87b1cafb3bcb1a26e436cb19e7] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fnrlsb, regsvr32.exe "C:\ProgramData\fnrlsb.dat", , [c87e7dd69fdc9a9c02e3a26830d1eb15] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ahdlkoko, regsvr32.exe "C:\ProgramData\ahdlkoko.dat", , [ff4711424c2ff2442db87b8ff110d030] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vqeaan, regsvr32.exe "C:\ProgramData\vqeaan.dat", , [0b3bbe95681384b2af36bc4e5da40ff1] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|onvgsca, regsvr32.exe "C:\ProgramData\onvgsca.dat", , [f056e46fc2b9b6805f8664a6cb36b050] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mwsnmu, regsvr32.exe "C:\ProgramData\mwsnmu.dat", , [b492fb58354620160adb3bcf39c833cd] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vqwrgk, regsvr32.exe "C:\ProgramData\vqwrgk.dat", , [3016ce853f3c0432766f38d25fa232ce] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uqsoqxe, regsvr32.exe "C:\ProgramData\uqsoqxe.dat", , [0d3979da95e6989e766fc5459b668977] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vegxji, regsvr32.exe "C:\ProgramData\vegxji.dat", , [a1a55003c3b8a6902fb6f812659c7c84] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|abmdlo, regsvr32.exe "C:\ProgramData\abmdlo.dat", , [4ff74a09ef8c71c5a0450a00629f867a] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yiynci, regsvr32.exe "C:\ProgramData\yiynci.dat", , [8db9153e23585fd72eb7f218e12028d8] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sfnfvxyl, regsvr32.exe "C:\ProgramData\sfnfvxyl.dat", , [5fe74013f38861d55b8ac3473fc2a759] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ivfcxwrf, regsvr32.exe "C:\ProgramData\ivfcxwrf.dat", , [192d5af98bf0b6808a5b3dcd37ca13ed] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|crpwykl, regsvr32.exe "C:\ProgramData\crpwykl.dat", , [76d0064dd6a5a690d312c64459a86a96] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wlbwyx, regsvr32.exe "C:\ProgramData\wlbwyx.dat", , [23239db60a7158defde8f21856abd32d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|damihrh, regsvr32.exe "C:\ProgramData\damihrh.dat", , [3c0a381ba1da57dfe40130da010045bb] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wrocbqvu, regsvr32.exe "C:\ProgramData\wrocbqvu.dat", , [92b4b49fccaf83b3b92c4fbb31d0837d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tldzyol, regsvr32.exe "C:\ProgramData\tldzyol.dat", , [192da3b0fd7e82b41fc67f8b728f49b7] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lkkdre, regsvr32.exe "C:\ProgramData\lkkdre.dat", , [5ee8c68dd7a46ccae9fc63a7d22f669a] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|oigsjr, regsvr32.exe "C:\ProgramData\oigsjr.dat", , [51f5e3701863053122c3d139867bb54b] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vujohlcg, regsvr32.exe "C:\ProgramData\vujohlcg.dat", , [4501cb88552665d14e97b8521ee347b9] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|aypljo, regsvr32.exe "C:\ProgramData\aypljo.dat", , [f155d47f8af14ee88d586b9f44bd16ea] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|khfpqx, regsvr32.exe "C:\ProgramData\khfpqx.dat", , [6adc76dd2853f541f3f24ebc09f8817f] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rfctrv, regsvr32.exe "C:\ProgramData\rfctrv.dat", , [7acc93c02952290d0ed7f31729d8629e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qkupvsjd, regsvr32.exe "C:\ProgramData\qkupvsjd.dat", , [25214d065427c1758b5afe0ca75a0df3] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hotqrnlp, regsvr32.exe "C:\ProgramData\hotqrnlp.dat", , [1f27c88b116abf77d80d0406c0419b65] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nqldnkkp, regsvr32.exe "C:\ProgramData\nqldnkkp.dat", , [182e2e259ae14beb0cd930da976ab749] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kdoymazc, regsvr32.exe "C:\ProgramData\kdoymazc.dat", , [182e59fa92e99f97e401c446e71a51af] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|itaidt, regsvr32.exe "C:\ProgramData\itaidt.dat", , [f84e0b4895e687af796c3cce11f0af51] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rhxkvs, regsvr32.exe "C:\ProgramData\rhxkvs.dat", , [b98da7acf08b6acce9fc57b34eb3e11f] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|beplkprz, regsvr32.exe "C:\ProgramData\beplkprz.dat", , [68dec48fdba00f2763826e9c0cf55da3] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tdacip, regsvr32.exe "C:\ProgramData\tdacip.dat", , [73d350039dde7cba61840efc54ad46ba] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wobbxfzr, regsvr32.exe "C:\ProgramData\wobbxfzr.dat", , [4501b89bbebd57df974e57b35aa72fd1] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wnrdft, regsvr32.exe "C:\ProgramData\wnrdft.dat", , [a3a391c276056dc95f86779378898e72] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mdjesz, regsvr32.exe "C:\ProgramData\mdjesz.dat", , [2f17c19232490036faebdc2e24dd26da] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rshbmrj, regsvr32.exe "C:\ProgramData\rshbmrj.dat", , [ec5acb88accfd660a144df2b49b83ec2] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uvtcoo, regsvr32.exe "C:\ProgramData\uvtcoo.dat", , [b39378db6516d5618d586b9fc33efc04] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cdtsjrv, regsvr32.exe "C:\ProgramData\cdtsjrv.dat", , [63e382d11e5ddd59af3632d8b54c49b7] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lihmub, regsvr32.exe "C:\ProgramData\lihmub.dat", , [4501c58ec2b99c9a6a7b9377c041629e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tkygcpd, regsvr32.exe "C:\ProgramData\tkygcpd.dat", , [6fd723309edd3cfa5590799125dc926e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vyzlvpzl, regsvr32.exe "C:\ProgramData\vyzlvpzl.dat", , [73d3183b6714cc6ab72e7892aa5750b0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qokmcg, regsvr32.exe "C:\ProgramData\qokmcg.dat", , [69ddc48fd2a9e74f0ed7898159a87789] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vedcseu, regsvr32.exe "C:\ProgramData\vedcseu.dat", , [df67b79c007bde58af362ae0a0617e82] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|siutfih, regsvr32.exe "C:\ProgramData\siutfih.dat", , [bb8bc390314ab87e9a4b7e8cda2704fc] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ydmgbey, regsvr32.exe "C:\ProgramData\ydmgbey.dat", , [c482c68d314ac0767d6846c4c140ad53] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cegxzj, regsvr32.exe "C:\ProgramData\cegxzj.dat", , [49fdaaa96c0f60d6c124060445bc966a] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|njfcrq, regsvr32.exe "C:\ProgramData\njfcrq.dat", , [7bcbc39015660531a44101094db4936d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xufmenec, regsvr32.exe "C:\ProgramData\xufmenec.dat", , [e85eed661269aa8c28bdab5f34cdab55] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hwfanw, regsvr32.exe "C:\ProgramData\hwfanw.dat", , [82c47fd4037858de1ec719f18c753ec2] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|adhhpn, regsvr32.exe "C:\ProgramData\adhhpn.dat", , [d5710c4784f7f541ca1bb8527c85748c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uyocwu, regsvr32.exe "C:\ProgramData\uyocwu.dat", , [024469eab7c460d6776e2ddd41c08080] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mryuukk, regsvr32.exe "C:\ProgramData\mryuukk.dat", , [370fb49fdc9f1026b233bc4efc0513ed] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uvnzqhj, regsvr32.exe "C:\ProgramData\uvnzqhj.dat", , [2323361d98e3b87e588d0505936e52ae] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nnbbxspl, regsvr32.exe "C:\ProgramData\nnbbxspl.dat", , [96b0a4af17641e18db0ab05a699807f9] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qkxuhdp, regsvr32.exe "C:\ProgramData\qkxuhdp.dat", , [b19569ea2c4f2a0cd70e84866b96fa06] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lypmlqh, regsvr32.exe "C:\ProgramData\lypmlqh.dat", , [c185e46fbdbec3737d6883875ca560a0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sicvzq, regsvr32.exe "C:\ProgramData\sicvzq.dat", , [0e380d461b6082b4da0b0505778ae21e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kmeewmr, regsvr32.exe "C:\ProgramData\kmeewmr.dat", , [70d6ff546b104de9eff623e75fa2f20e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zcnrhfuo, regsvr32.exe "C:\ProgramData\zcnrhfuo.dat", , [f74f5af9b4c7bf77f9ec38d208f917e9] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qaqxvc, regsvr32.exe "C:\ProgramData\qaqxvc.dat", , [6dd96ce71d5e5dd98d5834d6ca37c23e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xgabzp, regsvr32.exe "C:\ProgramData\xgabzp.dat", , [db6b292aa0db78be0adbd7330100b947] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tihwmlqv, regsvr32.exe "C:\ProgramData\tihwmlqv.dat", , [c482ba9942391f17f0f5fd0de8192ed2] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gvfodygv, regsvr32.exe "C:\ProgramData\gvfodygv.dat", , [af9721325f1ce551786dfe0c45bc1ce4] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|imbmwp, regsvr32.exe "C:\ProgramData\imbmwp.dat", , [7ccaf360611abd79974e7892699860a0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rlsnho, regsvr32.exe "C:\ProgramData\rlsnho.dat", , [69dd4a0924575adcf1f4f31712eff60a] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ezcftb, regsvr32.exe "C:\ProgramData\ezcftb.dat", , [bf87ed66de9dfe3894515cae9e63728e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dylurqaj, regsvr32.exe "C:\ProgramData\dylurqaj.dat", , [d86e252ebbc0a88e766ff416aa5712ee] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kqxdfq, regsvr32.exe "C:\ProgramData\kqxdfq.dat", , [93b38fc480fb082ee00536d417eacf31] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fwqvrc, regsvr32.exe "C:\ProgramData\fwqvrc.dat", , [1e282231d1aa6dc9e6ff79914ab7a45c] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fiowwzr, regsvr32.exe "C:\ProgramData\fiowwzr.dat", , [1d2900530378280e776e3bcf639e07f9] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mfvufevu, regsvr32.exe "C:\ProgramData\mfvufevu.dat", , [0046e56eb2c9fb3bc91c19f1fa074eb2] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|omdvxdb, regsvr32.exe "C:\ProgramData\omdvxdb.dat", , [5fe7d1821665a88e5d88fa108a7729d7] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qtytqd, regsvr32.exe "C:\ProgramData\qtytqd.dat", , [222477dcf18a64d28e57c446b34ea957] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|amlxnde, regsvr32.exe "C:\ProgramData\amlxnde.dat", , [4204c48f96e51f170cd90efc18e949b7] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pcclyvzp, regsvr32.exe "C:\ProgramData\pcclyvzp.dat", , [321463f081fa132304e1c04a20e1d030] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fawvfpyv, regsvr32.exe "C:\ProgramData\fawvfpyv.dat", , [82c460f3c3b83bfb6a7bb95152afd52b] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uqnbqis, regsvr32.exe "C:\ProgramData\uqnbqis.dat", , [7ccafd564b309d9972733dcdc839a25e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zlvmzy, regsvr32.exe "C:\ProgramData\zlvmzy.dat", , [fe489cb79fdc3afc42a346c4d42d936d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ihmhyrpv, regsvr32.exe "C:\ProgramData\ihmhyrpv.dat", , [50f6f45fceadf244b82d17f32ed3e917] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uzhvesu, regsvr32.exe "C:\ProgramData\uzhvesu.dat", , [84c29cb71e5dcf6703e220eaa65b22de] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zhiwpw, regsvr32.exe "C:\ProgramData\zhiwpw.dat", , [0541252eef8c33037e67fa10758cce32] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fahaxi, regsvr32.exe "C:\ProgramData\fahaxi.dat", , [49fdcc87bdbe8fa7cc1917f3cd3429d7] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bxkslz, regsvr32.exe "C:\ProgramData\bxkslz.dat", , [d472371c84f787af598cef1b5ba656aa] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|aufbvo, regsvr32.exe "C:\ProgramData\aufbvo.dat", , [e85e7ad9314aa6900fd615f50ef38878] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mgpdlkzh, regsvr32.exe "C:\ProgramData\mgpdlkzh.dat", , [5ee8ca890e6d88aefde8f61446bb10f0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dekjgi, regsvr32.exe "C:\ProgramData\dekjgi.dat", , [86c079dae992de586d785dadc0418c74] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|putmaj, regsvr32.exe "C:\ProgramData\putmaj.dat", , [c482f85b5b20f442b035e228ff02a35d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tlvfwu, regsvr32.exe "C:\ProgramData\tlvfwu.dat", , [b096193a86f5142203e28d7d748de020] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uazvct, regsvr32.exe "C:\ProgramData\uazvct.dat", , [b690064da0dba98df0f5a2684ab71fe1] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rqdvqkh, regsvr32.exe "C:\ProgramData\rqdvqkh.dat", , [aa9c95be3d3e0c2a5b8a17f3639ec23e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hbxpxsoo, regsvr32.exe "C:\ProgramData\hbxpxsoo.dat", , [c97d9cb7f982e254b92c1ded50b1da26] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|subcvsbm, regsvr32.exe "C:\ProgramData\subcvsbm.dat", , [a2a45cf72457a2949f46a06aa85903fd] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yxeyupk, regsvr32.exe "C:\ProgramData\yxeyupk.dat", , [9aac2f2409728babfde87f8b23de4cb4] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bfzejg, regsvr32.exe "C:\ProgramData\bfzejg.dat", , [a6a064ef9be0bd7943a2cc3ea958bc44] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|owdkboi, regsvr32.exe "C:\ProgramData\owdkboi.dat", , [4bfb7ad97efdd36301e487839071a957] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vmmxmh, regsvr32.exe "C:\ProgramData\vmmxmh.dat", , [87bf76dd354668ce7d68709aa859c23e] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ogfxnm, regsvr32.exe "C:\ProgramData\ogfxnm.dat", , [093dc093d1aa989e17cea9613cc5669a] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wvdlfa, regsvr32.exe "C:\ProgramData\wvdlfa.dat", , [02446fe445360432707518f2ab5654ac] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gwwasg, regsvr32.exe "C:\ProgramData\gwwasg.dat", , [43036be84f2c15215f8665a5f809bb45] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ykjanwa, regsvr32.exe "C:\ProgramData\ykjanwa.dat", , [ec5a510280fbd5616481a664e9186898] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sdicwmzy, regsvr32.exe "C:\ProgramData\sdicwmzy.dat", , [1e283d16d2a9fc3a747152b826db738d] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nohorih, regsvr32.exe "C:\ProgramData\nohorih.dat", , [69dd9cb78bf0072fb5306d9db34e39c7] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|umfrrpv, regsvr32.exe "C:\ProgramData\umfrrpv.dat", , [72d455fe7efdb2840cd932d804fd30d0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hfsgxg, regsvr32.exe "C:\ProgramData\hfsgxg.dat", , [65e156fd9dde072fa243e9217f82cf31] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ubzrgwxy, regsvr32.exe "C:\ProgramData\ubzrgwxy.dat", , [8abcfb588feca591e30274962cd5d729] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gprzsewn, regsvr32.exe "C:\ProgramData\gprzsewn.dat", , [53f364ef2c4fff374b9a0a005da417e9] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|jmvwldv, regsvr32.exe "C:\ProgramData\jmvwldv.dat", , [2521ef645f1c20165a8b66a48081e917] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zinvsfpm, regsvr32.exe "C:\ProgramData\zinvsfpm.dat", , [ae98f55eaecdcc6a667faa6022df1be5] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hnvkpzi, regsvr32.exe "C:\ProgramData\hnvkpzi.dat", , [ca7cd47ff38888ae994c5caec839fd03] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hbjtbs, regsvr32.exe "C:\ProgramData\hbjtbs.dat", , [ac9a62f11c5ffd39de0701094cb5af51] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wdgjsggl, regsvr32.exe "C:\ProgramData\wdgjsggl.dat", , [a79faaa9abd0ef47f0f5c941c83910f0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|scbjlmic, regsvr32.exe "C:\ProgramData\scbjlmic.dat", , [85c189ca651650e6489d5ab0cb36ad53] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rhercavv, regsvr32.exe "C:\ProgramData\rhercavv.dat", , [a0a665eeb6c55ed83ea760aaaf5210f0] Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vkoconvv, regsvr32.exe "C:\ProgramData\vkoconvv.dat", , [91b5ed66374464d2cc191bef60a13ac6] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 360 Trojan.Ransom.Gend, C:\ProgramData\sydausa.dat, , [5ee83221413a89adf4f114f648b942be], Trojan.Ransom.Gend, C:\ProgramData\opvrze.dat, , [d175f162e398ce6806df5ab0659c6b95], Trojan.Ransom.Gend, C:\ProgramData\xoulwl.dat, , [2d19a5aeff7c03335095e7230bf69d63], Trojan.Ransom.Gend, C:\ProgramData\yvcdlk.dat, , [3e0856fd6516a5915a8bcd3d7e83bd43], Trojan.Ransom.Gend, C:\ProgramData\rqlelq.dat, , [68de68ebf58696a03baa81890ef3fe02], Trojan.Ransom.Gend, C:\ProgramData\ghmdjzbf.dat, , [e36330239ae1dd595590bf4bcd34dc24], Trojan.Ransom.Gend, C:\ProgramData\orjppey.dat, , [1e285cf7ceade650bf26ea20689930d0], Trojan.Ransom.Gend, C:\ProgramData\akwmruy.dat, , [dc6a87cc3f3cc76fb92cf713c140ec14], Trojan.Ransom.Gend, C:\ProgramData\wbkzscr.dat, , [bb8baea5f4870f27ca1b49c128d9f808], Trojan.Ransom.Gend, C:\ProgramData\rkhruab.dat, , [93b33e15abd069cdda0bf01a0cf5c937], Trojan.Ransom.Gend, C:\ProgramData\tswywbr.dat, , [ac9a70e3cab191a5925368a2b1506799], Trojan.Ransom.Gend, C:\ProgramData\gtsttr.dat, , [af97d083dd9ea393ecf95cae48b92bd5], Trojan.Ransom.Gend, C:\ProgramData\qlbzsuz.dat, , [083e32214b30340200e58c7ee918a858], Trojan.Ransom.Gend, C:\ProgramData\hopkpyk.dat, , [2c1a3c177704bb7bc1247694ba477789], Trojan.Ransom.Gend, C:\ProgramData\ywaqjrvk.dat, , [4bfbd182384374c2786db05a8f7224dc], Trojan.Ransom.Gend, C:\ProgramData\ytdxmcy.dat, , [11358cc74b30be78e1048882c9388779], Trojan.Ransom.Gend, C:\ProgramData\fkexkl.dat, , [85c15bf8106b1e18e1042bdf7988b050], Trojan.Ransom.Gend, C:\ProgramData\kewkgat.dat, , [52f4084b93e894a2499cc545e41dc838], Trojan.Ransom.Gend, C:\ProgramData\nakfxw.dat, , [e4622d26245794a2eef73ad0a65b649c], Trojan.Ransom.Gend, C:\ProgramData\dybfld.dat, , [0640ef64413a5adc21c4d33709f83dc3], Trojan.Ransom.Gend, C:\ProgramData\qiudzu.dat, , [ce785cf7314abd79e401050525dc4db3], Trojan.Ransom.Gend, C:\ProgramData\augkjmhx.dat, , [3f071c37c9b296a0de0799719c65f20e], Trojan.Ransom.Gend, C:\ProgramData\wvlgfya.dat, , [fe4854ffd6a5231337aed9310ef3ff01], Trojan.Ransom.Gend, C:\ProgramData\zfsgiz.dat, , [1036d47f93e8be7808dd5fab29d87090], Trojan.Ransom.Gend, C:\ProgramData\wxzstt.dat, , [a5a199ba413a4fe7885d50ba000136ca], Trojan.Ransom.Gend, C:\ProgramData\fxhexose.dat, , [c4821b380774a4925a8b6f9b0100f40c], Trojan.Ransom.Gend, C:\ProgramData\kbrahtb.dat, , [b78f371c6219360062838486e31eb050], Trojan.Ransom.Gend, C:\ProgramData\xcvuiwc.dat, , [0442322135460a2c33b27b8f9071a25e], Trojan.Ransom.Gend, C:\ProgramData\cxohfsbs.dat, , [172fdc7777042e084c99c34791702ed2], Trojan.Ransom.Gend, C:\ProgramData\unyfcs.dat, , [0f375af94239c67000e55ab0e021817f], Trojan.Ransom.Gend, C:\ProgramData\dkngshje.dat, , [004674df671488aeb431ef1bac55758b], Trojan.Ransom.Gend, C:\ProgramData\wpuohqtl.dat, , [01450c47cfac0e280ed765a5837e847c], Trojan.Ransom.Gend, C:\ProgramData\zglrtzrh.dat, , [c77fe27190ebf2448065878354adc13f], Trojan.Ransom.Gend, C:\ProgramData\zmjuaans.dat, , [3f07d47fa7d4ea4c915403070001eb15], Trojan.Ransom.Gend, C:\ProgramData\kekoowoq.dat, , [271f94bfe497a49212d3c64437ca6898], Trojan.Ransom.Gend, C:\ProgramData\kibsfrj.dat, , [b98dc58e86f5ed4932b322e8679a43bd], Trojan.Ransom.Gend, C:\ProgramData\scqnznx.dat, , [80c6da795724da5c0bdae4262cd5ff01], Trojan.Ransom.Gend, C:\ProgramData\nwcoqat.dat, , [3016cd8677040b2be7fe7793ad54728e], Trojan.Ransom.Gend, C:\ProgramData\tmiwwy.dat, , [2e180a498bf084b2e4018e7c6d94dd23], Trojan.Ransom.Gend, C:\ProgramData\kduphzwp.dat, , [43031e35136804323ea76d9d8081fa06], Trojan.Ransom.Gend, C:\ProgramData\rotsbzl.dat, , [b6907fd492e99f9729bc63a7a06145bb], Trojan.Ransom.Gend, C:\ProgramData\chvsqih.dat, , [52f4b1a21f5c15219c492bdfb051a957], Trojan.Ransom.Gend, C:\ProgramData\pdwayvtf.dat, , [91b5163d5f1c221436afb05aea1704fc], Trojan.Ransom.Gend, C:\ProgramData\vvezpepa.dat, , [f3534a0935463bfb60857f8be61b8977], Trojan.Ransom.Gend, C:\ProgramData\vmsglua.dat, , [c284b59e1269db5b875e50ba8e73a060], Trojan.Ransom.Gend, C:\ProgramData\ldbrizde.dat, , [0d39de75c0bb65d1469f8f7bcc352ed2], Trojan.Ransom.Gend, C:\ProgramData\yrynwoq.dat, , [cd79361dfb80a88ec32268a22fd2e21e], Trojan.Ransom.Gend, C:\ProgramData\vvpmizwr.dat, , [83c3b2a11c5f55e1568fd23831d02cd4], Trojan.Ransom.Gend, C:\ProgramData\zfxqmbq.dat, , [e462c48f8eed53e38e57eb1f2cd5cc34], Trojan.Ransom.Gend, C:\ProgramData\kqyqbr.dat, , [4df9322190ebc07605e00dfd26db55ab], Trojan.Ransom.Gend, C:\ProgramData\xstxowvm.dat, , [e264c291314a320471748486cf3250b0], Trojan.Ransom.Gend, C:\ProgramData\jlfumjo.dat, , [c581be952f4c64d2c1246e9c659c748c], Trojan.Ransom.Gend, C:\ProgramData\sbtnaz.dat, , [bb8b470c8af1ac8a7d68f01a4ab7be42], Trojan.Ransom.Gend, C:\ProgramData\xgabaei.dat, , [3a0cc88ba0db50e6ad38b6542fd257a9], Trojan.Ransom.Gend, C:\ProgramData\jymvycl.dat, , [ef57ca893a41092d08dd8a80ce33a45c], Trojan.Ransom.Gend, C:\ProgramData\xipthfq.dat, , [ca7c69ea6c0f72c4b92c2edc5fa2bf41], Trojan.Ransom.Gend, C:\ProgramData\qumhbg.dat, , [c284242fd9a260d618cd59b1768b1be5], Trojan.Ransom.Gend, C:\ProgramData\xklrmbw.dat, , [71d5b49fb0cb2313a1446f9bed147a86], Trojan.Ransom.Gend, C:\ProgramData\wujwtt.dat, , [43039eb5bfbc62d4a73eee1c778a8a76], Trojan.Ransom.Gend, C:\ProgramData\nqisauz.dat, , [d373c48f0e6d53e373720a0018e906fa], Trojan.Ransom.Gend, C:\ProgramData\txvlfjft.dat, , [91b5d2811e5d0630d510e8227b860cf4], Trojan.Ransom.Gend, C:\ProgramData\sptrub.dat, , [a1a564ef4635360026bfd5359e63d030], Trojan.Ransom.Gend, C:\ProgramData\echlzrq.dat, , [ef575201c1baab8b727345c531d0748c], Trojan.Ransom.Gend, C:\ProgramData\yjtipmpf.dat, , [92b4054e621957df984d65a5da2739c7], Trojan.Ransom.Gend, C:\ProgramData\eslazdhm.dat, , [a5a1d182661579bd12d3ed1d1ee316ea], Trojan.Ransom.Gend, C:\ProgramData\xtxlqa.dat, , [9aaca3b0413a7bbbeff622e8dd248779], Trojan.Ransom.Gend, C:\ProgramData\xcvqnge.dat, , [de68b99a4734d85e22c3ea20dd2428d8], Trojan.Ransom.Gend, C:\ProgramData\ontimht.dat, , [ef575201e39847efebfaa8629c6560a0], Trojan.Ransom.Gend, C:\ProgramData\lralplxh.dat, , [8db9f45fa6d52e08b3328882e31ea35d], Trojan.Ransom.Gend, C:\ProgramData\qnpvlx.dat, , [96b0ee654932d95d13d2c24878894db3], Trojan.Ransom.Gend, C:\ProgramData\yojgvmdf.dat, , [bf873320fe7dbc7a7273b45602ffd52b], Trojan.Ransom.Gend, C:\ProgramData\odkixd.dat, , [ac9af75c5229fc3ab62f000aa45d8d73], Trojan.Ransom.Gend, C:\ProgramData\ozkvvh.dat, , [6bdb9eb5dba078bef0f5a5655da414ec], Trojan.Ransom.Gend, C:\ProgramData\cvcpio.dat, , [e95d8fc484f788ae994cfc0e6f929d63], Trojan.Ransom.Gend, C:\ProgramData\lefpnu.dat, , [232330236b10c96d568f56b46a97be42], Trojan.Ransom.Gend, C:\ProgramData\ftghazg.dat, , [65e197bcc2b950e645a0f218d52c966a], Trojan.Ransom.Gend, C:\ProgramData\qkibmruv.dat, , [5ee81c370774082e677e759530d1cf31], Trojan.Ransom.Gend, C:\ProgramData\fpgofrm.dat, , [3d0969ea2e4dd3636e77f515e02138c8], Trojan.Ransom.Gend, C:\ProgramData\oeqrpt.dat, , [5aec183b0a71e353a243e822cb36a858], Trojan.Ransom.Gend, C:\ProgramData\egchjwb.dat, , [d76f6ae9a2d961d520c5739750b1758b], Trojan.Ransom.Gend, C:\ProgramData\sioksamm.dat, , [72d450030f6ce155b1345cae2ed302fe], Trojan.Ransom.Gend, C:\ProgramData\kiskitj.dat, , [82c4b1a2215a9d99ecf9b05a9c659769], Trojan.Ransom.Gend, C:\ProgramData\qxhoydtq.dat, , [d96d4b089ddec47202e34bbf7e83b848], Trojan.Ransom.Gend, C:\ProgramData\wxxcbpfg.dat, , [fc4afc57483359ddca1b7d8d7d8402fe], Trojan.Ransom.Gend, C:\ProgramData\bowflvd.dat, , [a0a623306d0eaa8c70752bdfe61b9b65], Trojan.Ransom.Gend, C:\ProgramData\lzxebdq.dat, , [00466ee51d5e61d59550ae5c44bdbf41], Trojan.Ransom.Gend, C:\ProgramData\hcpter.dat, , [59edc291d2a9ef47ebfab05ab9487c84], Trojan.Ransom.Gend, C:\ProgramData\thqvrw.dat, , [301688cbc1ba7bbb21c40604e120ab55], Trojan.Ransom.Gend, C:\ProgramData\ctbtzh.dat, , [68deaea50279a78f11d4050549b80cf4], Trojan.Ransom.Gend, C:\ProgramData\wguzsgs.dat, , [58ee22312b504ee8c61f62a850b1e31d], Trojan.Ransom.Gend, C:\ProgramData\nwjcis.dat, , [a0a6f360e992ee48994cf911cd347c84], Trojan.Ransom.Gend, C:\ProgramData\xrclurq.dat, , [d6707fd4e6959a9cbe27d03a09f8fd03], Trojan.Ransom.Gend, C:\ProgramData\zzqkwk.dat, , [0c3aef643942310501e412f8df2250b0], Trojan.Ransom.Gend, C:\ProgramData\qbkkdyd.dat, , [31150152215a94a2e203ab5fa45daf51], Trojan.Ransom.Gend, C:\ProgramData\tzfzdm.dat, , [15317bd8a1daa1953aabd53560a14bb5], Trojan.Ransom.Gend, C:\ProgramData\fyjcruhg.dat, , [370f282b215a62d42abbe327c63ba759], Trojan.Ransom.Gend, C:\ProgramData\czmsejka.dat, , [26201d3679026fc7faebe5259071a060], Trojan.Ransom.Gend, C:\ProgramData\ofpuzzbl.dat, , [7dc9054e4c2f85b1f9ec20eade23c838], Trojan.Ransom.Gend, C:\ProgramData\alqeve.dat, , [de68322118635ed8a63fde2c05fced13], Trojan.Ransom.Gend, C:\ProgramData\mnfosn.dat, , [6fd7ce85e09bea4ca243fd0d0ff247b9], Trojan.Ransom.Gend, C:\ProgramData\dnjdhfk.dat, , [58ee1d367407a195c61f2fdb25dc6b95], Trojan.Ransom.Gend, C:\ProgramData\crbijv.dat, , [2d190b48d4a7e94d07dea06ac23fae52], Trojan.Ransom.Gend, C:\ProgramData\nesoygi.dat, , [59edc68d661575c106df9674b948649c], Trojan.Ransom.Gend, C:\ProgramData\ztxgjbe.dat, , [0442b2a1443789add80d7c8eaa57b34d], Trojan.Ransom.Gend, C:\ProgramData\yrgelpur.dat, , [db6b7ad906750333d01529e149b8fb05], Trojan.Ransom.Gend, C:\ProgramData\ikfttudu.dat, , [242294bf32496dc945a029e1b8491ae6], Trojan.Ransom.Gend, C:\ProgramData\ocxmdlec.dat, , [72d4084baad12f079352808a01003dc3], Trojan.Ransom.Gend, C:\ProgramData\frxille.dat, , [81c5e76c5d1e56e07d6842c810f16997], Trojan.Ransom.Gend, C:\ProgramData\zydnsex.dat, , [b78ff063b2c980b6cd18a26830d13dc3], Trojan.Ransom.Gend, C:\ProgramData\rdaeygu.dat, , [7acc4c07ef8cf14520c5907a5ea3f40c], Trojan.Ransom.Gend, C:\ProgramData\lcpuvgr.dat, , [c581391a44373bfbb134ae5cc33e41bf], Trojan.Ransom.Gend, C:\ProgramData\lsobjw.dat, , [2c1a72e189f275c1a93c51b9d42d7a86], Trojan.Ransom.Gend, C:\ProgramData\acdjwcld.dat, , [7ec8c78c1566ad890ed718f2d82939c7], Trojan.Ransom.Gend, C:\ProgramData\hottri.dat, , [59ed41129fdc2e08cc197f8bc63b04fc], Trojan.Ransom.Gend, C:\ProgramData\fsnfye.dat, , [0343bf94a9d251e5a93c55b5e41d17e9], Trojan.Ransom.Gend, C:\ProgramData\nbegcw.dat, , [84c264ef146745f15e87080241c09b65], Trojan.Ransom.Gend, C:\ProgramData\owoizvw.dat, , [93b395bed6a591a55a8ba169a45d55ab], Trojan.Ransom.Gend, C:\ProgramData\uccfuha.dat, , [f650b49f413a1422d80d0406ba47966a], Trojan.Ransom.Gend, C:\ProgramData\zpnbop.dat, , [6bdbc093582357df35b064a6f50c2dd3], Trojan.Ransom.Gend, C:\ProgramData\hgkmpn.dat, , [a5a17bd894e7e353727311f9699837c9], Trojan.Ransom.Gend, C:\ProgramData\lpxnfzff.dat, , [1a2cb69d4b30a2945a8bae5c0bf69f61], Trojan.Ransom.Gend, C:\ProgramData\wggbaep.dat, , [cf77b79c09724beb776edf2b1be6ec14], Trojan.Ransom.Gend, C:\ProgramData\lrbbjx.dat, , [a6a060f31c5f3df9f4f18288639e639d], Trojan.Ransom.Gend, C:\ProgramData\fmodhpc.dat, , [57ef084b7ffc77bf875e48c2a75a50b0], Trojan.Ransom.Gend, C:\ProgramData\xzeisgli.dat, , [212599ba6912d95d15d0ba50b44dae52], Trojan.Ransom.Gend, C:\ProgramData\efqiij.dat, , [46000f4482f9fd3905e056b4e71a649c], Trojan.Ransom.Gend, C:\ProgramData\mbrdjg.dat, , [ad99cc87b1cafb3bcb1a26e436cb19e7], Trojan.Ransom.Gend, C:\ProgramData\fnrlsb.dat, , [c87e7dd69fdc9a9c02e3a26830d1eb15], Trojan.Ransom.Gend, C:\ProgramData\ahdlkoko.dat, , [ff4711424c2ff2442db87b8ff110d030], Trojan.Ransom.Gend, C:\ProgramData\vqeaan.dat, , [0b3bbe95681384b2af36bc4e5da40ff1], Trojan.Ransom.Gend, C:\ProgramData\onvgsca.dat, , [f056e46fc2b9b6805f8664a6cb36b050], Trojan.Ransom.Gend, C:\ProgramData\mwsnmu.dat, , [b492fb58354620160adb3bcf39c833cd], Trojan.Ransom.Gend, C:\ProgramData\vqwrgk.dat, , [3016ce853f3c0432766f38d25fa232ce], Trojan.Ransom.Gend, C:\ProgramData\uqsoqxe.dat, , [0d3979da95e6989e766fc5459b668977], Trojan.Ransom.Gend, C:\ProgramData\vegxji.dat, , [a1a55003c3b8a6902fb6f812659c7c84], Trojan.Ransom.Gend, C:\ProgramData\abmdlo.dat, , [4ff74a09ef8c71c5a0450a00629f867a], Trojan.Ransom.Gend, C:\ProgramData\yiynci.dat, , [8db9153e23585fd72eb7f218e12028d8], Trojan.Ransom.Gend, C:\ProgramData\sfnfvxyl.dat, , [5fe74013f38861d55b8ac3473fc2a759], Trojan.Ransom.Gend, C:\ProgramData\ivfcxwrf.dat, , [192d5af98bf0b6808a5b3dcd37ca13ed], Trojan.Ransom.Gend, C:\ProgramData\crpwykl.dat, , [76d0064dd6a5a690d312c64459a86a96], Trojan.Ransom.Gend, C:\ProgramData\wlbwyx.dat, , [23239db60a7158defde8f21856abd32d], Trojan.Ransom.Gend, C:\ProgramData\damihrh.dat, , [3c0a381ba1da57dfe40130da010045bb], Trojan.Ransom.Gend, C:\ProgramData\wrocbqvu.dat, , [92b4b49fccaf83b3b92c4fbb31d0837d], Trojan.Ransom.Gend, C:\ProgramData\tldzyol.dat, , [192da3b0fd7e82b41fc67f8b728f49b7], Trojan.Ransom.Gend, C:\ProgramData\lkkdre.dat, , [5ee8c68dd7a46ccae9fc63a7d22f669a], Trojan.Ransom.Gend, C:\ProgramData\oigsjr.dat, , [51f5e3701863053122c3d139867bb54b], Trojan.Ransom.Gend, C:\ProgramData\vujohlcg.dat, , [4501cb88552665d14e97b8521ee347b9], Trojan.Ransom.Gend, C:\ProgramData\aypljo.dat, , [f155d47f8af14ee88d586b9f44bd16ea], Trojan.Ransom.Gend, C:\ProgramData\khfpqx.dat, , [6adc76dd2853f541f3f24ebc09f8817f], Trojan.Ransom.Gend, C:\ProgramData\rfctrv.dat, , [7acc93c02952290d0ed7f31729d8629e], Trojan.Ransom.Gend, C:\ProgramData\qkupvsjd.dat, , [25214d065427c1758b5afe0ca75a0df3], Trojan.Ransom.Gend, C:\ProgramData\hotqrnlp.dat, , [1f27c88b116abf77d80d0406c0419b65], Trojan.Ransom.Gend, C:\ProgramData\nqldnkkp.dat, , [182e2e259ae14beb0cd930da976ab749], Trojan.Ransom.Gend, C:\ProgramData\kdoymazc.dat, , [182e59fa92e99f97e401c446e71a51af], Trojan.Ransom.Gend, C:\ProgramData\itaidt.dat, , [f84e0b4895e687af796c3cce11f0af51], Trojan.Ransom.Gend, C:\ProgramData\rhxkvs.dat, , [b98da7acf08b6acce9fc57b34eb3e11f], Trojan.Ransom.Gend, C:\ProgramData\beplkprz.dat, , [68dec48fdba00f2763826e9c0cf55da3], Trojan.Ransom.Gend, C:\ProgramData\tdacip.dat, , [73d350039dde7cba61840efc54ad46ba], Trojan.Ransom.Gend, C:\ProgramData\wobbxfzr.dat, , [4501b89bbebd57df974e57b35aa72fd1], Trojan.Ransom.Gend, C:\ProgramData\wnrdft.dat, , [a3a391c276056dc95f86779378898e72], Trojan.Ransom.Gend, C:\ProgramData\mdjesz.dat, , [2f17c19232490036faebdc2e24dd26da], Trojan.Ransom.Gend, C:\ProgramData\rshbmrj.dat, , [ec5acb88accfd660a144df2b49b83ec2], Trojan.Ransom.Gend, C:\ProgramData\uvtcoo.dat, , [b39378db6516d5618d586b9fc33efc04], Trojan.Ransom.Gend, C:\ProgramData\cdtsjrv.dat, , [63e382d11e5ddd59af3632d8b54c49b7], Trojan.Ransom.Gend, C:\ProgramData\lihmub.dat, , [4501c58ec2b99c9a6a7b9377c041629e], Trojan.Ransom.Gend, C:\ProgramData\tkygcpd.dat, , [6fd723309edd3cfa5590799125dc926e], Trojan.Ransom.Gend, C:\ProgramData\vyzlvpzl.dat, , [73d3183b6714cc6ab72e7892aa5750b0], Trojan.Ransom.Gend, C:\ProgramData\qokmcg.dat, , [69ddc48fd2a9e74f0ed7898159a87789], Trojan.Ransom.Gend, C:\ProgramData\vedcseu.dat, , [df67b79c007bde58af362ae0a0617e82], Trojan.Ransom.Gend, C:\ProgramData\siutfih.dat, , [bb8bc390314ab87e9a4b7e8cda2704fc], Trojan.Ransom.Gend, C:\ProgramData\ydmgbey.dat, , [c482c68d314ac0767d6846c4c140ad53], Trojan.Ransom.Gend, C:\ProgramData\cegxzj.dat, , [49fdaaa96c0f60d6c124060445bc966a], Trojan.Ransom.Gend, C:\ProgramData\njfcrq.dat, , [7bcbc39015660531a44101094db4936d], Trojan.Ransom.Gend, C:\ProgramData\xufmenec.dat, , [e85eed661269aa8c28bdab5f34cdab55], Trojan.Ransom.Gend, C:\ProgramData\hwfanw.dat, , [82c47fd4037858de1ec719f18c753ec2], Trojan.Ransom.Gend, C:\ProgramData\adhhpn.dat, , [d5710c4784f7f541ca1bb8527c85748c], Trojan.Ransom.Gend, C:\ProgramData\uyocwu.dat, , [024469eab7c460d6776e2ddd41c08080], Trojan.Ransom.Gend, C:\ProgramData\mryuukk.dat, , [370fb49fdc9f1026b233bc4efc0513ed], Trojan.Ransom.Gend, C:\ProgramData\uvnzqhj.dat, , [2323361d98e3b87e588d0505936e52ae], Trojan.Ransom.Gend, C:\ProgramData\nnbbxspl.dat, , [96b0a4af17641e18db0ab05a699807f9], Trojan.Ransom.Gend, C:\ProgramData\qkxuhdp.dat, , [b19569ea2c4f2a0cd70e84866b96fa06], Trojan.Ransom.Gend, C:\ProgramData\lypmlqh.dat, , [c185e46fbdbec3737d6883875ca560a0], Trojan.Ransom.Gend, C:\ProgramData\sicvzq.dat, , [0e380d461b6082b4da0b0505778ae21e], Trojan.Ransom.Gend, C:\ProgramData\kmeewmr.dat, , [70d6ff546b104de9eff623e75fa2f20e], Trojan.Ransom.Gend, C:\ProgramData\zcnrhfuo.dat, , [f74f5af9b4c7bf77f9ec38d208f917e9], Trojan.Ransom.Gend, C:\ProgramData\qaqxvc.dat, , [6dd96ce71d5e5dd98d5834d6ca37c23e], Trojan.Ransom.Gend, C:\ProgramData\xgabzp.dat, , [db6b292aa0db78be0adbd7330100b947], Trojan.Ransom.Gend, C:\ProgramData\tihwmlqv.dat, , [c482ba9942391f17f0f5fd0de8192ed2], Trojan.Ransom.Gend, C:\ProgramData\gvfodygv.dat, , [af9721325f1ce551786dfe0c45bc1ce4], Trojan.Ransom.Gend, C:\ProgramData\imbmwp.dat, , [7ccaf360611abd79974e7892699860a0], Trojan.Ransom.Gend, C:\ProgramData\rlsnho.dat, , [69dd4a0924575adcf1f4f31712eff60a], Trojan.Ransom.Gend, C:\ProgramData\ezcftb.dat, , [bf87ed66de9dfe3894515cae9e63728e], Trojan.Ransom.Gend, C:\ProgramData\dylurqaj.dat, , [d86e252ebbc0a88e766ff416aa5712ee], Trojan.Ransom.Gend, C:\ProgramData\kqxdfq.dat, , [93b38fc480fb082ee00536d417eacf31], Trojan.Ransom.Gend, C:\ProgramData\fwqvrc.dat, , [1e282231d1aa6dc9e6ff79914ab7a45c], Trojan.Ransom.Gend, C:\ProgramData\fiowwzr.dat, , [1d2900530378280e776e3bcf639e07f9], Trojan.Ransom.Gend, C:\ProgramData\mfvufevu.dat, , [0046e56eb2c9fb3bc91c19f1fa074eb2], Trojan.Ransom.Gend, C:\ProgramData\omdvxdb.dat, , [5fe7d1821665a88e5d88fa108a7729d7], Trojan.Ransom.Gend, C:\ProgramData\qtytqd.dat, , [222477dcf18a64d28e57c446b34ea957], Trojan.Ransom.Gend, C:\ProgramData\amlxnde.dat, , [4204c48f96e51f170cd90efc18e949b7], Trojan.Ransom.Gend, C:\ProgramData\pcclyvzp.dat, , [321463f081fa132304e1c04a20e1d030], Trojan.Ransom.Gend, C:\ProgramData\fawvfpyv.dat, , [82c460f3c3b83bfb6a7bb95152afd52b], Trojan.Ransom.Gend, C:\ProgramData\uqnbqis.dat, , [7ccafd564b309d9972733dcdc839a25e], Trojan.Ransom.Gend, C:\ProgramData\zlvmzy.dat, , [fe489cb79fdc3afc42a346c4d42d936d], Trojan.Ransom.Gend, C:\ProgramData\ihmhyrpv.dat, , [50f6f45fceadf244b82d17f32ed3e917], Trojan.Ransom.Gend, C:\ProgramData\uzhvesu.dat, , [84c29cb71e5dcf6703e220eaa65b22de], Trojan.Ransom.Gend, C:\ProgramData\zhiwpw.dat, , [0541252eef8c33037e67fa10758cce32], Trojan.Ransom.Gend, C:\ProgramData\fahaxi.dat, , [49fdcc87bdbe8fa7cc1917f3cd3429d7], Trojan.Ransom.Gend, C:\ProgramData\bxkslz.dat, , [d472371c84f787af598cef1b5ba656aa], Trojan.Ransom.Gend, C:\ProgramData\aufbvo.dat, , [e85e7ad9314aa6900fd615f50ef38878], Trojan.Ransom.Gend, C:\ProgramData\mgpdlkzh.dat, , [5ee8ca890e6d88aefde8f61446bb10f0], Trojan.Ransom.Gend, C:\ProgramData\dekjgi.dat, , [86c079dae992de586d785dadc0418c74], Trojan.Ransom.Gend, C:\ProgramData\putmaj.dat, , [c482f85b5b20f442b035e228ff02a35d], Trojan.Ransom.Gend, C:\ProgramData\tlvfwu.dat, , [b096193a86f5142203e28d7d748de020], Trojan.Ransom.Gend, C:\ProgramData\uazvct.dat, , [b690064da0dba98df0f5a2684ab71fe1], Trojan.Ransom.Gend, C:\ProgramData\rqdvqkh.dat, , [aa9c95be3d3e0c2a5b8a17f3639ec23e], Trojan.Ransom.Gend, C:\ProgramData\hbxpxsoo.dat, , [c97d9cb7f982e254b92c1ded50b1da26], Trojan.Ransom.Gend, C:\ProgramData\subcvsbm.dat, , [a2a45cf72457a2949f46a06aa85903fd], Trojan.Ransom.Gend, C:\ProgramData\yxeyupk.dat, , [9aac2f2409728babfde87f8b23de4cb4], Trojan.Ransom.Gend, C:\ProgramData\bfzejg.dat, , [a6a064ef9be0bd7943a2cc3ea958bc44], Trojan.Ransom.Gend, C:\ProgramData\owdkboi.dat, , [4bfb7ad97efdd36301e487839071a957], Trojan.Ransom.Gend, C:\ProgramData\vmmxmh.dat, , [87bf76dd354668ce7d68709aa859c23e], Trojan.Ransom.Gend, C:\ProgramData\ogfxnm.dat, , [093dc093d1aa989e17cea9613cc5669a], Trojan.Ransom.Gend, C:\ProgramData\wvdlfa.dat, , [02446fe445360432707518f2ab5654ac], Trojan.Ransom.Gend, C:\ProgramData\gwwasg.dat, , [43036be84f2c15215f8665a5f809bb45], Trojan.Ransom.Gend, C:\ProgramData\ykjanwa.dat, , [ec5a510280fbd5616481a664e9186898], Trojan.Ransom.Gend, C:\ProgramData\sdicwmzy.dat, , [1e283d16d2a9fc3a747152b826db738d], Trojan.Ransom.Gend, C:\ProgramData\nohorih.dat, , [69dd9cb78bf0072fb5306d9db34e39c7], Trojan.Ransom.Gend, C:\ProgramData\umfrrpv.dat, , [72d455fe7efdb2840cd932d804fd30d0], Trojan.Ransom.Gend, C:\ProgramData\hfsgxg.dat, , [65e156fd9dde072fa243e9217f82cf31], Trojan.Ransom.Gend, C:\ProgramData\ubzrgwxy.dat, , [8abcfb588feca591e30274962cd5d729], Trojan.Ransom.Gend, C:\ProgramData\gprzsewn.dat, , [53f364ef2c4fff374b9a0a005da417e9], Trojan.Ransom.Gend, C:\ProgramData\jmvwldv.dat, , [2521ef645f1c20165a8b66a48081e917], Trojan.Ransom.Gend, C:\ProgramData\zinvsfpm.dat, , [ae98f55eaecdcc6a667faa6022df1be5], Trojan.Ransom.Gend, C:\ProgramData\hnvkpzi.dat, , [ca7cd47ff38888ae994c5caec839fd03], Trojan.Ransom.Gend, C:\ProgramData\hbjtbs.dat, , [ac9a62f11c5ffd39de0701094cb5af51], Trojan.Ransom.Gend, C:\ProgramData\wdgjsggl.dat, , [a79faaa9abd0ef47f0f5c941c83910f0], Trojan.Ransom.Gend, C:\ProgramData\scbjlmic.dat, , [85c189ca651650e6489d5ab0cb36ad53], Trojan.Ransom.Gend, C:\ProgramData\rhercavv.dat, , [a0a665eeb6c55ed83ea760aaaf5210f0], Trojan.Ransom.Gend, C:\ProgramData\vkoconvv.dat, , [91b5ed66374464d2cc191bef60a13ac6], Trojan.Ransom.Gend, C:\ProgramData\gsvfqcro.dat, , [c482afa425563303bb2ac24844bdf40c], Trojan.Ransom.Gend, C:\ProgramData\harfsd.dat, , [9caa22315f1cca6c757029e104fd40c0], Trojan.Ransom.Gend, C:\ProgramData\hbsoex.dat, , [a4a2b49f2b5082b414d14dbd53aedd23], Trojan.Ransom.Gend, C:\ProgramData\hrrrhc.dat, , [3511b2a1710a3501d312d8320ff2d12f], Trojan.Ransom.Gend, C:\ProgramData\hyulrhk.dat, , [083eb99aee8dcb6bb233f119926f6898], Trojan.Ransom.Gend, C:\ProgramData\iceswu.dat, , [e66088cba2d91d19bd28ff0b010057a9], Trojan.Ransom.Gend, C:\ProgramData\igpblyrm.dat, , [50f6c291accf10265095a66478895ba5], Trojan.Ransom.Gend, C:\ProgramData\spwcdqp.dat, , [e85e72e16219dd597f668a802ad717e9], Trojan.Ransom.Gend, C:\ProgramData\szwukrff.dat, , [62e4f1621a6121153baabc4e41c0966a], Trojan.Ransom.Gend, C:\ProgramData\tbfvazv.dat, , [50f6a7ac2259dd59e104d1391ee30ef2], Trojan.Ransom.Gend, C:\ProgramData\tgilkdn.dat, , [0c3a4112700ba294b82dfd0d4bb6e11f], Trojan.Ransom.Gend, C:\ProgramData\thdnnqcq.dat, , [73d399ba8deeed49f3f2a6649d64f30d], Trojan.Ransom.Gend, C:\ProgramData\thwobxy.dat, , [4303094a0972a69030b5e5250cf5d32d], Trojan.Ransom.Gend, C:\ProgramData\tydakf.dat, , [2a1c7ed5e893af87e6ff1bef21e022de], Trojan.Ransom.Gend, C:\ProgramData\tzozhbfz.dat, , [8abc2231d9a2aa8c7c69e22834cd25db], Trojan.Ransom.Gend, C:\ProgramData\dfeqnw.dat, , [e3634f04691248ee687d2ae0f30efb05], Trojan.Ransom.Gend, C:\ProgramData\dleresaj.dat, , [9da92132c5b6f83ed114a7637f822dd3], Trojan.Ransom.Gend, C:\ProgramData\dremjjk.dat, , [66e063f0c4b79b9be1042fdbb15032ce], Trojan.Ransom.Gend, C:\ProgramData\drzzal.dat, , [7dc97fd4bebd3600ab3a060441c04bb5], Trojan.Ransom.Gend, C:\ProgramData\dzxphpl.dat, , [ea5cc98a9cdfef47d114898115ec6f91], Trojan.Ransom.Gend, C:\ProgramData\egszwoh.dat, , [bd8995be2a510c2a4a9bd634b64b49b7], Trojan.Ransom.Gend, C:\ProgramData\ejbiwesq.dat, , [b294193ab1ca072f875e34d6a160e917], Trojan.Ransom.Gend, C:\ProgramData\ertepuan.dat, , [d47259fac8b3a4928e577199887941bf], Trojan.Ransom.Gend, C:\ProgramData\euzlke.dat, , [a4a2b49fd7a49a9c5392d53519e81be5], Trojan.Ransom.Gend, C:\ProgramData\wenzsbju.dat, , [7bcbdd76afccda5cedf8a1696b96e020], Trojan.Ransom.Gend, C:\ProgramData\wfrrtdsr.dat, , [b195bd96ed8ebc7a3baacf3b7c85966a], Trojan.Ransom.Gend, C:\ProgramData\wiwisxrt.dat, , [0b3b3e1577041d198164818981808779], Trojan.Ransom.Gend, C:\ProgramData\wiypvyb.dat, , [e85e7cd7c2b9112544a16b9fa55c916f], Trojan.Ransom.Gend, C:\ProgramData\wsgzncg.dat, , [b88ee0734d2e61d53baa8f7b22dfc33d], Trojan.Ransom.Gend, C:\ProgramData\xmchpl.dat, , [90b6cf8426555bdbc520040641c0ac54], Trojan.Ransom.Gend, C:\ProgramData\nhwnofcq.dat, , [3c0a7fd4552689adfbea39d157aa7b85], Trojan.Ransom.Gend, C:\ProgramData\nmphbyr.dat, , [71d582d1bdbeda5c4e970cfea9586d93], Trojan.Ransom.Gend, C:\ProgramData\nvfxio.dat, , [6adc73e082f964d2e8fdbc4e649daa56], Trojan.Ransom.Gend, C:\ProgramData\nzflsf.dat, , [6fd7044fd1aa44f29d485cae768b57a9], Trojan.Ransom.Gend, C:\ProgramData\obziksr.dat, , [71d510430f6c88ae707562a8ce337789], Trojan.Ransom.Gend, C:\ProgramData\qkpopckk.dat, , [a2a43f142754b383df061ceea75ab24e], Trojan.Ransom.Gend, C:\ProgramData\quhzafn.dat, , [96b084cfdba0ae880ed713f73fc2f010], Trojan.Ransom.Gend, C:\ProgramData\yfvhfm.dat, , [390df360532892a44b9a7c8ec14021df], Trojan.Ransom.Gend, C:\ProgramData\yrzvxr.dat, , [2026460d4f2c44f26085b75360a1b947], Trojan.Ransom.Gend, C:\ProgramData\ywnkheo.dat, , [163096bdc7b450e6796c080268998e72], Trojan.Ransom.Gend, C:\ProgramData\zgfegdqg.dat, , [281e60f398e3340222c3e426ce33b947], Trojan.Ransom.Gend, C:\ProgramData\zrejjm.dat, , [93b3ee65e19a90a67a6bf119e31e7987], Trojan.Ransom.Gend, C:\ProgramData\zuzfyi.dat, , [2c1a43106912b383a63f6f9bc53c07f9], Trojan.Ransom.Gend, C:\ProgramData\zxefrk.dat, , [2125064d017a73c36481af5b857c8d73], Trojan.Ransom.Gend, C:\ProgramData\zxtvtwty.dat, , [e363e370b8c38babf0f547c3fc05ec14], Trojan.Ransom.Gend, C:\ProgramData\zzbzyul.dat, , [192def64ec8f94a250959872926fb44c], Trojan.Ransom.Gend, C:\ProgramData\klvuob.dat, , [034332210b70ff37a540a466c73a8878], Trojan.Ransom.Gend, C:\ProgramData\kpwvutu.dat, , [1b2bd67d65162214568f5baf50b1946c], Trojan.Ransom.Gend, C:\ProgramData\kpyraqb.dat, , [5fe7eb6884f733038f5659b12bd6c937], Trojan.Ransom.Gend, C:\ProgramData\ktflifov.dat, , [62e461f2abd048ee0cd9907a857c926e], Trojan.Ransom.Gend, C:\ProgramData\laqkgx.dat, , [3610391a4734c175d90ca2689f620df3], Trojan.Ransom.Gend, C:\ProgramData\ldfasox.dat, , [5fe785cebbc087af8b5ad832679ab14f], Trojan.Ransom.Gend, C:\ProgramData\letpsj.dat, , [fa4c0b48cdae37ffebfa4fbb7c856997], Trojan.Ransom.Gend, C:\ProgramData\fagydlc.dat, , [c28471e2047722148e57df2be61b8080], Trojan.Ransom.Gend, C:\ProgramData\fakorh.dat, , [88be1d36c7b448ee3ca97b8f12ef32ce], Trojan.Ransom.Gend, C:\ProgramData\fdhuwn.dat, , [94b28ec5a4d75dd95b8aee1cd1301ce4], Trojan.Ransom.Gend, C:\ProgramData\fkjgwj.dat, , [af970350adcea09644a18d7d827f946c], Trojan.Ransom.Gend, C:\ProgramData\flxght.dat, , [054157fc48339b9b786dc9413dc4956b], Trojan.Ransom.Gend, C:\ProgramData\fnkjwxbo.dat, , [c086ca895c1fd165d60fa961867b18e8], Trojan.Ransom.Gend, C:\ProgramData\gckltq.dat, , [0f377ed562193402588d26e4ca37ce32], Trojan.Ransom.Gend, C:\ProgramData\gijtfje.dat, , [a1a5a5ae2c4fd462c223a36710f125db], Trojan.Ransom.Gend, C:\ProgramData\gnjjqeb.dat, , [420442111764a88e36afb6540bf657a9], Trojan.Ransom.Gend, C:\ProgramData\uqiudqd.dat, , [5bebf85be7942412c61f43c7c33e39c7], Trojan.Ransom.Gend, C:\ProgramData\urvckye.dat, , [5aecf95a6c0fcf6713d27793b34ee41c], Trojan.Ransom.Gend, C:\ProgramData\uvapvvk.dat, , [71d58dc6661594a2d80d42c825dcba46], Trojan.Ransom.Gend, C:\ProgramData\uzttmgz.dat, , [fc4a7bd8a4d7c076578ed7339b66a060], Trojan.Ransom.Gend, C:\ProgramData\vddfnuws.dat, , [65e169ea37444cea17cebd4d48b99967], Trojan.Ransom.Gend, C:\ProgramData\vfgbpojp.dat, , [cb7be46f1764033339aca06a6a9755ab], Trojan.Ransom.Gend, C:\ProgramData\vklvwoo.dat, , [7dc956fd1d5e65d194519179a75a19e7], Trojan.Ransom.Gend, C:\ProgramData\vmlhait.dat, , [d3738bc8374455e1f5f017f34fb228d8], Trojan.Ransom.Gend, C:\ProgramData\aqenejnu.dat, , [3d09ea690b70a096f7ee8288956c6a96], Trojan.Ransom.Gend, C:\ProgramData\awdjro.dat, , [ad99fe550a71df5730b50dfd857c619f], Trojan.Ransom.Gend, C:\ProgramData\bhpfdds.dat, , [cb7b7fd433487abceef7ef1b91709769], Trojan.Ransom.Gend, C:\ProgramData\bidrdk.dat, , [5fe7b99afa81999dca1bda30d130f709], Trojan.Ransom.Gend, C:\ProgramData\bijfzyt.dat, , [68deafa4a7d487af21c40703ad54f907], Trojan.Ransom.Gend, C:\ProgramData\bmhzfgk.dat, , [ad99ec679eddd85e04e1bf4b0bf67b85], Trojan.Ransom.Gend, C:\ProgramData\buwuwp.dat, , [192db69db8c38aacebfafd0d10f1b050], Trojan.Ransom.Gend, C:\ProgramData\bxqmnsk.dat, , [1a2c8fc41c5f37ffc025c54507fac53b], Trojan.Ransom.Gend, C:\ProgramData\bytkom.dat, , [1e2854ffa9d29b9b796c7496768bc23e], Trojan.Ransom.Gend, C:\ProgramData\cikwew.dat, , [e85e7ed52556af8707de63a726db13ed], Trojan.Ransom.Gend, C:\ProgramData\ciypnbnr.dat, , [3e0879dabcbfbd79b530a96130d14ab6], Trojan.Ransom.Gend, C:\ProgramData\czcokulv.dat, , [fc4afb5842395ed864812fdb669b1de3], Trojan.Ransom.Gend, C:\ProgramData\rpscie.dat, , [fe48ec672952d85e2db8cc3ef70a39c7], Trojan.Ransom.Gend, C:\ProgramData\sehdkaz.dat, , [e165c58ef6854ee8f8edcc3e9968c739], Trojan.Ransom.Gend, C:\ProgramData\sgghov.dat, , [2125044f5625bb7b2abbd2388879d52b], Trojan.Ransom.Gend, C:\ProgramData\shtchp.dat, , [f05687cc6f0c16207a6be5250af717e9], Trojan.Ransom.Gend, C:\ProgramData\shzjpp.dat, , [62e460f395e60f27697c7d8da1606f91], Trojan.Ransom.Gend, C:\ProgramData\skmhxcgj.dat, , [47ff8ac95f1cc2744a9b36d446bb48b8], Trojan.Ransom.Gend, C:\ProgramData\ikgqfuqv.dat, , [e85eb1a2fb80b185dd08fc0e8a77b54b], Trojan.Ransom.Gend, C:\ProgramData\ikpihhw.dat, , [f35384cf4239979f489d030731d046ba], Trojan.Ransom.Gend, C:\ProgramData\ixsjsq.dat, , [3610262d98e36bcb5b8a32d853aeb947], Trojan.Ransom.Gend, C:\ProgramData\jeztmmy.dat, , [f55190c3c1baa0966a7b57b304fd1ae6], Trojan.Ransom.Gend, C:\ProgramData\jmsoiz.dat, , [8eb8262d413af14511d4ec1e09f8b050], Trojan.Ransom.Gend, C:\ProgramData\jycrgzh.dat, , [87bf69eac9b24ee8ad38c347cc3545bb], Trojan.Ransom.Gend, C:\ProgramData\jznjvvfl.dat, , [ff47b49f0f6c8da9766f6f9bec156799], Trojan.Ransom.Gend, C:\ProgramData\kbxetf.dat, , [e165fd5632493afc697c6f9b7190bf41], Trojan.Ransom.Gend, C:\ProgramData\kfhjzis.dat, , [4afcb2a14a315ed8ac3979919e63b848], Trojan.Ransom.Gend, C:\ProgramData\kgaueqy.dat, , [d175df74700bba7cd5107397b0511de3], Trojan.Ransom.Gend, C:\ProgramData\owauzawo.dat, , [d76fd97ae3989f9771747496f809a060], Trojan.Ransom.Gend, C:\ProgramData\paleews.dat, , [92b48ac96b10be7812d3e22813eeab55], Trojan.Ransom.Gend, C:\ProgramData\pjbvzuh.dat, , [84c2a5ae8cefa1959154f614629fe818], Trojan.Ransom.Gend, C:\ProgramData\pjcuks.dat, , [94b21d36c2b962d414d16c9e9e639a66], Trojan.Ransom.Gend, C:\ProgramData\poefwvt.dat, , [5cea2d263546df571ec731d9639eb947], Trojan.Ransom.Gend, C:\ProgramData\psdxeirg.dat, , [172fc291f9826dc9598ca26830d18d73], Trojan.Ransom.Gend, C:\ProgramData\ptbrolsf.dat, , [03430e45324993a37f66d3370df427d9], Trojan.Ransom.Gend, C:\ProgramData\pviovjn.dat, , [02442b2898e390a6c5200a007d84a15f], Trojan.Ransom.Gend, C:\ProgramData\pwaopgqf.dat, , [2a1cb49f4c2f47ef28bdc842659cb54b], Trojan.Ransom.Gend, C:\ProgramData\pwnxvmz.dat, , [2f177fd4c3b84fe71bca8a8033cee818], Trojan.Ransom.Gend, C:\ProgramData\vmqmzqac.dat, , [2e18b2a1f18a89adc61fcc3e768bf709], Trojan.Ransom.Gend, C:\ProgramData\vnectpj.dat, , [ad99d67d2754b77f8a5bc24841c007f9], Trojan.Ransom.Gend, C:\ProgramData\vpclmcem.dat, , [c581490a4239300639ac4ebc25dc52ae], Trojan.Ransom.Gend, C:\ProgramData\vrakzya.dat, , [4ef8f95aceadd561d31276940ef3b848], Trojan.Ransom.Gend, C:\ProgramData\vuuvpydi.dat, , [94b27fd40f6cf73fc71ea96132cffe02], Trojan.Ransom.Gend, C:\ProgramData\vwavabdp.dat, , [cb7b4b0895e6f0469055709a6e93ee12], Trojan.Ransom.Gend, C:\ProgramData\wbayytsv.dat, , [ae985ef5d5a6ad8928bdc04af80936ca], Trojan.Ransom.Gend, C:\ProgramData\wcihob.dat, , [7accf75c1d5e0b2b3ea7eb1f6998bd43], Trojan.Ransom.Gend, C:\ProgramData\mdnrphw.dat, , [b492c68dc8b3cb6bcc195cae26dbab55], Trojan.Ransom.Gend, C:\ProgramData\mivcfum.dat, , [4ef80a4978039d99e7fe4bbf689956aa], Trojan.Ransom.Gend, C:\ProgramData\mlnvognl.dat, , [b39385ce8bf074c2d015a169f70ada26], Trojan.Ransom.Gend, C:\ProgramData\myqiyyc.dat, , [a0a6094ae695f343766fa565bf42ef11], Physical Sectors: 0 (No malicious items detected) (end) |
|
20.05.2014, 15:19
| #3 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Hi und
__________________ Zitat:
 Ist das ein gewerblich genutztes System, wenn nicht warum dann bitte ein Enterprise Office? Zitat:
 Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
20.05.2014, 15:26
| #4 |
| | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Hallo Cosinus, besten Dank für Dein Feedback! Ich hab den Laptop vorinstallliert bekommen und gebe zu, die Quellen der Software nicht zu kennen. Was muss ich tun? Beste Grüße |
|
20.05.2014, 15:31
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Wer hat dir das vorinstalliert? Welche Windows-Edition steht auf dem Lizenzkey? Den findest du auf der Unterseite deines Notebooks. U.U. auch nur im Akku-Fach, also am besten Gerät ausschalten und Akku rausnahmen und im Akku-Fach nachsehen solltest du den Windows-Lizenzkey auf der Unterseite so nicht finden können.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.05.2014, 15:38
| #6 |
| | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Das war ein Kumpel von mir, der sich mit Computern zumindest deutlich besser auskennt als ich. Ich möchte ja nur darauf arbeiten. Unten aufm Laptop steht: Windows Vista Bus to Win 7 Pro UPG Media auf einem Aufkleber. Und auf einem anderen Aufkleber steht: Windows Vista Business OEMAct. |
|
20.05.2014, 15:47
| #7 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige AbnormalitätenZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2014, 15:49
| #8 |
| | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Ok, mache ich gerne, denn das brauche ich eigentlich eh nicht. Einfach deinstallieren? Bzw. was deinstallieren? Da sind Flashplayer, Reader, Media Player, Captivate Reviewer etc. drauf! |
|
20.05.2014, 15:51
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Alles deinstallieren was du nicht mehr brauchst und v.a. muss alles runter was illegal ist. Das dürfte sehr wahrscheinlich auch das Enterprise Office sein.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2014, 16:31
| #10 |
| | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Ok, ich habe via Windows Software -Tool alle Adobe-Produkte (bis auf den Reader) deinstalliert. Das Office-Paket ist laut Aussage meiner Freundin eine Corporate Version im Rahmen einer "Volumenlizenz" (oder so ähnlich?!) ihres Arbeitgebers. Da sie den Laptop auch nutzt, würde sie mich killen, wenn ich das Office Paket auch löschen würde ;-) Nachtrag: den Adobe Flash Player habe ich auch noch draufgelassen! |
|
20.05.2014, 22:19
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2014, 23:48
| #12 |
| | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Voila! FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by ***** (administrator) on ***** on 21-05-2014 00:36:33
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
() C:\Windows\System32\DTS.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-20] (Lenovo Group Limited)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-08] (Lenovo.)
HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [709920 2009-08-23] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-23] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [sydausa] => regsvr32.exe "C:\ProgramData\sydausa.dat"
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\MountPoints2: {0d585298-0de9-11e0-a07b-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-24]
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
========================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] (SUPERAntiSpyware.com)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124192 2009-09-04] (Lenovo)
S2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [242976 2009-09-04] (Lenovo)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2009-09-01] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2009-09-01] ()
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
S2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-02-18] (Lenovo Group Limited)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S2 Winmgmt; C:\PROGRA~2\2992199F9A\0216.dll [X]
==================== Drivers (Whitelisted) ====================
R3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5073920 2009-08-24] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5924864 2009-08-24] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-20 12:22 - 2014-05-20 12:22 - 00001024 _____ () C:\.rnd
2014-05-20 10:16 - 2014-05-20 10:16 - 00201727 _____ () C:\Users\*****\Desktop\Trojaner-Board.txt
2014-05-20 09:21 - 2014-05-20 09:25 - 00022595 _____ () C:\Users\*****\Desktop\GMER.log
2014-05-20 08:53 - 2014-05-20 08:53 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-05-20 08:49 - 2014-05-21 00:21 - 00031660 _____ () C:\Users\*****\Desktop\Addition.txt
2014-05-20 08:48 - 2014-05-21 00:36 - 00018188 _____ () C:\Users\*****\Desktop\FRST.txt
2014-05-20 08:48 - 2014-05-21 00:36 - 00000000 ____D () C:\FRST
2014-05-20 08:47 - 2014-05-20 08:47 - 01056768 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-05-20 08:45 - 2014-05-20 09:25 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-05-20 08:45 - 2014-05-20 08:45 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-20 08:27 - 2014-05-20 09:28 - 00024246 _____ () C:\Users\*****\Desktop\AVSCAN-20140520-015400-125F951F.LOG
2014-05-20 00:45 - 2014-05-20 00:45 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-20 00:36 - 2014-05-20 12:22 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-19 23:30 - 2014-05-19 23:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\HiJackThis.exe
2014-05-19 22:45 - 2014-05-19 23:15 - 00000000 ____D () C:\Windows\pss
2014-05-19 21:29 - 2014-05-20 00:04 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-19 21:29 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 21:29 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-19 21:29 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-19 15:51 - 2014-05-19 15:51 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00061440 _____ () C:\Windows\system32\config\SAM.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00028672 _____ () C:\Windows\system32\config\SECURITY.rhk
2014-05-19 15:46 - 2014-05-19 15:51 - 56680448 _____ () C:\Windows\system32\config\SOFTWARE.rhk
2014-05-19 15:29 - 2014-05-19 15:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\Program Files\Wise
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth-Exchange-Ordner
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Broadcom
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\Documents\tradesignal
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\tradesignal
2014-05-16 17:20 - 2014-05-19 14:00 - 00000000 ___HD () C:\Windows\AxInstSV
2014-05-16 15:32 - 2014-05-19 16:01 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 19:31 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DropboxMaster
2014-05-15 10:24 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:24 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:24 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:51 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:51 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:51 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:51 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:51 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:51 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:51 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:51 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 08:51 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:51 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:51 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-06 17:49 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 17:49 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 17:49 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 17:49 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 17:49 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 17:49 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 17:49 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 17:49 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 17:49 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 17:49 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 17:49 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 17:49 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 17:49 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 17:49 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 17:49 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 17:49 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 17:49 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 17:49 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 17:49 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 17:49 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 17:49 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 17:49 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 17:49 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 17:49 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-24 09:07 - 2014-04-24 09:07 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-24 09:07 - 2014-04-24 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 09:07 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-24 09:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-24 09:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-24 09:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
==================== One Month Modified Files and Folders =======
2014-05-21 00:36 - 2014-05-20 08:48 - 00018188 _____ () C:\Users\*****\Desktop\FRST.txt
2014-05-21 00:36 - 2014-05-20 08:48 - 00000000 ____D () C:\FRST
2014-05-21 00:35 - 2010-12-25 18:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-21 00:35 - 2010-12-22 18:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-21 00:33 - 2010-12-25 18:10 - 00000000 ____D () C:\Program Files\Adobe
2014-05-21 00:31 - 2012-04-07 20:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 00:27 - 2010-12-23 13:39 - 00124272 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-21 00:21 - 2014-05-20 08:49 - 00031660 _____ () C:\Users\*****\Desktop\Addition.txt
2014-05-21 00:20 - 2013-07-23 20:41 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job
2014-05-20 23:41 - 2010-12-24 17:51 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 14:18 - 2010-12-22 18:47 - 01120342 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 12:29 - 2009-07-14 06:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 12:29 - 2009-07-14 06:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 12:23 - 2012-08-04 15:32 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-05-20 12:23 - 2012-08-04 15:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-05-20 12:22 - 2014-05-20 12:22 - 00001024 _____ () C:\.rnd
2014-05-20 12:22 - 2014-05-20 00:36 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-20 12:22 - 2013-09-17 12:49 - 00020529 _____ () C:\Windows\setupact.log
2014-05-20 12:22 - 2010-12-24 17:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-20 12:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 10:47 - 2013-07-09 10:34 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-20 10:47 - 2013-07-09 10:34 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-20 10:16 - 2014-05-20 10:16 - 00201727 _____ () C:\Users\*****\Desktop\Trojaner-Board.txt
2014-05-20 09:28 - 2014-05-20 08:27 - 00024246 _____ () C:\Users\*****\Desktop\AVSCAN-20140520-015400-125F951F.LOG
2014-05-20 09:25 - 2014-05-20 09:21 - 00022595 _____ () C:\Users\*****\Desktop\GMER.log
2014-05-20 09:25 - 2014-05-20 08:45 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-05-20 09:20 - 2013-07-23 20:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job
2014-05-20 08:53 - 2014-05-20 08:53 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-05-20 08:47 - 2014-05-20 08:47 - 01056768 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-20 08:45 - 2010-12-23 13:32 - 00000000 ____D () C:\Users\*****
2014-05-20 08:27 - 2010-12-24 18:44 - 00000000 ____D () C:\Users\*****\Salomon
2014-05-20 04:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-20 00:45 - 2014-05-20 00:45 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-20 00:04 - 2014-05-19 21:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 23:30 - 2014-05-19 23:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\HiJackThis.exe
2014-05-19 23:15 - 2014-05-19 22:45 - 00000000 ____D () C:\Windows\pss
2014-05-19 22:09 - 2010-12-22 18:42 - 00094430 _____ () C:\Windows\PFRO.log
2014-05-19 22:09 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-19 16:01 - 2014-05-16 15:32 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-19 15:51 - 2014-05-19 15:51 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00061440 _____ () C:\Windows\system32\config\SAM.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00028672 _____ () C:\Windows\system32\config\SECURITY.rhk
2014-05-19 15:51 - 2014-05-19 15:46 - 56680448 _____ () C:\Windows\system32\config\SOFTWARE.rhk
2014-05-19 15:34 - 2014-05-19 15:29 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\Program Files\Wise
2014-05-19 14:26 - 2010-12-23 13:32 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth-Exchange-Ordner
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Broadcom
2014-05-19 14:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-05-19 14:00 - 2014-05-16 17:20 - 00000000 ___HD () C:\Windows\AxInstSV
2014-05-19 14:00 - 2012-05-25 08:22 - 00000000 ____D () C:\Program Files\Tradesignal Online Chart
2014-05-19 14:00 - 2010-12-25 17:46 - 00000000 ____D () C:\Users\Test
2014-05-19 14:00 - 2010-12-23 03:04 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-19 14:00 - 2009-07-21 13:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-19 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-05-19 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\Documents\tradesignal
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\tradesignal
2014-05-15 20:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 19:31 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DropboxMaster
2014-05-15 19:30 - 2012-08-04 15:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-15 19:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 10:28 - 2013-07-11 23:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 10:26 - 2010-12-24 12:20 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:28 - 2012-04-07 20:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 14:28 - 2011-05-16 07:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 14:28 - 2010-12-24 18:43 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-05-09 17:27 - 2009-07-21 07:30 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-06 05:25 - 2014-05-15 10:24 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 10:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 10:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-24 09:08 - 2013-11-06 09:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-24 09:07 - 2014-04-24 09:07 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-24 09:07 - 2014-04-24 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 09:07 - 2012-02-23 09:27 - 00000000 ____D () C:\Program Files\Java
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0t4crx.dll
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 08:51] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 12:30
==================== End Of Log ============================
--- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by ***** at 2014-05-21 00:36:59
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
ActiveTrader 5.0.0_b15 (HKCU\...\ActiveTrader 5.0.0_b15) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
ATI Catalyst Install Manager (HKLM\...\{10EBB6AD-673B-EE60-7D3D-7C438E5F9BE5}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.641.1-090825m-087782C-Lenovo - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0825.2146.37269 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0825.2146.37269 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Dutch (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help English (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help French (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help German (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Italian (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Japanese (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Korean (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Spanish (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Swedish (Version: 2009.0825.2145.37269 - ATI) Hidden
ccc-core-static (Version: 2009.0825.2146.37269 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0825.2146.37269 - ATI) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Privatanwender 12.2.2.6665p) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
Eraser 6.0.8.2273 (HKLM\...\{392A74D0-4DFE-49F7-87C3-8A61708F8856}) (Version: 6.0.2273 - The Eraser Project)
Free Fire Screensaver (HKLM\...\Free Fire Screensaver) (Version: - Laconic Software)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Integrated Camera Driver Installer Package Ver.1.27.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.27.500.0 - RICOH)
Integrated Camera TWAIN (HKLM\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.7.331 - Chicony Electronics Co.,Ltd.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Lenovo Fingerprint Software (HKLM\...\{2D440AF4-7330-43F0-A085-35DE1A90E703}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.13 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.018.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Search Enhancement Pack (Version: 1.2.121.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mobile Broadband Connect (HKLM\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business Edition (Version: 10.3.081 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Skype™ 6.10 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0046 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.40 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
Tradesignal Online Chart (HKLM\...\{2735AEFA-57A5-44AD-81B6-BE30CA07C066}) (Version: 6.3.7.117 - Tradesignal GmbH)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Live Anmelde-Assistent (HKLM\...\{B5BCBD49-202F-4238-8398-D83D423A48B4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Toolbar (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows-Treiberpaket - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0) (HKLM\...\E59560E2F5B162D40255FCD327ACA5E989D995D2) (Version: 07/08/2009 1.27.500.0 - Ricoh)
Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc (06/25/2009 6.10.01.03) (HKLM\...\D91056A9B3130B90EC1BB37F232FA5C4D61DF66F) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company (rismxdp) hdc (06/25/2009 6.10.01.04) (HKLM\...\414685941AB074B2478B18498E0CCA85F81CCBE6) (Version: 06/25/2009 6.10.01.04 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company MMC Host Controller (06/25/2009 6.10.01.03) (HKLM\...\6F84AC23718E31DE66E2EBEDAE047257F4E785D0) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Wise Registry Cleaner 8.11 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.11 - WiseCleaner.com, Inc.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2011-06-05 13:28 - 00000854 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {0DEE7595-F069-449D-B9C9-FC3C78F2B6DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {36991A1E-6A6C-487A-8A5D-8B38DB72BB0D} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
Task: {3CFBA15D-48A7-4242-8658-D2779DA6F044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {5245162F-8F9D-42AD-A58A-C31EE8FEE18E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {6AF8D474-2932-4846-9749-69375C8508E5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-08-26] (PC-Doctor, Inc.)
Task: {6B4630C1-04C0-40E6-A068-29B93D900C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {96BA89CD-37E1-4951-8F32-BA6A465FE18F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {97901924-BA6B-4546-894C-D4FBDE36A724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {97AC3792-9BD1-45B3-A57F-6EF4DB6B4447} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {B96F4CCE-CE64-4CAD-B9AE-269275568224} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D5B4032B-7340-4B43-893C-B753E7A189F5} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {EF3D195A-B55E-4A5B-8E41-E27B949690AC} - System32\Tasks\{49C7F31D-7E66-4DDB-A4B5-F1BF4327AFC7} => C:\Program Files\Skype\\Phone\Skype.exe [2013-10-21] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe
==================== Loaded Modules (whitelisted) =============
2009-09-01 00:32 - 2009-09-01 00:32 - 00098304 ____N () C:\Windows\system32\DTS.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-22 18:42 - 2009-08-23 20:04 - 00037888 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-05-20 12:23 - 2014-05-20 12:23 - 00041984 _____ () C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0t4crx.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00065352 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00674632 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00093000 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 04081480 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00390472 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 01647432 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 13695816 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk => C:\Windows\pss\RCIMGDIR.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6120.lnk => C:\Windows\pss\6120.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aj7zfy.lnk => C:\Windows\pss\aj7zfy.lnk.Startup
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/20/2014 01:46:47 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/20/2014 01:44:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/19/2014 03:54:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1440
Startzeit: 01cf7369906005d8
Endzeit: 5
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 03:28:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5e98
Startzeit: 01cf73660a83ef3b
Endzeit: 0
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 03:05:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1370
Startzeit: 01cf7362956681bb
Endzeit: 16
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 03:01:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1ca0
Startzeit: 01cf736206978372
Endzeit: 15
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 02:53:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2c14
Startzeit: 01cf736124bfad37
Endzeit: 16
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 02:51:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2610
Startzeit: 01cf736090a0f84c
Endzeit: 15
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 02:45:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1064
Startzeit: 01cf73601f47ebad
Endzeit: 15
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
Error: (05/19/2014 02:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1c88
Startzeit: 01cf735f2656b684
Endzeit: 32
Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe
Berichts-ID:
System errors:
=============
Error: (05/21/2014 00:39:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/21/2014 00:38:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/21/2014 00:37:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/21/2014 00:37:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/21/2014 00:36:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/21/2014 00:28:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/21/2014 00:26:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/21/2014 00:23:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/21/2014 00:04:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/21/2014 00:03:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
Error: (12/10/2013 10:04:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 283 seconds with 180 seconds of active time. This session ended with a crash.
Error: (10/30/2013 03:35:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 138 seconds with 120 seconds of active time. This session ended with a crash.
Error: (10/30/2013 03:32:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/30/2013 03:30:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21691 seconds with 2880 seconds of active time. This session ended with a crash.
Error: (02/11/2013 11:50:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4233 seconds with 2520 seconds of active time. This session ended with a crash.
Error: (05/24/2012 06:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1365 seconds with 420 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 59%
Total physical RAM: 2520.03 MB
Available physical RAM: 1020.09 MB
Total Pagefile: 5038.34 MB
Available Pagefile: 3066.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:129.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 504A2363)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von Munich089 (20.05.2014 um 23:58 Uhr) |
|
21.05.2014, 00:28
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2014, 08:00
| #14 |
| | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten da ist das Ding! Auffälligkeit: das Avira-Logo erscheint nicht mehr rechts unten in der Icon-Leiste. Ich hatte den Dienst ja deaktiviert. Das Wartungscenter kommt mit der Meldung ich soll Avira wieder aktivieren. Wenn ich auf die Meldung clicke und Avira bestätige, tut sich allerdings nichts. Wenn ich jedoch über Start/Programme/Avira das Programm öffne, heißt es jedoch der Schutz (Echtzeit + Browser) ist aktiviert, obwohl ich diesen noch nicht wieder aktiviert hatte. Ist das so OK bzw. taucht das Icon irgendwann wieder auf? Code:
ATTFilter ComboFix 14-05-19.01 - Markus Schwarz 21.05.2014 8:24.1.2 - x86
ausgeführt von:: c:\users\Markus Schwarz\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CBED\CBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CBED\CBE\ACTIVATION_104\BIN\_desktop.ini
c:\windows\Readme.txt
c:\windows\ru.exe
c:\windows\system32\SET903D.tmp
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-21 bis 2014-05-21 ))))))))))))))))))))))))))))))
.
.
2014-05-21 06:35 . 2014-05-21 06:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-21 05:25 . 2014-04-17 03:32 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{624F5FB2-45AD-4393-8F48-AF120457FF95}\mpengine.dll
2014-05-20 06:48 . 2014-05-20 22:40 -------- d-----w- C:\FRST
2014-05-19 22:45 . 2014-05-19 22:45 -------- d-----w- c:\users\Markus Schwarz\AppData\Roaming\SUPERAntiSpyware.com
2014-05-19 22:45 . 2014-05-19 22:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-05-19 22:45 . 2014-05-19 22:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-05-19 19:29 . 2014-05-19 22:04 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-19 19:29 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-19 19:29 . 2014-04-03 07:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-19 19:29 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-19 19:29 . 2014-05-19 19:29 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2014-05-19 19:29 . 2014-05-19 19:29 -------- d-----w- c:\programdata\Malwarebytes
2014-05-19 13:29 . 2014-05-19 13:34 -------- d-----w- c:\users\Markus Schwarz\AppData\Roaming\Wise Registry Cleaner
2014-05-19 13:29 . 2014-05-19 13:29 -------- d-----w- c:\program files\Wise
2014-05-19 12:09 . 2014-05-19 12:09 -------- d-----w- c:\users\Markus Schwarz\AppData\Local\Broadcom
2014-05-16 15:23 . 2014-05-16 15:23 -------- d-----w- c:\users\Markus Schwarz\AppData\Roaming\tradesignal
2014-05-16 15:20 . 2014-05-19 12:00 -------- d--h--w- c:\windows\AxInstSV
2014-05-16 13:32 . 2014-05-19 14:01 -------- d-----w- c:\programdata\2992199F9A
2014-05-15 17:31 . 2014-05-15 17:31 -------- d-----w- c:\users\Markus Schwarz\AppData\Roaming\DropboxMaster
2014-05-15 08:24 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-07 15:05 . 2014-05-07 15:05 -------- d-sh--w- c:\users\Markus Schwarz\AppData\Local\EmieUserList
2014-05-07 15:05 . 2014-05-07 15:05 -------- d-sh--w- c:\users\Markus Schwarz\AppData\Local\EmieSiteList
2014-04-24 07:07 . 2014-04-14 18:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-20 08:47 . 2013-07-09 08:34 93528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-20 08:47 . 2013-07-09 08:34 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-14 12:28 . 2012-04-07 18:18 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 12:28 . 2011-05-16 05:48 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 07:35 . 2010-12-23 19:25 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-24 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-24 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-05-20 737872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
c:\users\Markus Schwarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Markus Schwarz\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk
backup=c:\windows\pss\RCIMGDIR.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Markus Schwarz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6120.lnk]
path=c:\users\Markus Schwarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6120.lnk
backup=c:\windows\pss\6120.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Markus Schwarz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aj7zfy.lnk]
path=c:\users\Markus Schwarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aj7zfy.lnk
backup=c:\windows\pss\aj7zfy.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware]
c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-27 21:09 49976 ------w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-08-31 106496]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-08-18 20848]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-25 37352]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-05-20 430160]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-05-20 1039440]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-08-31 1692920]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-08-31 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-08-04 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2009-07-08 72320]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-08-24 5924864]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-13 4231680]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:28]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 15:51]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 15:51]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job
- c:\users\Markus Schwarz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23 18:41]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job
- c:\users\Markus Schwarz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23 18:41]
.
2014-03-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-08-25 23:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-sydausa - c:\programdata\sydausa.dat
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4064)
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-21 08:44:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-21 06:44
.
Vor Suchlauf: 13 Verzeichnis(se), 141.769.973.760 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 142.865.412.096 Bytes frei
.
- - End Of File - - A1D8E72054BB7E6AC6D80AB7655A6563
FB04B46BFD351D0484624D390F1BA191
Geändert von Munich089 (21.05.2014 um 08:08 Uhr) |
|
21.05.2014, 11:39
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten Mach dir mal wegen Avira nicht ins Hemd, das Teil ist eh fast unbrauchbar und wird von uns schon lange nicht mehr empfohlen. Deinstalliere Avira einfach, wenn wir hier durch sind kannst du dich um einen Ersatz kümmern. Wenn Avira weg ist machst du so weiter: Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten |
| association, ausgelastet, bonjour, branding, dringend, fehler beim laden des moduls, festplatte, flash player, hdd0(c:, highjackthis, hijack, hijackthis, homepage, pup.optional.1clickdownload.a, pup.optional.softonic.a, server, super, svchost.exe, trojan.ransom.gend, vista, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
